insforge 1.3.0 → 1.4.8

package/backend/src/api/routes/deployments/index.routes.ts

@@ -0,0 +1,192 @@
+import { Router, Response, NextFunction } from 'express';
+import { DeploymentService } from '@/services/deployments/deployment.service.js';
+import { verifyAdmin, AuthRequest } from '@/api/middlewares/auth.js';
+import { AuditService } from '@/services/logs/audit.service.js';
+import { AppError } from '@/api/middlewares/error.js';
+import { ERROR_CODES } from '@/types/error-constants.js';
+import { successResponse, paginatedResponse } from '@/utils/response.js';
+import { startDeploymentRequestSchema } from '@insforge/shared-schemas';
+
+const router = Router();
+const deploymentService = DeploymentService.getInstance();
+const auditService = AuditService.getInstance();
+
+/**
+ * Create a new deployment record with WAITING status
+ * Returns presigned URL for uploading source zip file
+ * POST /api/deployments
+ */
+router.post('/', verifyAdmin, async (req: AuthRequest, res: Response, next: NextFunction) => {
+  try {
+    // Check if deployment service is configured
+    if (!deploymentService.isConfigured()) {
+      throw new AppError(
+        'Deployment service is not configured. Please set VERCEL_TOKEN, VERCEL_TEAM_ID, and VERCEL_PROJECT_ID environment variables.',
+        503,
+        ERROR_CODES.INTERNAL_ERROR
+      );
+    }
+
+    const response = await deploymentService.createDeployment();
+
+    // Log audit
+    await auditService.log({
+      actor: req.user?.email || 'api-key',
+      action: 'CREATE_DEPLOYMENT',
+      module: 'DEPLOYMENTS',
+      details: { id: response.id },
+      ip_address: req.ip,
+    });
+
+    successResponse(res, response, 201);
+  } catch (error) {
+    next(error);
+  }
+});
+
+/**
+ * Start a deployment - downloads zip from S3, uploads to Vercel, creates deployment
+ * POST /api/deployments/:id/start
+ */
+router.post(
+  '/:id/start',
+  verifyAdmin,
+  async (req: AuthRequest, res: Response, next: NextFunction) => {
+    try {
+      // Check if deployment service is configured
+      if (!deploymentService.isConfigured()) {
+        throw new AppError(
+          'Deployment service is not configured. Please set VERCEL_TOKEN, VERCEL_TEAM_ID, and VERCEL_PROJECT_ID environment variables.',
+          503,
+          ERROR_CODES.INTERNAL_ERROR
+        );
+      }
+
+      const { id } = req.params;
+
+      const validationResult = startDeploymentRequestSchema.safeParse(req.body);
+      if (!validationResult.success) {
+        throw new AppError(
+          validationResult.error.issues.map((e) => `${e.path.join('.')}: ${e.message}`).join(', '),
+          400,
+          ERROR_CODES.INVALID_INPUT
+        );
+      }
+
+      const deployment = await deploymentService.startDeployment(id, validationResult.data);
+
+      // Log audit
+      await auditService.log({
+        actor: req.user?.email || 'api-key',
+        action: 'START_DEPLOYMENT',
+        module: 'DEPLOYMENTS',
+        details: {
+          id: deployment.id,
+          providerDeploymentId: deployment.providerDeploymentId,
+          provider: deployment.provider,
+          status: deployment.status,
+        },
+        ip_address: req.ip,
+      });
+
+      successResponse(res, deployment);
+    } catch (error) {
+      next(error);
+    }
+  }
+);
+
+/**
+ * List all deployments
+ * GET /api/deployments
+ */
+router.get('/', verifyAdmin, async (req: AuthRequest, res: Response, next: NextFunction) => {
+  try {
+    const limit = parseInt(req.query.limit as string) || 50;
+    const offset = parseInt(req.query.offset as string) || 0;
+
+    const { deployments, total } = await deploymentService.listDeployments(limit, offset);
+
+    paginatedResponse(res, deployments, total, offset);
+  } catch (error) {
+    next(error);
+  }
+});
+
+/**
+ * Get deployment by database ID
+ * GET /api/deployments/:id
+ */
+router.get('/:id', verifyAdmin, async (req: AuthRequest, res: Response, next: NextFunction) => {
+  try {
+    const { id } = req.params;
+
+    const deployment = await deploymentService.getDeploymentById(id);
+
+    if (!deployment) {
+      throw new AppError(`Deployment not found: ${id}`, 404, ERROR_CODES.NOT_FOUND);
+    }
+
+    successResponse(res, deployment);
+  } catch (error) {
+    next(error);
+  }
+});
+
+/**
+ * Sync deployment status from Vercel and update database
+ * POST /api/deployments/:id/sync
+ */
+router.post(
+  '/:id/sync',
+  verifyAdmin,
+  async (req: AuthRequest, res: Response, next: NextFunction) => {
+    try {
+      const { id } = req.params;
+
+      const deployment = await deploymentService.syncDeploymentById(id);
+
+      if (!deployment) {
+        throw new AppError(`Deployment not found: ${id}`, 404, ERROR_CODES.NOT_FOUND);
+      }
+
+      successResponse(res, deployment);
+    } catch (error) {
+      next(error);
+    }
+  }
+);
+
+/**
+ * Cancel a deployment
+ * POST /api/deployments/:id/cancel
+ */
+router.post(
+  '/:id/cancel',
+  verifyAdmin,
+  async (req: AuthRequest, res: Response, next: NextFunction) => {
+    try {
+      const { id } = req.params;
+
+      await deploymentService.cancelDeploymentById(id);
+
+      // Log audit
+      await auditService.log({
+        actor: req.user?.email || 'api-key',
+        action: 'CANCEL_DEPLOYMENT',
+        module: 'DEPLOYMENTS',
+        details: { id },
+        ip_address: req.ip,
+      });
+
+      successResponse(res, {
+        success: true,
+        message: `Deployment ${id} has been cancelled`,
+      });
+    } catch (error) {
+      next(error);
+    }
+  }
+);
+
+export { router as deploymentsRouter };

package/backend/src/api/routes/docs/index.routes.ts

@@ -16,15 +16,16 @@ const router = Router();
 const DOCS_MAP: Record<DocTypeSchema, string> = {
   instructions: 'insforge-instructions-sdk.md',
   'db-sdk': 'core-concepts/database/sdk.mdx',
-  // 'auth-sdk': 'core-concepts/authentication/sdk.mdx',
+  'auth-sdk': 'core-concepts/authentication/sdk.mdx',
   // UI Components - Framework-specific
   'auth-components-react': 'core-concepts/authentication/ui-components/react.mdx',
-  // 'auth-components-nextjs': 'core-concepts/authentication/ui-components/nextjs.mdx',
+  'auth-components-nextjs': 'core-concepts/authentication/ui-components/nextjs.mdx',
   // 'auth-components-react-router': 'core-concepts/authentication/ui-components/react-router.mdx',
   'storage-sdk': 'core-concepts/storage/sdk.mdx',
   'functions-sdk': 'core-concepts/functions/sdk.mdx',
   'ai-integration-sdk': 'core-concepts/ai/sdk.mdx',
   'real-time': 'agent-docs/real-time.md',
+  'deployment': 'agent-docs/deployment.md',
 };
 
 // GET /api/docs/:docType - Get specific documentation

package/backend/src/api/routes/email/index.routes.ts

@@ -1,35 +1,35 @@
-import { Router, Response, NextFunction } from 'express';
-import { AuthRequest, verifyUser } from '@/api/middlewares/auth.js';
-import { EmailService } from '@/services/email/email.service.js';
-import { AppError } from '@/api/middlewares/error.js';
-import { ERROR_CODES } from '@/types/error-constants.js';
-import { sendRawEmailRequestSchema } from '@insforge/shared-schemas';
-import { successResponse } from '@/utils/response.js';
-
-const router = Router();
-const emailService = EmailService.getInstance();
-
-/**
- * POST /api/email/send-raw
- * Send a raw/custom email with explicit to, subject, and body
- */
-router.post(
-  '/send-raw',
-  verifyUser,
-  async (req: AuthRequest, res: Response, next: NextFunction) => {
-    try {
-      const validation = sendRawEmailRequestSchema.safeParse(req.body);
-      if (!validation.success) {
-        throw new AppError(JSON.stringify(validation.error.issues), 400, ERROR_CODES.INVALID_INPUT);
-      }
-
-      await emailService.sendRaw(validation.data);
-
-      successResponse(res, {});
-    } catch (error) {
-      next(error);
-    }
-  }
-);
-
-export const emailRouter = router;
+import { Router, Response, NextFunction } from 'express';
+import { AuthRequest, verifyUser } from '@/api/middlewares/auth.js';
+import { EmailService } from '@/services/email/email.service.js';
+import { AppError } from '@/api/middlewares/error.js';
+import { ERROR_CODES } from '@/types/error-constants.js';
+import { sendRawEmailRequestSchema } from '@insforge/shared-schemas';
+import { successResponse } from '@/utils/response.js';
+
+const router = Router();
+const emailService = EmailService.getInstance();
+
+/**
+ * POST /api/email/send-raw
+ * Send a raw/custom email with explicit to, subject, and body
+ */
+router.post(
+  '/send-raw',
+  verifyUser,
+  async (req: AuthRequest, res: Response, next: NextFunction) => {
+    try {
+      const validation = sendRawEmailRequestSchema.safeParse(req.body);
+      if (!validation.success) {
+        throw new AppError(JSON.stringify(validation.error.issues), 400, ERROR_CODES.INVALID_INPUT);
+      }
+
+      await emailService.sendRaw(validation.data);
+
+      successResponse(res, {});
+    } catch (error) {
+      next(error);
+    }
+  }
+);
+
+export const emailRouter = router;

package/backend/src/api/routes/functions/index.routes.ts

@@ -5,7 +5,7 @@ import { AuditService } from '@/services/logs/audit.service.js';
 import { AppError } from '@/api/middlewares/error.js';
 import { ERROR_CODES } from '@/types/error-constants.js';
 import logger from '@/utils/logger.js';
-import { functionUploadRequestSchema, functionUpdateRequestSchema } from '@insforge/shared-schemas';
+import { uploadFunctionRequestSchema, updateFunctionRequestSchema } from '@insforge/shared-schemas';
 import { SocketManager } from '@/infra/socket/socket.manager.js';
 import { DataUpdateResourceType, ServerEvents } from '@/types/socket.js';
 import { successResponse } from '@/utils/response.js';
@@ -53,7 +53,7 @@ router.get('/:slug', verifyAdmin, async (req: AuthRequest, res: Response, next:
  */
 router.post('/', verifyAdmin, async (req: AuthRequest, res: Response, next: NextFunction) => {
   try {
-    const validation = functionUploadRequestSchema.safeParse(req.body);
+    const validation = uploadFunctionRequestSchema.safeParse(req.body);
     if (!validation.success) {
       throw new AppError(JSON.stringify(validation.error.issues), 400, ERROR_CODES.INVALID_INPUT);
     }
@@ -103,7 +103,7 @@ router.post('/', verifyAdmin, async (req: AuthRequest, res: Response, next: Next
 router.put('/:slug', verifyAdmin, async (req: AuthRequest, res: Response, next: NextFunction) => {
   try {
     const { slug } = req.params;
-    const validation = functionUpdateRequestSchema.safeParse(req.body);
+    const validation = updateFunctionRequestSchema.safeParse(req.body);
 
     if (!validation.success) {
       throw new AppError(JSON.stringify(validation.error.issues), 400, ERROR_CODES.INVALID_INPUT);

package/backend/src/api/routes/metadata/index.routes.ts

@@ -12,6 +12,7 @@ import { AppError } from '@/api/middlewares/error.js';
 import type { AppMetadataSchema } from '@insforge/shared-schemas';
 import { SecretService } from '@/services/secrets/secret.service.js';
 import { DatabaseManager } from '@/infra/database/database.manager.js';
+import { CloudDatabaseProvider } from '@/providers/database/cloud.provider.js';
 
 const router = Router();
 const authService = AuthService.getInstance();
@@ -128,6 +129,31 @@ router.get('/api-key', async (req: AuthRequest, res: Response, next: NextFunctio
   }
 });
 
+// Get database connection string from cloud backend (admin only)
+router.get(
+  '/database-connection-string',
+  async (_req: AuthRequest, res: Response, next: NextFunction) => {
+    try {
+      const cloudDbProvider = CloudDatabaseProvider.getInstance();
+      const connectionInfo = await cloudDbProvider.getDatabaseConnectionString();
+      successResponse(res, connectionInfo);
+    } catch (error) {
+      next(error);
+    }
+  }
+);
+
+// Get database password from cloud backend (admin only)
+router.get('/database-password', async (_req: AuthRequest, res: Response, next: NextFunction) => {
+  try {
+    const cloudDbProvider = CloudDatabaseProvider.getInstance();
+    const passwordInfo = await cloudDbProvider.getDatabasePassword();
+    successResponse(res, passwordInfo);
+  } catch (error) {
+    next(error);
+  }
+});
+
 // get metadata for a table.
 // Notice: must be after endpoint /api-key in case of conflict.
 router.get('/:tableName', async (req: AuthRequest, res: Response, next: NextFunction) => {

package/backend/src/api/routes/webhooks/index.routes.ts

@@ -0,0 +1,109 @@
+import crypto from 'crypto';
+import { Router, Request, Response, NextFunction } from 'express';
+import { DeploymentService } from '@/services/deployments/deployment.service.js';
+import { SecretService } from '@/services/secrets/secret.service.js';
+import { AppError } from '@/api/middlewares/error.js';
+import { ERROR_CODES } from '@/types/error-constants.js';
+import {
+  VERCEL_EVENT_TO_STATUS,
+  type VercelWebhookPayload,
+  type VercelDeploymentEventType,
+} from '@/types/webhooks.js';
+import logger from '@/utils/logger.js';
+
+const router = Router();
+const deploymentService = DeploymentService.getInstance();
+const secretService = SecretService.getInstance();
+
+/**
+ * Vercel webhook endpoint
+ * POST /api/webhooks/vercel
+ *
+ * Receives deployment events from Vercel and updates the database accordingly.
+ * Verifies the request using HMAC-SHA1 signature in x-vercel-signature header.
+ */
+router.post('/vercel', async (req: Request, res: Response, next: NextFunction) => {
+  try {
+    const signature = req.headers['x-vercel-signature'] as string | undefined;
+
+    if (!signature) {
+      throw new AppError('Missing x-vercel-signature header', 401, ERROR_CODES.AUTH_UNAUTHORIZED);
+    }
+
+    // Get the webhook secret from secrets service
+    const webhookSecret = await secretService.getSecretByKey('VERCEL_WEBHOOK_SECRET');
+
+    if (!webhookSecret) {
+      logger.error('VERCEL_WEBHOOK_SECRET not found in secrets');
+      throw new AppError('Webhook not configured', 500, ERROR_CODES.INTERNAL_ERROR);
+    }
+
+    // req.body is raw Buffer (express.raw middleware applied in server.ts)
+    const rawBody = req.body as Buffer;
+
+    // Verify the signature using HMAC-SHA1 on original bytes
+    const expectedSignature = crypto
+      .createHmac('sha1', webhookSecret)
+      .update(rawBody)
+      .digest('hex');
+
+    // Use timing-safe comparison to prevent timing attacks
+    const signatureBuffer = Buffer.from(signature);
+    const expectedBuffer = Buffer.from(expectedSignature);
+
+    if (
+      signatureBuffer.length !== expectedBuffer.length ||
+      !crypto.timingSafeEqual(signatureBuffer, expectedBuffer)
+    ) {
+      logger.warn('Invalid Vercel webhook signature');
+      throw new AppError('Invalid signature', 401, ERROR_CODES.AUTH_UNAUTHORIZED);
+    }
+
+    // Parse the webhook payload after signature verification
+    const webhookPayload = JSON.parse(rawBody.toString()) as VercelWebhookPayload;
+    const eventType = webhookPayload.type;
+
+    // Check if this is a deployment event we handle
+    if (!(eventType in VERCEL_EVENT_TO_STATUS)) {
+      logger.info('Ignoring unhandled Vercel webhook event', { eventType });
+      return res.status(200).json({ received: true, handled: false });
+    }
+
+    const status = VERCEL_EVENT_TO_STATUS[eventType as VercelDeploymentEventType];
+    const deploymentId = webhookPayload.payload.deployment.id;
+    const url = webhookPayload.payload.deployment.url
+      ? `https://${webhookPayload.payload.deployment.url}`
+      : null;
+
+    // Update the deployment in our database
+    const deployment = await deploymentService.updateDeploymentFromWebhook(
+      deploymentId,
+      status,
+      url,
+      {
+        webhookEventId: webhookPayload.id,
+        webhookEventType: eventType,
+        target: webhookPayload.payload.target,
+        projectId: webhookPayload.payload.project?.id,
+      }
+    );
+
+    if (!deployment) {
+      // Deployment not found in our database - this is ok, might be from another source
+      logger.info('Deployment not found for webhook, ignoring', { deploymentId });
+      return res.status(200).json({ received: true, handled: false });
+    }
+
+    logger.info('Vercel webhook processed successfully', {
+      eventType,
+      deploymentId,
+      status,
+    });
+
+    res.status(200).json({ received: true, handled: true });
+  } catch (error) {
+    next(error);
+  }
+});
+
+export { router as webhooksRouter };

package/backend/src/infra/database/database.manager.ts

@@ -37,14 +37,6 @@ export class DatabaseManager {
       idleTimeoutMillis: 30000,
       connectionTimeoutMillis: 2000,
     });
-
-    const client = await this.pool.connect();
-    await client.query('BEGIN');
-
-    // Note: Schema migrations are now handled by node-pg-migrate
-    // Run: npm run migrate:up
-
-    await client.query('COMMIT');
   }
 
   static async getColumnTypeMap(tableName: string): Promise<Record<string, string>> {
@@ -74,7 +66,6 @@ export class DatabaseManager {
           FROM information_schema.tables
           WHERE table_schema = 'public'
           AND table_type = 'BASE TABLE'
-          AND (table_name NOT LIKE '\\_%')
           ORDER BY table_name
         `
       );
@@ -100,7 +91,6 @@ export class DatabaseManager {
               FROM information_schema.tables
               WHERE table_schema = 'public'
               AND table_type = 'BASE TABLE'
-              AND (table_name NOT LIKE '\\_%')
               ORDER BY table_name
             `
             );