llmapi-v2 2.1.0

package/dist/index.js

@@ -0,0 +1,233 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const path_1 = __importDefault(require("path"));
+const express_1 = __importDefault(require("express"));
+const cors_1 = __importDefault(require("cors"));
+const helmet_1 = __importDefault(require("helmet"));
+const config_1 = require("./config");
+const database_1 = require("./services/database");
+const registry_1 = require("./providers/registry");
+const health_checker_1 = require("./services/health-checker");
+const session_auth_1 = require("./middleware/session-auth");
+const mailer_1 = require("./services/mailer");
+const alipay_1 = require("./services/alipay");
+const messages_1 = require("./routes/messages");
+const models_1 = require("./routes/models");
+const auth_1 = require("./routes/auth");
+const dashboard_1 = require("./routes/dashboard");
+const admin_1 = require("./routes/admin");
+const payment_1 = require("./routes/payment");
+const blog_1 = require("./routes/blog");
+const sitemap_1 = require("./routes/sitemap");
+const remote_ws_1 = require("./services/remote-ws");
+const request_logger_1 = require("./middleware/request-logger");
+const metrics_1 = require("./services/metrics");
+const logger_1 = require("./utils/logger");
+const app = (0, express_1.default)();
+const config = (0, config_1.loadConfig)();
+// View engine
+app.set('view engine', 'ejs');
+app.set('views', path_1.default.join(__dirname, '..', 'views'));
+// Middleware
+app.use((0, helmet_1.default)({ contentSecurityPolicy: false }));
+app.use((0, cors_1.default)());
+app.use(express_1.default.json({ limit: '10mb' }));
+app.use(express_1.default.urlencoded({ extended: true }));
+app.use(session_auth_1.cookieParser);
+app.use(express_1.default.static(path_1.default.join(__dirname, '..', 'public')));
+// Request logging
+app.use(request_logger_1.requestLogger);
+// Graceful handling of streaming disconnects
+app.use((req, res, next) => {
+    res.on('error', (err) => {
+        if (['ERR_STREAM_WRITE_AFTER_END', 'EPIPE', 'ECONNRESET'].includes(err.code || '')) {
+            return;
+        }
+        logger_1.logger.error({ err }, 'Response stream error');
+    });
+    next();
+});
+// Inject viewUser for page rendering (non-blocking)
+app.use(session_auth_1.optionalAuth);
+// ---- API Routes ----
+app.use('/v1', messages_1.messagesRouter);
+app.use('/v1', models_1.modelsRouter);
+app.use('/api/auth', (0, auth_1.createAuthRouter)(config.jwtSecret));
+app.use('/api/dashboard', dashboard_1.dashboardRouter);
+app.use('/api/admin', admin_1.adminRouter);
+app.use('/api/payment', payment_1.paymentRouter);
+app.use(blog_1.blogRouter);
+app.use(sitemap_1.sitemapRouter);
+// ---- Page Routes ----
+app.get('/', (req, res) => {
+    res.render('pages/index', { viewUser: req.user || null });
+});
+app.get('/login', (req, res) => {
+    if (req.user)
+        return res.redirect('/dashboard');
+    res.render('pages/login', { viewUser: null });
+});
+app.get('/register', (req, res) => {
+    if (req.user)
+        return res.redirect('/dashboard');
+    res.render('pages/register', { viewUser: null });
+});
+app.get('/dashboard', (req, res) => {
+    if (!req.user)
+        return res.redirect('/login');
+    res.render('pages/dashboard', { viewUser: req.user });
+});
+app.get('/pricing', (req, res) => {
+    res.render('pages/pricing', { viewUser: req.user || null });
+});
+app.get('/docs', (req, res) => {
+    res.render('pages/docs', { viewUser: req.user || null });
+});
+app.get('/orders', (req, res) => {
+    if (!req.user)
+        return res.redirect('/login');
+    res.render('pages/orders', { viewUser: req.user });
+});
+app.get('/settings', (req, res) => {
+    if (!req.user)
+        return res.redirect('/login');
+    res.render('pages/settings', { viewUser: req.user });
+});
+app.get('/admin', (req, res) => {
+    if (!req.user || req.user.role !== 'admin')
+        return res.redirect('/login');
+    res.render('pages/admin', { viewUser: req.user });
+});
+app.get('/remote', (req, res) => {
+    res.render('pages/remote', { viewUser: req.user || null });
+});
+// API: fetch remote session credentials (used by remote page)
+app.get('/api/remote/session/:sessionId', async (req, res) => {
+    try {
+        const { getRemoteSessionKey } = await Promise.resolve().then(() => __importStar(require('./services/remote-control')));
+        const result = await getRemoteSessionKey(req.params.sessionId);
+        if (!result) {
+            res.status(404).json({ success: false, error: 'Session not found or expired' });
+            return;
+        }
+        res.json({ success: true, ...result });
+    }
+    catch (err) {
+        res.status(500).json({ success: false, error: 'Internal error' });
+    }
+});
+// Health check with provider status
+app.get('/health', (_req, res) => {
+    const providers = (0, health_checker_1.getHealthStatus)();
+    res.json({
+        status: 'ok',
+        timestamp: new Date().toISOString(),
+        providers,
+    });
+});
+// Metrics endpoint (admin use)
+app.get('/metrics', (_req, res) => {
+    res.json(metrics_1.metrics.getSnapshot());
+});
+// 404
+app.use((req, res) => {
+    res.status(404).render('pages/404', { viewUser: req.user || null });
+});
+// Error handler
+app.use((err, _req, res, _next) => {
+    logger_1.logger.error({ err }, 'Unhandled error');
+    res.status(500).json({
+        type: 'error',
+        error: { type: 'api_error', message: 'Internal server error' },
+    });
+});
+// ---- Startup ----
+async function start() {
+    // Initialize config-dependent services
+    (0, session_auth_1.setJwtSecret)(config.jwtSecret);
+    if (process.env.RESEND_API_KEY) {
+        (0, mailer_1.setMailerApiKey)(process.env.RESEND_API_KEY);
+    }
+    if (process.env.ALIPAY_APP_ID) {
+        (0, alipay_1.setAlipayConfig)({
+            appId: process.env.ALIPAY_APP_ID,
+            privateKey: process.env.ALIPAY_PRIVATE_KEY || '',
+            alipayPublicKey: process.env.ALIPAY_PUBLIC_KEY || '',
+            gateway: process.env.ALIPAY_GATEWAY || 'https://openapi.alipay.com/gateway.do',
+            notifyUrl: `${config.siteUrl}/api/payment/notify`,
+        });
+    }
+    // Database
+    await (0, database_1.initDatabase)(config.databaseUrl);
+    // Provider registry
+    (0, registry_1.initRegistry)(config);
+    // Health checker (check every 60s)
+    (0, health_checker_1.startHealthChecker)(5 * 60_000); // Every 5 min (uses zero-cost invalid model probe)
+    // Start server
+    const server = app.listen(config.port, () => {
+        logger_1.logger.info({
+            port: config.port,
+            providers: config.providers.map(p => p.name),
+            siteUrl: config.siteUrl,
+        }, 'LLM API v2 started');
+    });
+    // Initialize Remote Control WebSocket server
+    (0, remote_ws_1.initRemoteWs)(server);
+    // Graceful shutdown
+    const shutdown = (signal) => {
+        logger_1.logger.info({ signal }, 'Shutting down...');
+        (0, health_checker_1.stopHealthChecker)();
+        server.close(() => {
+            logger_1.logger.info('Server closed');
+            process.exit(0);
+        });
+        // Force exit after 10s
+        setTimeout(() => {
+            logger_1.logger.warn('Forced shutdown after timeout');
+            process.exit(1);
+        }, 10_000);
+    };
+    process.on('SIGTERM', () => shutdown('SIGTERM'));
+    process.on('SIGINT', () => shutdown('SIGINT'));
+}
+start().catch((err) => {
+    logger_1.logger.error({ err }, 'Failed to start');
+    process.exit(1);
+});
+//# sourceMappingURL=index.js.map

package/dist/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA,gDAAwB;AACxB,sDAA8B;AAC9B,gDAAwB;AACxB,oDAA4B;AAC5B,qCAAsC;AACtC,kDAAmD;AACnD,mDAAoD;AACpD,8DAAmG;AACnG,4DAAqF;AACrF,8CAAoD;AACpD,8CAAoD;AACpD,gDAAmD;AACnD,4CAA+C;AAC/C,wCAAiD;AACjD,kDAAqD;AACrD,0CAA6C;AAC7C,8CAAiD;AACjD,wCAA2C;AAC3C,8CAAiD;AACjD,oDAAoD;AACpD,gEAA4D;AAC5D,gDAA6C;AAC7C,2CAAwC;AAExC,MAAM,GAAG,GAAG,IAAA,iBAAO,GAAE,CAAC;AACtB,MAAM,MAAM,GAAG,IAAA,mBAAU,GAAE,CAAC;AAE5B,cAAc;AACd,GAAG,CAAC,GAAG,CAAC,aAAa,EAAE,KAAK,CAAC,CAAC;AAC9B,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,cAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC;AAEtD,aAAa;AACb,GAAG,CAAC,GAAG,CAAC,IAAA,gBAAM,EAAC,EAAE,qBAAqB,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;AAClD,GAAG,CAAC,GAAG,CAAC,IAAA,cAAI,GAAE,CAAC,CAAC;AAChB,GAAG,CAAC,GAAG,CAAC,iBAAO,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC,CAAC,CAAC;AACzC,GAAG,CAAC,GAAG,CAAC,iBAAO,CAAC,UAAU,CAAC,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;AAChD,GAAG,CAAC,GAAG,CAAC,2BAAY,CAAC,CAAC;AACtB,GAAG,CAAC,GAAG,CAAC,iBAAO,CAAC,MAAM,CAAC,cAAI,CAAC,IAAI,CAAC,SAAS,EAAE,IAAI,EAAE,QAAQ,CAAC,CAAC,CAAC,CAAC;AAE9D,kBAAkB;AAClB,GAAG,CAAC,GAAG,CAAC,8BAAa,CAAC,CAAC;AAEvB,6CAA6C;AAC7C,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,EAAE,EAAE;IACzB,GAAG,CAAC,EAAE,CAAC,OAAO,EAAE,CAAC,GAA0B,EAAE,EAAE;QAC7C,IAAI,CAAC,4BAA4B,EAAE,OAAO,EAAE,YAAY,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC,EAAE,CAAC;YACnF,OAAO;QACT,CAAC;QACD,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,uBAAuB,CAAC,CAAC;IACjD,CAAC,CAAC,CAAC;IACH,IAAI,EAAE,CAAC;AACT,CAAC,CAAC,CAAC;AAEH,oDAAoD;AACpD,GAAG,CAAC,GAAG,CAAC,2BAAY,CAAC,CAAC;AAEtB,uBAAuB;AACvB,GAAG,CAAC,GAAG,CAAC,KAAK,EAAE,yBAAc,CAAC,CAAC;AAC/B,GAAG,CAAC,GAAG,CAAC,KAAK,EAAE,qBAAY,CAAC,CAAC;AAC7B,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,IAAA,uBAAgB,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC,CAAC;AACzD,GAAG,CAAC,GAAG,CAAC,gBAAgB,EAAE,2BAAe,CAAC,CAAC;AAC3C,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,mBAAW,CAAC,CAAC;AACnC,GAAG,CAAC,GAAG,CAAC,cAAc,EAAE,uBAAa,CAAC,CAAC;AACvC,GAAG,CAAC,GAAG,CAAC,iBAAU,CAAC,CAAC;AACpB,GAAG,CAAC,GAAG,CAAC,uBAAa,CAAC,CAAC;AAEvB,wBAAwB;AACxB,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IACxB,GAAG,CAAC,MAAM,CAAC,aAAa,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC;AAC5D,CAAC,CAAC,CAAC;AAEH,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IAC7B,IAAI,GAAG,CAAC,IAAI;QAAE,OAAO,GAAG,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;IAChD,GAAG,CAAC,MAAM,CAAC,aAAa,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;AAChD,CAAC,CAAC,CAAC;AAEH,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IAChC,IAAI,GAAG,CAAC,IAAI;QAAE,OAAO,GAAG,CAAC,QAAQ,CAAC,YAAY,CAAC,CAAC;IAChD,GAAG,CAAC,MAAM,CAAC,gBAAgB,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;AACnD,CAAC,CAAC,CAAC;AAEH,GAAG,CAAC,GAAG,CAAC,YAAY,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IACjC,IAAI,CAAC,GAAG,CAAC,IAAI;QAAE,OAAO,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC7C,GAAG,CAAC,MAAM,CAAC,iBAAiB,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;AACxD,CAAC,CAAC,CAAC;AAEH,GAAG,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IAC/B,GAAG,CAAC,MAAM,CAAC,eAAe,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC;AAC9D,CAAC,CAAC,CAAC;AAEH,GAAG,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IAC5B,GAAG,CAAC,MAAM,CAAC,YAAY,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC;AAC3D,CAAC,CAAC,CAAC;AAEH,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IAC9B,IAAI,CAAC,GAAG,CAAC,IAAI;QAAE,OAAO,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC7C,GAAG,CAAC,MAAM,CAAC,cAAc,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;AACrD,CAAC,CAAC,CAAC;AAEH,GAAG,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IAChC,IAAI,CAAC,GAAG,CAAC,IAAI;QAAE,OAAO,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC7C,GAAG,CAAC,MAAM,CAAC,gBAAgB,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;AACvD,CAAC,CAAC,CAAC;AAEH,GAAG,CAAC,GAAG,CAAC,QAAQ,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IAC7B,IAAI,CAAC,GAAG,CAAC,IAAI,IAAI,GAAG,CAAC,IAAI,CAAC,IAAI,KAAK,OAAO;QAAE,OAAO,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IAC1E,GAAG,CAAC,MAAM,CAAC,aAAa,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;AACpD,CAAC,CAAC,CAAC;AAEH,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IAC9B,GAAG,CAAC,MAAM,CAAC,cAAc,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC;AAC7D,CAAC,CAAC,CAAC;AAEH,8DAA8D;AAC9D,GAAG,CAAC,GAAG,CAAC,gCAAgC,EAAE,KAAK,EAAE,GAAG,EAAE,GAAG,EAAE,EAAE;IAC3D,IAAI,CAAC;QACH,MAAM,EAAE,mBAAmB,EAAE,GAAG,wDAAa,2BAA2B,GAAC,CAAC;QAC1E,MAAM,MAAM,GAAG,MAAM,mBAAmB,CAAC,GAAG,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QAC/D,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC,CAAC;YAChF,OAAO;QACT,CAAC;QACD,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,MAAM,EAAE,CAAC,CAAC;IACzC,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;IACpE,CAAC;AACH,CAAC,CAAC,CAAC;AAEH,oCAAoC;AACpC,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IAC/B,MAAM,SAAS,GAAG,IAAA,gCAAe,GAAE,CAAC;IACpC,GAAG,CAAC,IAAI,CAAC;QACP,MAAM,EAAE,IAAI;QACZ,SAAS,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;QACnC,SAAS;KACV,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,+BAA+B;AAC/B,GAAG,CAAC,GAAG,CAAC,UAAU,EAAE,CAAC,IAAI,EAAE,GAAG,EAAE,EAAE;IAChC,GAAG,CAAC,IAAI,CAAC,iBAAO,CAAC,WAAW,EAAE,CAAC,CAAC;AAClC,CAAC,CAAC,CAAC;AAEH,MAAM;AACN,GAAG,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IACnB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC;AACtE,CAAC,CAAC,CAAC;AAEH,gBAAgB;AAChB,GAAG,CAAC,GAAG,CAAC,CAAC,GAAU,EAAE,IAAqB,EAAE,GAAqB,EAAE,KAA2B,EAAE,EAAE;IAChG,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,iBAAiB,CAAC,CAAC;IACzC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;QACnB,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,EAAE,IAAI,EAAE,WAAW,EAAE,OAAO,EAAE,uBAAuB,EAAE;KAC/D,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,oBAAoB;AACpB,KAAK,UAAU,KAAK;IAClB,uCAAuC;IACvC,IAAA,2BAAY,EAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAE/B,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,EAAE,CAAC;QAC/B,IAAA,wBAAe,EAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC;IAC9C,CAAC;IAED,IAAI,OAAO,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC;QAC9B,IAAA,wBAAe,EAAC;YACd,KAAK,EAAE,OAAO,CAAC,GAAG,CAAC,aAAa;YAChC,UAAU,EAAE,OAAO,CAAC,GAAG,CAAC,kBAAkB,IAAI,EAAE;YAChD,eAAe,EAAE,OAAO,CAAC,GAAG,CAAC,iBAAiB,IAAI,EAAE;YACpD,OAAO,EAAE,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,uCAAuC;YAC9E,SAAS,EAAE,GAAG,MAAM,CAAC,OAAO,qBAAqB;SAClD,CAAC,CAAC;IACL,CAAC;IAED,WAAW;IACX,MAAM,IAAA,uBAAY,EAAC,MAAM,CAAC,WAAW,CAAC,CAAC;IAEvC,oBAAoB;IACpB,IAAA,uBAAY,EAAC,MAAM,CAAC,CAAC;IAErB,mCAAmC;IACnC,IAAA,mCAAkB,EAAC,CAAC,GAAG,MAAM,CAAC,CAAC,CAAC,mDAAmD;IAEnF,eAAe;IACf,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,EAAE,GAAG,EAAE;QAC1C,eAAM,CAAC,IAAI,CAAC;YACV,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,SAAS,EAAE,MAAM,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC;YAC5C,OAAO,EAAE,MAAM,CAAC,OAAO;SACxB,EAAE,oBAAoB,CAAC,CAAC;IAC3B,CAAC,CAAC,CAAC;IAEH,6CAA6C;IAC7C,IAAA,wBAAY,EAAC,MAAM,CAAC,CAAC;IAErB,oBAAoB;IACpB,MAAM,QAAQ,GAAG,CAAC,MAAc,EAAE,EAAE;QAClC,eAAM,CAAC,IAAI,CAAC,EAAE,MAAM,EAAE,EAAE,kBAAkB,CAAC,CAAC;QAC5C,IAAA,kCAAiB,GAAE,CAAC;QACpB,MAAM,CAAC,KAAK,CAAC,GAAG,EAAE;YAChB,eAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YAC7B,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC,CAAC,CAAC;QACH,uBAAuB;QACvB,UAAU,CAAC,GAAG,EAAE;YACd,eAAM,CAAC,IAAI,CAAC,+BAA+B,CAAC,CAAC;YAC7C,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QAClB,CAAC,EAAE,MAAM,CAAC,CAAC;IACb,CAAC,CAAC;IACF,OAAO,CAAC,EAAE,CAAC,SAAS,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,SAAS,CAAC,CAAC,CAAC;IACjD,OAAO,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC,CAAC;AACjD,CAAC;AAED,KAAK,EAAE,CAAC,KAAK,CAAC,CAAC,GAAG,EAAE,EAAE;IACpB,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,iBAAiB,CAAC,CAAC;IACzC,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;AAClB,CAAC,CAAC,CAAC"}

package/dist/middleware/api-key-auth.d.ts

@@ -0,0 +1,6 @@
+import type { Request, Response, NextFunction } from 'express';
+/**
+ * Authenticate requests using API key (x-api-key header or Bearer token).
+ * Used for /v1/messages and other API routes.
+ */
+export declare function apiKeyAuth(req: Request, res: Response, next: NextFunction): Promise<void>;

package/dist/middleware/api-key-auth.js

@@ -0,0 +1,76 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.apiKeyAuth = apiKeyAuth;
+const crypto_1 = __importDefault(require("crypto"));
+const database_1 = require("../services/database");
+const errors_1 = require("../utils/errors");
+/// <reference path="../types/express.d.ts" />
+/**
+ * Authenticate requests using API key (x-api-key header or Bearer token).
+ * Used for /v1/messages and other API routes.
+ */
+async function apiKeyAuth(req, res, next) {
+    try {
+        const apiKey = extractApiKey(req);
+        if (!apiKey) {
+            throw new errors_1.AuthenticationError('Missing API key. Include it in the x-api-key header or Authorization: Bearer header.');
+        }
+        const pool = (0, database_1.getPool)();
+        // Lookup by prefix + SHA-256 hash
+        const keyPrefix = apiKey.substring(0, 12);
+        const keyHash = crypto_1.default.createHash('sha256').update(apiKey).digest('hex');
+        const [keys] = await pool.execute('SELECT * FROM api_keys WHERE key_prefix = ? AND key_hash = ? AND status = ?', [keyPrefix, keyHash, 'active']);
+        const matched = keys[0];
+        if (!matched) {
+            throw new errors_1.AuthenticationError('Invalid API key.');
+        }
+        // Fetch user
+        const [users] = await pool.execute('SELECT * FROM users WHERE id = ?', [matched.user_id]);
+        const user = users[0];
+        if (!user || user.status !== 'active') {
+            throw new errors_1.PermissionError('Account suspended or not found.');
+        }
+        // Fetch subscription + plan
+        const [subs] = await pool.execute(`
+      SELECT s.*, p.name as plan_name, p.token_limit_monthly, p.rate_limit_rpm
+      FROM subscriptions s JOIN plans p ON s.plan_id = p.id
+      WHERE s.user_id = ?
+      ORDER BY s.period_start DESC LIMIT 1
+    `, [user.id]);
+        const sub = subs[0];
+        // Check token quota (-1 = unlimited)
+        if (sub && Number(sub.token_limit_monthly) !== -1 && Number(sub.tokens_used) >= Number(sub.token_limit_monthly)) {
+            throw new errors_1.RateLimitError('Monthly token limit exceeded. Please upgrade your plan.');
+        }
+        // Attach to request
+        req.userId = user.id;
+        req.apiUser = user;
+        req.apiKey = { id: matched.id, rate_limit: matched.rate_limit };
+        req.subscription = sub;
+        next();
+    }
+    catch (err) {
+        if (err instanceof errors_1.AuthenticationError || err instanceof errors_1.PermissionError || err instanceof errors_1.RateLimitError) {
+            res.status(err.statusCode).json(err.toJSON());
+        }
+        else {
+            next(err);
+        }
+    }
+}
+function extractApiKey(req) {
+    // x-api-key header (Anthropic standard)
+    const xApiKey = req.headers['x-api-key'];
+    if (typeof xApiKey === 'string')
+        return xApiKey;
+    // Authorization: Bearer <key>
+    const auth = req.headers.authorization;
+    if (auth && auth.startsWith('Bearer ')) {
+        return auth.slice(7);
+    }
+    return null;
+}
+//# sourceMappingURL=api-key-auth.js.map

package/dist/middleware/api-key-auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-key-auth.js","sourceRoot":"","sources":["../../src/middleware/api-key-auth.ts"],"names":[],"mappings":";;;;;AAUA,gCAyDC;AAnED,oDAA4B;AAE5B,mDAA+C;AAC/C,4CAAuF;AACvF,8CAA8C;AAE9C;;;GAGG;AACI,KAAK,UAAU,UAAU,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB;IAC9E,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;QAClC,IAAI,CAAC,MAAM,EAAE,CAAC;YACZ,MAAM,IAAI,4BAAmB,CAAC,sFAAsF,CAAC,CAAC;QACxH,CAAC;QAED,MAAM,IAAI,GAAG,IAAA,kBAAO,GAAE,CAAC;QAEvB,kCAAkC;QAClC,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC1C,MAAM,OAAO,GAAG,gBAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAEzE,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,IAAI,CAAC,OAAO,CAC/B,6EAA6E,EAC7E,CAAC,SAAS,EAAE,OAAO,EAAE,QAAQ,CAAC,CAC/B,CAAC;QACF,MAAM,OAAO,GAAI,IAAc,CAAC,CAAC,CAAC,CAAC;QACnC,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,MAAM,IAAI,4BAAmB,CAAC,kBAAkB,CAAC,CAAC;QACpD,CAAC;QAED,aAAa;QACb,MAAM,CAAC,KAAK,CAAC,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,kCAAkC,EAAE,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC,CAAC;QAC1F,MAAM,IAAI,GAAI,KAAe,CAAC,CAAC,CAAC,CAAC;QACjC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YACtC,MAAM,IAAI,wBAAe,CAAC,iCAAiC,CAAC,CAAC;QAC/D,CAAC;QAED,4BAA4B;QAC5B,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;;;;;KAKjC,EAAE,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC;QACd,MAAM,GAAG,GAAI,IAAc,CAAC,CAAC,CAAC,CAAC;QAE/B,qCAAqC;QACrC,IAAI,GAAG,IAAI,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CAAC;YAChH,MAAM,IAAI,uBAAc,CAAC,yDAAyD,CAAC,CAAC;QACtF,CAAC;QAED,oBAAoB;QACpB,GAAG,CAAC,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC;QACrB,GAAG,CAAC,OAAO,GAAG,IAAI,CAAC;QACnB,GAAG,CAAC,MAAM,GAAG,EAAE,EAAE,EAAE,OAAO,CAAC,EAAE,EAAE,UAAU,EAAE,OAAO,CAAC,UAAU,EAAE,CAAC;QAChE,GAAG,CAAC,YAAY,GAAG,GAAG,CAAC;QAEvB,IAAI,EAAE,CAAC;IACT,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,IAAI,GAAG,YAAY,4BAAmB,IAAI,GAAG,YAAY,wBAAe,IAAI,GAAG,YAAY,uBAAc,EAAE,CAAC;YAC1G,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QAChD,CAAC;aAAM,CAAC;YACN,IAAI,CAAC,GAAG,CAAC,CAAC;QACZ,CAAC;IACH,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,GAAY;IACjC,wCAAwC;IACxC,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,WAAW,CAAC,CAAC;IACzC,IAAI,OAAO,OAAO,KAAK,QAAQ;QAAE,OAAO,OAAO,CAAC;IAEhD,8BAA8B;IAC9B,MAAM,IAAI,GAAG,GAAG,CAAC,OAAO,CAAC,aAAa,CAAC;IACvC,IAAI,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;QACvC,OAAO,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IACvB,CAAC;IAED,OAAO,IAAI,CAAC;AACd,CAAC"}

package/dist/middleware/quota-guard.d.ts

@@ -0,0 +1,10 @@
+import type { Request, Response, NextFunction } from 'express';
+/**
+ * Pre-request quota check. Must run after apiKeyAuth.
+ * Rejects requests if the user has exhausted their monthly token quota.
+ *
+ * Note: This is a soft guard — the actual deduction happens after the request
+ * completes (in usage.ts). Concurrent requests may slightly exceed the quota,
+ * which is acceptable for this use case.
+ */
+export declare function quotaGuard(req: Request, res: Response, next: NextFunction): void;

package/dist/middleware/quota-guard.js

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.quotaGuard = quotaGuard;
+const errors_1 = require("../utils/errors");
+/**
+ * Pre-request quota check. Must run after apiKeyAuth.
+ * Rejects requests if the user has exhausted their monthly token quota.
+ *
+ * Note: This is a soft guard — the actual deduction happens after the request
+ * completes (in usage.ts). Concurrent requests may slightly exceed the quota,
+ * which is acceptable for this use case.
+ */
+function quotaGuard(req, res, next) {
+    const sub = req.subscription;
+    if (!sub)
+        return next();
+    // -1 means unlimited (PG may return bigint as string)
+    if (Number(sub.token_limit_monthly) === -1)
+        return next();
+    if (Number(sub.tokens_used) >= Number(sub.token_limit_monthly)) {
+        const err = new errors_1.RateLimitError(`Monthly token limit exceeded (${sub.tokens_used.toLocaleString()} / ${sub.token_limit_monthly.toLocaleString()}). Please upgrade your plan.`);
+        res.status(err.statusCode).json(err.toJSON());
+        return;
+    }
+    next();
+}
+//# sourceMappingURL=quota-guard.js.map

package/dist/middleware/quota-guard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"quota-guard.js","sourceRoot":"","sources":["../../src/middleware/quota-guard.ts"],"names":[],"mappings":";;AAWA,gCAgBC;AA1BD,4CAAiD;AAEjD;;;;;;;GAOG;AACH,SAAgB,UAAU,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB;IACxE,MAAM,GAAG,GAAG,GAAG,CAAC,YAAY,CAAC;IAC7B,IAAI,CAAC,GAAG;QAAE,OAAO,IAAI,EAAE,CAAC;IAExB,sDAAsD;IACtD,IAAI,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,KAAK,CAAC,CAAC;QAAE,OAAO,IAAI,EAAE,CAAC;IAE1D,IAAI,MAAM,CAAC,GAAG,CAAC,WAAW,CAAC,IAAI,MAAM,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,CAAC;QAC/D,MAAM,GAAG,GAAG,IAAI,uBAAc,CAC5B,iCAAiC,GAAG,CAAC,WAAW,CAAC,cAAc,EAAE,MAAM,GAAG,CAAC,mBAAmB,CAAC,cAAc,EAAE,8BAA8B,CAC9I,CAAC;QACF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QAC9C,OAAO;IACT,CAAC;IAED,IAAI,EAAE,CAAC;AACT,CAAC"}

package/dist/middleware/rate-limiter.d.ts

@@ -0,0 +1,5 @@
+import type { Request, Response, NextFunction } from 'express';
+/**
+ * Rate limit middleware. Must run after apiKeyAuth (needs req.apiKey and req.subscription).
+ */
+export declare function rateLimiter(req: Request, res: Response, next: NextFunction): void;

package/dist/middleware/rate-limiter.js

@@ -0,0 +1,50 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.rateLimiter = rateLimiter;
+const errors_1 = require("../utils/errors");
+/** In-memory sliding window rate limiter, keyed by API key ID. */
+const windows = new Map();
+const WINDOW_MS = 60_000; // 1 minute sliding window
+const CLEANUP_INTERVAL = 5 * 60_000; // Clean up every 5 min
+// Periodic cleanup
+setInterval(() => {
+    const now = Date.now();
+    for (const [key, entry] of windows) {
+        entry.timestamps = entry.timestamps.filter(t => now - t < WINDOW_MS);
+        if (entry.timestamps.length === 0)
+            windows.delete(key);
+    }
+}, CLEANUP_INTERVAL);
+/**
+ * Rate limit middleware. Must run after apiKeyAuth (needs req.apiKey and req.subscription).
+ */
+function rateLimiter(req, res, next) {
+    const keyId = req.apiKey?.id;
+    if (!keyId)
+        return next();
+    const limit = req.subscription?.rate_limit_rpm || req.apiKey?.rate_limit || 60;
+    const now = Date.now();
+    let entry = windows.get(keyId);
+    if (!entry) {
+        entry = { timestamps: [] };
+        windows.set(keyId, entry);
+    }
+    // Remove expired timestamps
+    entry.timestamps = entry.timestamps.filter(t => now - t < WINDOW_MS);
+    if (entry.timestamps.length >= limit) {
+        const resetTime = entry.timestamps[0] + WINDOW_MS;
+        res.setHeader('X-RateLimit-Limit', String(limit));
+        res.setHeader('X-RateLimit-Remaining', '0');
+        res.setHeader('X-RateLimit-Reset', String(Math.ceil(resetTime / 1000)));
+        res.setHeader('Retry-After', String(Math.ceil((resetTime - now) / 1000)));
+        const err = new errors_1.RateLimitError(`Rate limit exceeded. Max ${limit} requests per minute.`);
+        res.status(err.statusCode).json(err.toJSON());
+        return;
+    }
+    entry.timestamps.push(now);
+    // Set rate limit headers
+    res.setHeader('X-RateLimit-Limit', String(limit));
+    res.setHeader('X-RateLimit-Remaining', String(limit - entry.timestamps.length));
+    next();
+}
+//# sourceMappingURL=rate-limiter.js.map

package/dist/middleware/rate-limiter.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"rate-limiter.js","sourceRoot":"","sources":["../../src/middleware/rate-limiter.ts"],"names":[],"mappings":";;AAyBA,kCAmCC;AA3DD,4CAAiD;AAMjD,kEAAkE;AAClE,MAAM,OAAO,GAAG,IAAI,GAAG,EAAuB,CAAC;AAE/C,MAAM,SAAS,GAAG,MAAM,CAAC,CAAC,0BAA0B;AACpD,MAAM,gBAAgB,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC,uBAAuB;AAE5D,mBAAmB;AACnB,WAAW,CAAC,GAAG,EAAE;IACf,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACvB,KAAK,MAAM,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,OAAO,EAAE,CAAC;QACnC,KAAK,CAAC,UAAU,GAAG,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,GAAG,SAAS,CAAC,CAAC;QACrE,IAAI,KAAK,CAAC,UAAU,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACzD,CAAC;AACH,CAAC,EAAE,gBAAgB,CAAC,CAAC;AAErB;;GAEG;AACH,SAAgB,WAAW,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB;IACzE,MAAM,KAAK,GAAG,GAAG,CAAC,MAAM,EAAE,EAAE,CAAC;IAC7B,IAAI,CAAC,KAAK;QAAE,OAAO,IAAI,EAAE,CAAC;IAE1B,MAAM,KAAK,GAAG,GAAG,CAAC,YAAY,EAAE,cAAc,IAAI,GAAG,CAAC,MAAM,EAAE,UAAU,IAAI,EAAE,CAAC;IAC/E,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAEvB,IAAI,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;IAC/B,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,KAAK,GAAG,EAAE,UAAU,EAAE,EAAE,EAAE,CAAC;QAC3B,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE,KAAK,CAAC,CAAC;IAC5B,CAAC;IAED,4BAA4B;IAC5B,KAAK,CAAC,UAAU,GAAG,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,GAAG,GAAG,CAAC,GAAG,SAAS,CAAC,CAAC;IAErE,IAAI,KAAK,CAAC,UAAU,CAAC,MAAM,IAAI,KAAK,EAAE,CAAC;QACrC,MAAM,SAAS,GAAG,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,SAAS,CAAC;QAClD,GAAG,CAAC,SAAS,CAAC,mBAAmB,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;QAClD,GAAG,CAAC,SAAS,CAAC,uBAAuB,EAAE,GAAG,CAAC,CAAC;QAC5C,GAAG,CAAC,SAAS,CAAC,mBAAmB,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QACxE,GAAG,CAAC,SAAS,CAAC,aAAa,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,SAAS,GAAG,GAAG,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,CAAC;QAE1E,MAAM,GAAG,GAAG,IAAI,uBAAc,CAAC,4BAA4B,KAAK,uBAAuB,CAAC,CAAC;QACzF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,CAAC;QAC9C,OAAO;IACT,CAAC;IAED,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC;IAE3B,yBAAyB;IACzB,GAAG,CAAC,SAAS,CAAC,mBAAmB,EAAE,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;IAClD,GAAG,CAAC,SAAS,CAAC,uBAAuB,EAAE,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC,CAAC;IAEhF,IAAI,EAAE,CAAC;AACT,CAAC"}

package/dist/middleware/request-logger.d.ts

@@ -0,0 +1,6 @@
+import type { Request, Response, NextFunction } from 'express';
+/**
+ * Log every HTTP request with timing.
+ * Skips /health to avoid noise.
+ */
+export declare function requestLogger(req: Request, res: Response, next: NextFunction): void;

package/dist/middleware/request-logger.js

@@ -0,0 +1,37 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.requestLogger = requestLogger;
+const logger_1 = require("../utils/logger");
+/// <reference path="../types/express.d.ts" />
+/**
+ * Log every HTTP request with timing.
+ * Skips /health to avoid noise.
+ */
+function requestLogger(req, res, next) {
+    if (req.path === '/health')
+        return next();
+    const start = Date.now();
+    res.on('finish', () => {
+        const duration = Date.now() - start;
+        const logData = {
+            method: req.method,
+            path: req.path,
+            status: res.statusCode,
+            durationMs: duration,
+            ip: req.ip || req.headers['x-forwarded-for'] || req.socket.remoteAddress,
+            userAgent: req.headers['user-agent']?.slice(0, 100),
+            userId: req.userId,
+        };
+        if (res.statusCode >= 500) {
+            logger_1.logger.error(logData, 'Request error');
+        }
+        else if (res.statusCode >= 400) {
+            logger_1.logger.warn(logData, 'Request client error');
+        }
+        else {
+            logger_1.logger.info(logData, 'Request completed');
+        }
+    });
+    next();
+}
+//# sourceMappingURL=request-logger.js.map

package/dist/middleware/request-logger.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"request-logger.js","sourceRoot":"","sources":["../../src/middleware/request-logger.ts"],"names":[],"mappings":";;AAQA,sCA2BC;AAlCD,4CAAyC;AACzC,8CAA8C;AAE9C;;;GAGG;AACH,SAAgB,aAAa,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB;IAC3E,IAAI,GAAG,CAAC,IAAI,KAAK,SAAS;QAAE,OAAO,IAAI,EAAE,CAAC;IAE1C,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IAEzB,GAAG,CAAC,EAAE,CAAC,QAAQ,EAAE,GAAG,EAAE;QACpB,MAAM,QAAQ,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC;QACpC,MAAM,OAAO,GAAG;YACd,MAAM,EAAE,GAAG,CAAC,MAAM;YAClB,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,MAAM,EAAE,GAAG,CAAC,UAAU;YACtB,UAAU,EAAE,QAAQ;YACpB,EAAE,EAAE,GAAG,CAAC,EAAE,IAAI,GAAG,CAAC,OAAO,CAAC,iBAAiB,CAAC,IAAI,GAAG,CAAC,MAAM,CAAC,aAAa;YACxE,SAAS,EAAE,GAAG,CAAC,OAAO,CAAC,YAAY,CAAC,EAAE,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC;YACnD,MAAM,EAAE,GAAG,CAAC,MAAM;SACnB,CAAC;QAEF,IAAI,GAAG,CAAC,UAAU,IAAI,GAAG,EAAE,CAAC;YAC1B,eAAM,CAAC,KAAK,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;QACzC,CAAC;aAAM,IAAI,GAAG,CAAC,UAAU,IAAI,GAAG,EAAE,CAAC;YACjC,eAAM,CAAC,IAAI,CAAC,OAAO,EAAE,sBAAsB,CAAC,CAAC;QAC/C,CAAC;aAAM,CAAC;YACN,eAAM,CAAC,IAAI,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,IAAI,EAAE,CAAC;AACT,CAAC"}

package/dist/middleware/session-auth.d.ts

@@ -0,0 +1,19 @@
+import type { Request, Response, NextFunction } from 'express';
+export declare function setJwtSecret(secret: string): void;
+/**
+ * Parse cookies from Cookie header (lightweight, no dependency).
+ */
+export declare function cookieParser(req: Request, _res: Response, next: NextFunction): void;
+/**
+ * Session-based JWT authentication for web dashboard routes.
+ * Reads JWT from 'token' cookie.
+ */
+export declare function sessionAuth(req: Request, res: Response, next: NextFunction): Promise<void>;
+/**
+ * Admin authentication. Extends sessionAuth with role check.
+ */
+export declare function adminAuth(req: Request, res: Response, next: NextFunction): Promise<void>;
+/**
+ * Inject user info into req.user from cookie (non-blocking, for page rendering).
+ */
+export declare function optionalAuth(req: Request, _res: Response, next: NextFunction): Promise<void>;

package/dist/middleware/session-auth.js

@@ -0,0 +1,99 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.setJwtSecret = setJwtSecret;
+exports.cookieParser = cookieParser;
+exports.sessionAuth = sessionAuth;
+exports.adminAuth = adminAuth;
+exports.optionalAuth = optionalAuth;
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+const database_1 = require("../services/database");
+/// <reference path="../types/express.d.ts" />
+let jwtSecret = '';
+function setJwtSecret(secret) {
+    jwtSecret = secret;
+}
+/**
+ * Parse cookies from Cookie header (lightweight, no dependency).
+ */
+function cookieParser(req, _res, next) {
+    const header = req.headers.cookie || '';
+    const cookies = {};
+    for (const pair of header.split(';')) {
+        const [key, ...rest] = pair.trim().split('=');
+        if (key)
+            cookies[key] = decodeURIComponent(rest.join('='));
+    }
+    req.cookies = cookies;
+    next();
+}
+/**
+ * Session-based JWT authentication for web dashboard routes.
+ * Reads JWT from 'token' cookie.
+ */
+async function sessionAuth(req, res, next) {
+    const token = req.cookies?.token;
+    const isApi = req.path.startsWith('/api/');
+    const sendUnauth = () => {
+        if (isApi) {
+            res.status(401).json({ success: false, error: 'Authentication required' });
+        }
+        else {
+            res.redirect('/login');
+        }
+    };
+    if (!token) {
+        sendUnauth();
+        return;
+    }
+    try {
+        const decoded = jsonwebtoken_1.default.verify(token, jwtSecret);
+        const pool = (0, database_1.getPool)();
+        const [rows] = await pool.execute('SELECT id, email, name, role, status FROM users WHERE id = ?', [decoded.id]);
+        const user = rows[0];
+        if (!user || user.status !== 'active') {
+            res.clearCookie('token');
+            sendUnauth();
+            return;
+        }
+        req.user = user;
+        req.userId = user.id;
+        next();
+    }
+    catch {
+        res.clearCookie('token');
+        sendUnauth();
+    }
+}
+/**
+ * Admin authentication. Extends sessionAuth with role check.
+ */
+async function adminAuth(req, res, next) {
+    await sessionAuth(req, res, () => {
+        if (req.user?.role === 'admin')
+            return next();
+        res.status(403).json({ success: false, error: 'Admin access required' });
+    });
+}
+/**
+ * Inject user info into req.user from cookie (non-blocking, for page rendering).
+ */
+async function optionalAuth(req, _res, next) {
+    const token = req.cookies?.token;
+    if (!token) {
+        next();
+        return;
+    }
+    try {
+        const decoded = jsonwebtoken_1.default.verify(token, jwtSecret);
+        const pool = (0, database_1.getPool)();
+        const [rows] = await pool.execute('SELECT id, email, name, role, status FROM users WHERE id = ?', [decoded.id]);
+        req.user = rows[0] || undefined;
+        req.userId = req.user?.id;
+    }
+    catch { }
+    next();
+}
+//# sourceMappingURL=session-auth.js.map

package/dist/middleware/session-auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"session-auth.js","sourceRoot":"","sources":["../../src/middleware/session-auth.ts"],"names":[],"mappings":";;;;;AAOA,oCAEC;AAKD,oCASC;AAMD,kCAiCC;AAKD,8BAKC;AAKD,oCAaC;AA1FD,gEAA+B;AAE/B,mDAA+C;AAC/C,8CAA8C;AAE9C,IAAI,SAAS,GAAG,EAAE,CAAC;AAEnB,SAAgB,YAAY,CAAC,MAAc;IACzC,SAAS,GAAG,MAAM,CAAC;AACrB,CAAC;AAED;;GAEG;AACH,SAAgB,YAAY,CAAC,GAAY,EAAE,IAAc,EAAE,IAAkB;IAC3E,MAAM,MAAM,GAAG,GAAG,CAAC,OAAO,CAAC,MAAM,IAAI,EAAE,CAAC;IACxC,MAAM,OAAO,GAA2B,EAAE,CAAC;IAC3C,KAAK,MAAM,IAAI,IAAI,MAAM,CAAC,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC;QACrC,MAAM,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC9C,IAAI,GAAG;YAAE,OAAO,CAAC,GAAG,CAAC,GAAG,kBAAkB,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;IAC7D,CAAC;IACD,GAAG,CAAC,OAAO,GAAG,OAAO,CAAC;IACtB,IAAI,EAAE,CAAC;AACT,CAAC;AAED;;;GAGG;AACI,KAAK,UAAU,WAAW,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB;IAC/E,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC;IACjC,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,CAAC;IAE3C,MAAM,UAAU,GAAG,GAAG,EAAE;QACtB,IAAI,KAAK,EAAE,CAAC;YACV,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC;QAC7E,CAAC;aAAM,CAAC;YACN,GAAG,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;QACzB,CAAC;IACH,CAAC,CAAC;IAEF,IAAI,CAAC,KAAK,EAAE,CAAC;QAAC,UAAU,EAAE,CAAC;QAAC,OAAO;IAAC,CAAC;IAErC,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,SAAS,CAAmB,CAAC;QAC/D,MAAM,IAAI,GAAG,IAAA,kBAAO,GAAE,CAAC;QACvB,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,8DAA8D,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC;QAChH,MAAM,IAAI,GAAI,IAAc,CAAC,CAAC,CAAC,CAAC;QAEhC,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;YACtC,GAAG,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YACzB,UAAU,EAAE,CAAC;YACb,OAAO;QACT,CAAC;QAED,GAAG,CAAC,IAAI,GAAG,IAAI,CAAC;QAChB,GAAG,CAAC,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC;QACrB,IAAI,EAAE,CAAC;IACT,CAAC;IAAC,MAAM,CAAC;QACP,GAAG,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACzB,UAAU,EAAE,CAAC;IACf,CAAC;AACH,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,SAAS,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB;IAC7E,MAAM,WAAW,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE;QAC/B,IAAI,GAAG,CAAC,IAAI,EAAE,IAAI,KAAK,OAAO;YAAE,OAAO,IAAI,EAAE,CAAC;QAC9C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,uBAAuB,EAAE,CAAC,CAAC;IAC3E,CAAC,CAAC,CAAC;AACL,CAAC;AAED;;GAEG;AACI,KAAK,UAAU,YAAY,CAAC,GAAY,EAAE,IAAc,EAAE,IAAkB;IACjF,MAAM,KAAK,GAAG,GAAG,CAAC,OAAO,EAAE,KAAK,CAAC;IACjC,IAAI,CAAC,KAAK,EAAE,CAAC;QAAC,IAAI,EAAE,CAAC;QAAC,OAAO;IAAC,CAAC;IAE/B,IAAI,CAAC;QACH,MAAM,OAAO,GAAG,sBAAG,CAAC,MAAM,CAAC,KAAK,EAAE,SAAS,CAAmB,CAAC;QAC/D,MAAM,IAAI,GAAG,IAAA,kBAAO,GAAE,CAAC;QACvB,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,8DAA8D,EAAE,CAAC,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC;QAChH,GAAG,CAAC,IAAI,GAAI,IAAc,CAAC,CAAC,CAAC,IAAI,SAAS,CAAC;QAC3C,GAAG,CAAC,MAAM,GAAG,GAAG,CAAC,IAAI,EAAE,EAAE,CAAC;IAC5B,CAAC;IAAC,MAAM,CAAC,CAAA,CAAC;IAEV,IAAI,EAAE,CAAC;AACT,CAAC"}

package/dist/providers/aliyun.d.ts

@@ -0,0 +1,13 @@
+import { BaseProvider } from './base-provider';
+/**
+ * Alibaba Cloud Bailian (DashScope) provider.
+ * Native Anthropic endpoint: https://dashscope-intl.aliyuncs.com/apps/anthropic
+ *
+ * Supports Qwen series models with full Anthropic API compatibility:
+ * - Streaming SSE
+ * - Tool calling (96.5% accuracy)
+ * - Context caching (automatic, reduces cost for repeated prefixes)
+ */
+export declare class AliyunProvider extends BaseProvider {
+    constructor(anthropicBaseUrl: string, apiKey: string, timeout: number, openaiBaseUrl?: string);
+}