llmapi-v2 2.1.0

package/dist/routes/auth.js

@@ -0,0 +1,318 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createAuthRouter = createAuthRouter;
+const express_1 = require("express");
+const bcryptjs_1 = __importDefault(require("bcryptjs"));
+const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
+const crypto_1 = __importDefault(require("crypto"));
+const database_1 = require("../services/database");
+const session_auth_1 = require("../middleware/session-auth");
+const mailer_1 = require("../services/mailer");
+const logger_1 = require("../utils/logger");
+const GOOGLE_CLIENT_ID = process.env.GOOGLE_CLIENT_ID || '128504392054-4rfrtk05umm9fvfpd83l9qn9r4qnaa98.apps.googleusercontent.com';
+function createAuthRouter(jwtSecret) {
+    const router = (0, express_1.Router)();
+    // In-memory pending registrations (code -> {email, hash, name, expiresAt})
+    const pending = new Map();
+    // Cleanup expired entries every 5 min
+    setInterval(() => {
+        const now = Date.now();
+        for (const [key, val] of pending) {
+            if (val.expiresAt < now)
+                pending.delete(key);
+        }
+    }, 5 * 60_000);
+    /**
+     * POST /api/auth/send-code
+     * Step 1 of registration: validate inputs, send verification code.
+     */
+    router.post('/send-code', async (req, res) => {
+        try {
+            const { email, password, name } = req.body;
+            if (!email || !password || !name) {
+                res.status(400).json({ success: false, error: 'Missing required fields' });
+                return;
+            }
+            if (password.length < 8) {
+                res.status(400).json({ success: false, error: 'Password must be at least 8 characters' });
+                return;
+            }
+            const pool = (0, database_1.getPool)();
+            const [existing] = await pool.execute('SELECT id FROM users WHERE email = ?', [email]);
+            if (existing.length > 0) {
+                res.status(409).json({ success: false, error: 'Email already registered' });
+                return;
+            }
+            const code = String(Math.floor(100000 + Math.random() * 900000));
+            const passwordHash = await bcryptjs_1.default.hash(password, 10);
+            pending.set(email, {
+                email,
+                passwordHash,
+                name,
+                code,
+                expiresAt: Date.now() + 30 * 60_000, // 30 min
+            });
+            await (0, mailer_1.sendVerificationEmail)(email, code, name);
+            res.json({ success: true, message: 'Verification code sent' });
+        }
+        catch (err) {
+            logger_1.logger.error({ err }, 'send-code error');
+            res.status(500).json({ success: false, error: 'Internal error' });
+        }
+    });
+    /**
+     * POST /api/auth/register
+     * Step 2: verify code, create user, issue JWT.
+     */
+    router.post('/register', async (req, res) => {
+        try {
+            const { email, code } = req.body;
+            const entry = pending.get(email);
+            if (!entry || entry.code !== code || entry.expiresAt < Date.now()) {
+                res.status(400).json({ success: false, error: 'Invalid or expired verification code' });
+                return;
+            }
+            const pool = (0, database_1.getPool)();
+            // Create user
+            const [result] = await pool.execute('INSERT INTO users (email, password_hash, name, verified, status) VALUES (?, ?, ?, 1, ?)', [entry.email, entry.passwordHash, entry.name, 'active']);
+            const userId = result.insertId;
+            // Assign free plan
+            const [plans] = await pool.execute('SELECT id FROM plans WHERE name = ?', ['free']);
+            const planId = plans[0]?.id;
+            if (planId) {
+                await pool.execute("INSERT INTO subscriptions (user_id, plan_id, period_end) VALUES (?, ?, NOW() + INTERVAL '100 years')", [userId, planId]);
+            }
+            pending.delete(email);
+            // Issue JWT
+            const token = jsonwebtoken_1.default.sign({ id: userId }, jwtSecret, { expiresIn: '7d' });
+            res.cookie('token', token, { httpOnly: true, maxAge: 7 * 24 * 3600_000, sameSite: 'lax' });
+            // Send welcome email (async, don't block)
+            (0, mailer_1.sendWelcomeEmail)(entry.email, entry.name).catch(() => { });
+            res.json({ success: true, user: { id: userId, email: entry.email, name: entry.name } });
+        }
+        catch (err) {
+            logger_1.logger.error({ err }, 'register error');
+            res.status(500).json({ success: false, error: 'Internal error' });
+        }
+    });
+    /**
+     * POST /api/auth/login
+     */
+    router.post('/login', async (req, res) => {
+        try {
+            const { email, password } = req.body;
+            if (!email || !password) {
+                res.status(400).json({ success: false, error: 'Email and password required' });
+                return;
+            }
+            const pool = (0, database_1.getPool)();
+            const [rows] = await pool.execute('SELECT * FROM users WHERE email = ?', [email]);
+            const user = rows[0];
+            if (!user || !(await bcryptjs_1.default.compare(password, user.password_hash))) {
+                res.status(401).json({ success: false, error: 'Invalid email or password' });
+                return;
+            }
+            if (user.status !== 'active') {
+                res.status(403).json({ success: false, error: 'Account suspended' });
+                return;
+            }
+            const token = jsonwebtoken_1.default.sign({ id: user.id }, jwtSecret, { expiresIn: '7d' });
+            res.cookie('token', token, { httpOnly: true, maxAge: 7 * 24 * 3600_000, sameSite: 'lax' });
+            res.json({ success: true, user: { id: user.id, email: user.email, name: user.name } });
+        }
+        catch (err) {
+            logger_1.logger.error({ err }, 'login error');
+            res.status(500).json({ success: false, error: 'Internal error' });
+        }
+    });
+    /**
+     * POST /api/auth/logout
+     */
+    router.post('/logout', (_req, res) => {
+        res.clearCookie('token');
+        res.json({ success: true });
+    });
+    /**
+     * GET /api/auth/me
+     */
+    router.get('/me', session_auth_1.sessionAuth, async (req, res) => {
+        try {
+            const pool = (0, database_1.getPool)();
+            const [subs] = await pool.execute(`
+        SELECT s.*, p.name as plan_name, p.display_name, p.token_limit_monthly, p.rate_limit_rpm, p.max_api_keys, p.price_monthly
+        FROM subscriptions s JOIN plans p ON s.plan_id = p.id
+        WHERE s.user_id = ? ORDER BY s.period_start DESC LIMIT 1
+      `, [req.userId]);
+            res.json({
+                success: true,
+                user: req.user,
+                subscription: subs[0] || null,
+            });
+        }
+        catch (err) {
+            logger_1.logger.error({ err }, 'me error');
+            res.status(500).json({ success: false, error: 'Internal error' });
+        }
+    });
+    /**
+     * POST /api/auth/update-profile
+     */
+    router.post('/update-profile', session_auth_1.sessionAuth, async (req, res) => {
+        try {
+            const { name } = req.body;
+            if (!name || name.length < 2) {
+                res.status(400).json({ success: false, error: 'Name must be at least 2 characters' });
+                return;
+            }
+            const pool = (0, database_1.getPool)();
+            await pool.execute('UPDATE users SET name = ? WHERE id = ?', [name, req.userId]);
+            res.json({ success: true });
+        }
+        catch (err) {
+            logger_1.logger.error({ err }, 'update-profile error');
+            res.status(500).json({ success: false, error: 'Internal error' });
+        }
+    });
+    /**
+     * POST /api/auth/change-password
+     */
+    router.post('/change-password', session_auth_1.sessionAuth, async (req, res) => {
+        try {
+            const { currentPassword, newPassword } = req.body;
+            if (!currentPassword || !newPassword || newPassword.length < 8) {
+                res.status(400).json({ success: false, error: 'Invalid password' });
+                return;
+            }
+            const pool = (0, database_1.getPool)();
+            const [rows] = await pool.execute('SELECT password_hash FROM users WHERE id = ?', [req.userId]);
+            const user = rows[0];
+            if (!user || !(await bcryptjs_1.default.compare(currentPassword, user.password_hash))) {
+                res.status(401).json({ success: false, error: 'Current password is incorrect' });
+                return;
+            }
+            const hash = await bcryptjs_1.default.hash(newPassword, 10);
+            await pool.execute('UPDATE users SET password_hash = ? WHERE id = ?', [hash, req.userId]);
+            res.json({ success: true });
+        }
+        catch (err) {
+            logger_1.logger.error({ err }, 'change-password error');
+            res.status(500).json({ success: false, error: 'Internal error' });
+        }
+    });
+    /**
+     * POST /api/auth/delete-account
+     */
+    router.post('/delete-account', session_auth_1.sessionAuth, async (req, res) => {
+        try {
+            const { email } = req.body;
+            if (email !== req.user?.email) {
+                res.status(400).json({ success: false, error: 'Email confirmation does not match' });
+                return;
+            }
+            const pool = (0, database_1.getPool)();
+            await pool.execute('DELETE FROM users WHERE id = ?', [req.userId]);
+            res.clearCookie('token');
+            res.json({ success: true });
+        }
+        catch (err) {
+            logger_1.logger.error({ err }, 'delete-account error');
+            res.status(500).json({ success: false, error: 'Internal error' });
+        }
+    });
+    // ============================================================
+    // Google Sign-In (frontend-based, no server-to-Google network calls)
+    // ============================================================
+    /**
+     * Decode a Google ID token (JWT) without network access.
+     * We trust the token because it comes from Google's Sign-In SDK
+     * running in the user's browser with our client_id configured.
+     */
+    function decodeGoogleIdToken(idToken) {
+        const parts = idToken.split('.');
+        if (parts.length !== 3)
+            throw new Error('Invalid token');
+        const payload = JSON.parse(Buffer.from(parts[1], 'base64url').toString());
+        if (!['accounts.google.com', 'https://accounts.google.com'].includes(payload.iss)) {
+            throw new Error('Invalid issuer');
+        }
+        if (payload.aud !== GOOGLE_CLIENT_ID) {
+            throw new Error('Invalid audience');
+        }
+        if (payload.exp * 1000 < Date.now()) {
+            throw new Error('Token expired');
+        }
+        return payload;
+    }
+    /**
+     * POST /api/auth/google/token
+     * Receive a Google ID token from the frontend, verify it, create/login user.
+     */
+    router.post('/google/token', async (req, res) => {
+        try {
+            const { idToken } = req.body;
+            if (!idToken || typeof idToken !== 'string') {
+                res.status(400).json({ success: false, error: 'Missing idToken' });
+                return;
+            }
+            if (!GOOGLE_CLIENT_ID) {
+                res.status(500).json({ success: false, error: 'Google OAuth not configured' });
+                return;
+            }
+            let googleUser;
+            try {
+                googleUser = decodeGoogleIdToken(idToken);
+            }
+            catch (err) {
+                logger_1.logger.warn({ err: err.message }, 'Invalid Google ID token');
+                res.status(401).json({ success: false, error: 'Invalid Google token' });
+                return;
+            }
+            if (!googleUser.email) {
+                res.status(400).json({ success: false, error: 'No email in Google token' });
+                return;
+            }
+            const pool = (0, database_1.getPool)();
+            // Check if user exists
+            const [existing] = await pool.execute('SELECT * FROM users WHERE email = ?', [googleUser.email]);
+            let userId;
+            if (existing.length > 0) {
+                // Existing user — login
+                const user = existing[0];
+                if (user.status !== 'active') {
+                    res.status(403).json({ success: false, error: 'Account suspended' });
+                    return;
+                }
+                userId = user.id;
+            }
+            else {
+                // New user — register
+                const randomPassword = crypto_1.default.randomBytes(32).toString('hex');
+                const hash = await bcryptjs_1.default.hash(randomPassword, 10);
+                const name = googleUser.name || googleUser.email.split('@')[0];
+                const [result] = await pool.execute('INSERT INTO users (email, password_hash, name, verified, status) VALUES (?, ?, ?, 1, ?) RETURNING id', [googleUser.email, hash, name, 'active']);
+                userId = result[0].id;
+                // Assign free plan
+                const [plans] = await pool.execute('SELECT id FROM plans WHERE name = ?', ['free']);
+                const planId = plans[0]?.id;
+                if (planId) {
+                    await pool.execute("INSERT INTO subscriptions (user_id, plan_id, period_end) VALUES (?, ?, NOW() + INTERVAL '100 years')", [userId, planId]);
+                }
+                // Welcome email (async)
+                (0, mailer_1.sendWelcomeEmail)(googleUser.email, name).catch(() => { });
+            }
+            // Issue JWT
+            const token = jsonwebtoken_1.default.sign({ id: userId }, jwtSecret, { expiresIn: '7d' });
+            res.cookie('token', token, { httpOnly: true, maxAge: 7 * 24 * 3600_000, sameSite: 'lax' });
+            res.json({ success: true, user: { id: userId, email: googleUser.email, name: googleUser.name } });
+        }
+        catch (err) {
+            logger_1.logger.error({ err }, 'Google token login error');
+            res.status(500).json({ success: false, error: 'Internal error' });
+        }
+    });
+    return router;
+}
+//# sourceMappingURL=auth.js.map

package/dist/routes/auth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/routes/auth.ts"],"names":[],"mappings":";;;;;AAYA,4CAoWC;AAhXD,qCAAiC;AAEjC,wDAA8B;AAC9B,gEAA+B;AAC/B,oDAA4B;AAC5B,mDAA+C;AAC/C,6DAAyD;AACzD,+CAA6E;AAC7E,4CAAyC;AAEzC,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,gBAAgB,IAAI,0EAA0E,CAAC;AAEpI,SAAgB,gBAAgB,CAAC,SAAiB;IAChD,MAAM,MAAM,GAAG,IAAA,gBAAM,GAAE,CAAC;IAExB,2EAA2E;IAC3E,MAAM,OAAO,GAAG,IAAI,GAAG,EAMnB,CAAC;IAEL,sCAAsC;IACtC,WAAW,CAAC,GAAG,EAAE;QACf,MAAM,GAAG,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;QACvB,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,OAAO,EAAE,CAAC;YACjC,IAAI,GAAG,CAAC,SAAS,GAAG,GAAG;gBAAE,OAAO,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC;QAC/C,CAAC;IACH,CAAC,EAAE,CAAC,GAAG,MAAM,CAAC,CAAC;IAEf;;;OAGG;IACH,MAAM,CAAC,IAAI,CAAC,YAAY,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;QAC9D,IAAI,CAAC;YACH,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;YAE3C,IAAI,CAAC,KAAK,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC;gBACjC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC;gBAC3E,OAAO;YACT,CAAC;YACD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACxB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,wCAAwC,EAAE,CAAC,CAAC;gBAC1F,OAAO;YACT,CAAC;YAED,MAAM,IAAI,GAAG,IAAA,kBAAO,GAAE,CAAC;YACvB,MAAM,CAAC,QAAQ,CAAC,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,sCAAsC,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;YACvF,IAAK,QAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACnC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC,CAAC;gBAC5E,OAAO;YACT,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC;YACjE,MAAM,YAAY,GAAG,MAAM,kBAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,EAAE,CAAC,CAAC;YAErD,OAAO,CAAC,GAAG,CAAC,KAAK,EAAE;gBACjB,KAAK;gBACL,YAAY;gBACZ,IAAI;gBACJ,IAAI;gBACJ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE,GAAG,EAAE,GAAG,MAAM,EAAE,SAAS;aAC/C,CAAC,CAAC;YAEH,MAAM,IAAA,8BAAqB,EAAC,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,CAAC;YAE/C,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,wBAAwB,EAAE,CAAC,CAAC;QACjE,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,iBAAiB,CAAC,CAAC;YACzC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;QACpE,CAAC;IACH,CAAC,CAAC,CAAC;IAEH;;;OAGG;IACH,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;QAC7D,IAAI,CAAC;YACH,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;YAEjC,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC;YACjC,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,KAAK,IAAI,IAAI,KAAK,CAAC,SAAS,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;gBAClE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,sCAAsC,EAAE,CAAC,CAAC;gBACxF,OAAO;YACT,CAAC;YAED,MAAM,IAAI,GAAG,IAAA,kBAAO,GAAE,CAAC;YAEvB,cAAc;YACd,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,OAAO,CACjC,yFAAyF,EACzF,CAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,YAAY,EAAE,KAAK,CAAC,IAAI,EAAE,QAAQ,CAAC,CACxD,CAAC;YACF,MAAM,MAAM,GAAI,MAAc,CAAC,QAAQ,CAAC;YAExC,mBAAmB;YACnB,MAAM,CAAC,KAAK,CAAC,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,qCAAqC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;YACpF,MAAM,MAAM,GAAI,KAAe,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;YACvC,IAAI,MAAM,EAAE,CAAC;gBACX,MAAM,IAAI,CAAC,OAAO,CAChB,sGAAsG,EACtG,CAAC,MAAM,EAAE,MAAM,CAAC,CACjB,CAAC;YACJ,CAAC;YAED,OAAO,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;YAEtB,YAAY;YACZ,MAAM,KAAK,GAAG,sBAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACvE,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,GAAG,EAAE,GAAG,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;YAE3F,0CAA0C;YAC1C,IAAA,yBAAgB,EAAC,KAAK,CAAC,KAAK,EAAE,KAAK,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YAE1D,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,KAAK,CAAC,KAAK,EAAE,IAAI,EAAE,KAAK,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAC1F,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,gBAAgB,CAAC,CAAC;YACxC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;QACpE,CAAC;IACH,CAAC,CAAC,CAAC;IAEH;;OAEG;IACH,MAAM,CAAC,IAAI,CAAC,QAAQ,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;QAC1D,IAAI,CAAC;YACH,MAAM,EAAE,KAAK,EAAE,QAAQ,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;YACrC,IAAI,CAAC,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC;gBACxB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,6BAA6B,EAAE,CAAC,CAAC;gBAC/E,OAAO;YACT,CAAC;YAED,MAAM,IAAI,GAAG,IAAA,kBAAO,GAAE,CAAC;YACvB,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,qCAAqC,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC;YAClF,MAAM,IAAI,GAAI,IAAc,CAAC,CAAC,CAAC,CAAC;YAEhC,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,MAAM,kBAAM,CAAC,OAAO,CAAC,QAAQ,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC;gBACnE,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,2BAA2B,EAAE,CAAC,CAAC;gBAC7E,OAAO;YACT,CAAC;YACD,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;gBAC7B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,CAAC;gBACrE,OAAO;YACT,CAAC;YAED,MAAM,KAAK,GAAG,sBAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACxE,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,GAAG,EAAE,GAAG,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;YAE3F,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,IAAI,CAAC,EAAE,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QACzF,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,aAAa,CAAC,CAAC;YACrC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;QACpE,CAAC;IACH,CAAC,CAAC,CAAC;IAEH;;OAEG;IACH,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,CAAC,IAAa,EAAE,GAAa,EAAE,EAAE;QACtD,GAAG,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;QACzB,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9B,CAAC,CAAC,CAAC;IAEH;;OAEG;IACH,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,0BAAW,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;QACnE,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,IAAA,kBAAO,GAAE,CAAC;YACvB,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;;;;OAIjC,EAAE,CAAC,GAAG,CAAC,MAAO,CAAC,CAAC,CAAC;YAElB,GAAG,CAAC,IAAI,CAAC;gBACP,OAAO,EAAE,IAAI;gBACb,IAAI,EAAE,GAAG,CAAC,IAAI;gBACd,YAAY,EAAG,IAAc,CAAC,CAAC,CAAC,IAAI,IAAI;aACzC,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,UAAU,CAAC,CAAC;YAClC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;QACpE,CAAC;IACH,CAAC,CAAC,CAAC;IAEH;;OAEG;IACH,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,0BAAW,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;QAChF,IAAI,CAAC;YACH,MAAM,EAAE,IAAI,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;YAC1B,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC7B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,oCAAoC,EAAE,CAAC,CAAC;gBACtF,OAAO;YACT,CAAC;YACD,MAAM,IAAI,GAAG,IAAA,kBAAO,GAAE,CAAC;YACvB,MAAM,IAAI,CAAC,OAAO,CAAC,wCAAwC,EAAE,CAAC,IAAI,EAAE,GAAG,CAAC,MAAO,CAAC,CAAC,CAAC;YAClF,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,sBAAsB,CAAC,CAAC;YAC9C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;QACpE,CAAC;IACH,CAAC,CAAC,CAAC;IAEH;;OAEG;IACH,MAAM,CAAC,IAAI,CAAC,kBAAkB,EAAE,0BAAW,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;QACjF,IAAI,CAAC;YACH,MAAM,EAAE,eAAe,EAAE,WAAW,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;YAClD,IAAI,CAAC,eAAe,IAAI,CAAC,WAAW,IAAI,WAAW,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBAC/D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,kBAAkB,EAAE,CAAC,CAAC;gBACpE,OAAO;YACT,CAAC;YAED,MAAM,IAAI,GAAG,IAAA,kBAAO,GAAE,CAAC;YACvB,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,8CAA8C,EAAE,CAAC,GAAG,CAAC,MAAO,CAAC,CAAC,CAAC;YACjG,MAAM,IAAI,GAAI,IAAc,CAAC,CAAC,CAAC,CAAC;YAEhC,IAAI,CAAC,IAAI,IAAI,CAAC,CAAC,MAAM,kBAAM,CAAC,OAAO,CAAC,eAAe,EAAE,IAAI,CAAC,aAAa,CAAC,CAAC,EAAE,CAAC;gBAC1E,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,+BAA+B,EAAE,CAAC,CAAC;gBACjF,OAAO;YACT,CAAC;YAED,MAAM,IAAI,GAAG,MAAM,kBAAM,CAAC,IAAI,CAAC,WAAW,EAAE,EAAE,CAAC,CAAC;YAChD,MAAM,IAAI,CAAC,OAAO,CAAC,iDAAiD,EAAE,CAAC,IAAI,EAAE,GAAG,CAAC,MAAO,CAAC,CAAC,CAAC;YAE3F,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,uBAAuB,CAAC,CAAC;YAC/C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;QACpE,CAAC;IACH,CAAC,CAAC,CAAC;IAEH;;OAEG;IACH,MAAM,CAAC,IAAI,CAAC,iBAAiB,EAAE,0BAAW,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;QAChF,IAAI,CAAC;YACH,MAAM,EAAE,KAAK,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;YAC3B,IAAI,KAAK,KAAK,GAAG,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC;gBAC9B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,mCAAmC,EAAE,CAAC,CAAC;gBACrF,OAAO;YACT,CAAC;YAED,MAAM,IAAI,GAAG,IAAA,kBAAO,GAAE,CAAC;YACvB,MAAM,IAAI,CAAC,OAAO,CAAC,gCAAgC,EAAE,CAAC,GAAG,CAAC,MAAO,CAAC,CAAC,CAAC;YACpE,GAAG,CAAC,WAAW,CAAC,OAAO,CAAC,CAAC;YACzB,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;QAC9B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,sBAAsB,CAAC,CAAC;YAC9C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;QACpE,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,+DAA+D;IAC/D,qEAAqE;IACrE,+DAA+D;IAE/D;;;;OAIG;IACH,SAAS,mBAAmB,CAAC,OAAe;QAC1C,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACjC,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC;QACzD,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,EAAE,WAAW,CAAC,CAAC,QAAQ,EAAE,CAAC,CAAC;QAC1E,IAAI,CAAC,CAAC,qBAAqB,EAAE,6BAA6B,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YAClF,MAAM,IAAI,KAAK,CAAC,gBAAgB,CAAC,CAAC;QACpC,CAAC;QACD,IAAI,OAAO,CAAC,GAAG,KAAK,gBAAgB,EAAE,CAAC;YACrC,MAAM,IAAI,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACtC,CAAC;QACD,IAAI,OAAO,CAAC,GAAG,GAAG,IAAI,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;YACpC,MAAM,IAAI,KAAK,CAAC,eAAe,CAAC,CAAC;QACnC,CAAC;QACD,OAAO,OAA0E,CAAC;IACpF,CAAC;IAED;;;OAGG;IACH,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;QACjE,IAAI,CAAC;YACH,MAAM,EAAE,OAAO,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;YAC7B,IAAI,CAAC,OAAO,IAAI,OAAO,OAAO,KAAK,QAAQ,EAAE,CAAC;gBAC5C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,iBAAiB,EAAE,CAAC,CAAC;gBACnE,OAAO;YACT,CAAC;YAED,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBACtB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,6BAA6B,EAAE,CAAC,CAAC;gBAC/E,OAAO;YACT,CAAC;YAED,IAAI,UAA2E,CAAC;YAChF,IAAI,CAAC;gBACH,UAAU,GAAG,mBAAmB,CAAC,OAAO,CAAC,CAAC;YAC5C,CAAC;YAAC,OAAO,GAAQ,EAAE,CAAC;gBAClB,eAAM,CAAC,IAAI,CAAC,EAAE,GAAG,EAAE,GAAG,CAAC,OAAO,EAAE,EAAE,yBAAyB,CAAC,CAAC;gBAC7D,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,sBAAsB,EAAE,CAAC,CAAC;gBACxE,OAAO;YACT,CAAC;YAED,IAAI,CAAC,UAAU,CAAC,KAAK,EAAE,CAAC;gBACtB,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC,CAAC;gBAC5E,OAAO;YACT,CAAC;YAED,MAAM,IAAI,GAAG,IAAA,kBAAO,GAAE,CAAC;YAEvB,uBAAuB;YACvB,MAAM,CAAC,QAAQ,CAAC,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,qCAAqC,EAAE,CAAC,UAAU,CAAC,KAAK,CAAC,CAAC,CAAC;YACjG,IAAI,MAAc,CAAC;YAEnB,IAAK,QAAkB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;gBACnC,wBAAwB;gBACxB,MAAM,IAAI,GAAI,QAAkB,CAAC,CAAC,CAAC,CAAC;gBACpC,IAAI,IAAI,CAAC,MAAM,KAAK,QAAQ,EAAE,CAAC;oBAC7B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,CAAC;oBACrE,OAAO;gBACT,CAAC;gBACD,MAAM,GAAG,IAAI,CAAC,EAAE,CAAC;YACnB,CAAC;iBAAM,CAAC;gBACN,sBAAsB;gBACtB,MAAM,cAAc,GAAG,gBAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;gBAC9D,MAAM,IAAI,GAAG,MAAM,kBAAM,CAAC,IAAI,CAAC,cAAc,EAAE,EAAE,CAAC,CAAC;gBACnD,MAAM,IAAI,GAAG,UAAU,CAAC,IAAI,IAAI,UAAU,CAAC,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,CAAC;gBAE/D,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,OAAO,CACjC,sGAAsG,EACtG,CAAC,UAAU,CAAC,KAAK,EAAE,IAAI,EAAE,IAAI,EAAE,QAAQ,CAAC,CACzC,CAAC;gBACF,MAAM,GAAI,MAAgB,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBAEjC,mBAAmB;gBACnB,MAAM,CAAC,KAAK,CAAC,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC,qCAAqC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;gBACpF,MAAM,MAAM,GAAI,KAAe,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC;gBACvC,IAAI,MAAM,EAAE,CAAC;oBACX,MAAM,IAAI,CAAC,OAAO,CAChB,sGAAsG,EACtG,CAAC,MAAM,EAAE,MAAM,CAAC,CACjB,CAAC;gBACJ,CAAC;gBAED,wBAAwB;gBACxB,IAAA,yBAAgB,EAAC,UAAU,CAAC,KAAK,EAAE,IAAI,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAC;YAC3D,CAAC;YAED,YAAY;YACZ,MAAM,KAAK,GAAG,sBAAG,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,EAAE,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;YACvE,GAAG,CAAC,MAAM,CAAC,OAAO,EAAE,KAAK,EAAE,EAAE,QAAQ,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC,GAAG,EAAE,GAAG,QAAQ,EAAE,QAAQ,EAAE,KAAK,EAAE,CAAC,CAAC;YAC3F,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,CAAC,KAAK,EAAE,IAAI,EAAE,UAAU,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAEpG,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,0BAA0B,CAAC,CAAC;YAClD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;QACpE,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,MAAM,CAAC;AAChB,CAAC"}

package/dist/routes/blog.d.ts

@@ -0,0 +1 @@
+export declare const blogRouter: import("express-serve-static-core").Router;

package/dist/routes/blog.js

@@ -0,0 +1,29 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.blogRouter = void 0;
+const express_1 = require("express");
+const posts_1 = require("../data/posts");
+exports.blogRouter = (0, express_1.Router)();
+exports.blogRouter.get('/blog', (req, res) => {
+    const posts = (0, posts_1.getRecentPosts)(20);
+    const categories = (0, posts_1.getAllCategories)();
+    res.render('pages/blog', {
+        viewUser: req.user || null,
+        posts,
+        categories,
+    });
+});
+exports.blogRouter.get('/blog/:slug', (req, res) => {
+    const post = (0, posts_1.getPostBySlug)(req.params.slug);
+    if (!post) {
+        res.status(404).render('pages/404', { viewUser: req.user || null });
+        return;
+    }
+    const recentPosts = (0, posts_1.getRecentPosts)(5).filter(p => p.slug !== post.slug).slice(0, 3);
+    res.render('pages/blog-post', {
+        viewUser: req.user || null,
+        post,
+        recentPosts,
+    });
+});
+//# sourceMappingURL=blog.js.map

package/dist/routes/blog.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"blog.js","sourceRoot":"","sources":["../../src/routes/blog.ts"],"names":[],"mappings":";;;AAAA,qCAAiC;AACjC,yCAAgF;AAEnE,QAAA,UAAU,GAAG,IAAA,gBAAM,GAAE,CAAC;AAEnC,kBAAU,CAAC,GAAG,CAAC,OAAO,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IACnC,MAAM,KAAK,GAAG,IAAA,sBAAc,EAAC,EAAE,CAAC,CAAC;IACjC,MAAM,UAAU,GAAG,IAAA,wBAAgB,GAAE,CAAC;IACtC,GAAG,CAAC,MAAM,CAAC,YAAY,EAAE;QACvB,QAAQ,EAAE,GAAG,CAAC,IAAI,IAAI,IAAI;QAC1B,KAAK;QACL,UAAU;KACX,CAAC,CAAC;AACL,CAAC,CAAC,CAAC;AAEH,kBAAU,CAAC,GAAG,CAAC,aAAa,EAAE,CAAC,GAAG,EAAE,GAAG,EAAE,EAAE;IACzC,MAAM,IAAI,GAAG,IAAA,qBAAa,EAAC,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;IAC5C,IAAI,CAAC,IAAI,EAAE,CAAC;QACV,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,WAAW,EAAE,EAAE,QAAQ,EAAE,GAAG,CAAC,IAAI,IAAI,IAAI,EAAE,CAAC,CAAC;QACpE,OAAO;IACT,CAAC;IACD,MAAM,WAAW,GAAG,IAAA,sBAAc,EAAC,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,KAAK,IAAI,CAAC,IAAI,CAAC,CAAC,KAAK,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;IACpF,GAAG,CAAC,MAAM,CAAC,iBAAiB,EAAE;QAC5B,QAAQ,EAAE,GAAG,CAAC,IAAI,IAAI,IAAI;QAC1B,IAAI;QACJ,WAAW;KACZ,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/routes/dashboard.d.ts

@@ -0,0 +1 @@
+export declare const dashboardRouter: import("express-serve-static-core").Router;

package/dist/routes/dashboard.js

@@ -0,0 +1,184 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.dashboardRouter = void 0;
+const express_1 = require("express");
+const crypto_1 = __importDefault(require("crypto"));
+const database_1 = require("../services/database");
+const session_auth_1 = require("../middleware/session-auth");
+const logger_1 = require("../utils/logger");
+exports.dashboardRouter = (0, express_1.Router)();
+// All routes require session auth
+exports.dashboardRouter.use(session_auth_1.sessionAuth);
+/**
+ * GET /api/dashboard/stats
+ * User's usage statistics.
+ */
+exports.dashboardRouter.get('/stats', async (req, res) => {
+    try {
+        const pool = (0, database_1.getPool)();
+        const userId = req.userId;
+        // Subscription info
+        const [subs] = await pool.execute(`
+      SELECT s.*, p.name as plan_name, p.display_name, p.token_limit_monthly, p.rate_limit_rpm, p.max_api_keys, p.price_monthly
+      FROM subscriptions s JOIN plans p ON s.plan_id = p.id
+      WHERE s.user_id = ? ORDER BY s.period_start DESC LIMIT 1
+    `, [userId]);
+        const sub = subs[0];
+        // Token breakdown
+        const [tokens] = await pool.execute(`
+      SELECT
+        COALESCE(SUM(input_tokens), 0) as total_input,
+        COALESCE(SUM(output_tokens), 0) as total_output,
+        COALESCE(SUM(thinking_tokens), 0) as total_thinking,
+        COALESCE(SUM(provider_cost), 0) as total_cost,
+        COUNT(*) as total_requests,
+        COALESCE(AVG(ttft_ms), 0) as avg_ttft,
+        COALESCE(AVG(tokens_per_sec), 0) as avg_tps,
+        COALESCE(AVG(duration_ms), 0) as avg_duration
+      FROM usage_logs WHERE user_id = ?
+    `, [userId]);
+        // Today's requests
+        const [today] = await pool.execute(`
+      SELECT COUNT(*) as cnt, COALESCE(SUM(input_tokens + output_tokens), 0) as tokens
+      FROM usage_logs WHERE user_id = ? AND DATE(created_at) = CURRENT_DATE
+    `, [userId]);
+        // API key count
+        const [keys] = await pool.execute('SELECT COUNT(*) as cnt FROM api_keys WHERE user_id = ? AND status = ?', [userId, 'active']);
+        const tokenData = tokens[0];
+        const totalUsed = tokenData.total_input + tokenData.total_output;
+        const limit = sub?.token_limit_monthly || 0;
+        res.json({
+            success: true,
+            subscription: sub,
+            usage: {
+                totalInput: tokenData.total_input,
+                totalOutput: tokenData.total_output,
+                totalThinking: tokenData.total_thinking,
+                totalCost: parseFloat(tokenData.total_cost),
+                totalRequests: tokenData.total_requests,
+                avgTtft: Math.round(tokenData.avg_ttft),
+                avgTps: Math.round(tokenData.avg_tps * 100) / 100,
+                avgDuration: Math.round(tokenData.avg_duration),
+                totalUsed,
+                percentUsed: limit > 0 ? Math.round((totalUsed / limit) * 10000) / 100 : 0,
+            },
+            today: today[0],
+            apiKeyCount: keys[0].cnt,
+        });
+    }
+    catch (err) {
+        logger_1.logger.error({ err }, 'dashboard stats error');
+        res.status(500).json({ success: false, error: 'Internal error' });
+    }
+});
+/**
+ * GET /api/dashboard/usage
+ * Last 30 days daily usage.
+ */
+exports.dashboardRouter.get('/usage', async (req, res) => {
+    try {
+        const pool = (0, database_1.getPool)();
+        const [rows] = await pool.execute(`
+      SELECT
+        DATE(created_at) as date,
+        COALESCE(SUM(input_tokens), 0) as input_tokens,
+        COALESCE(SUM(output_tokens), 0) as output_tokens,
+        COUNT(*) as requests
+      FROM usage_logs
+      WHERE user_id = ? AND created_at >= CURRENT_DATE - INTERVAL '30 days'
+      GROUP BY DATE(created_at)
+      ORDER BY date
+    `, [req.userId]);
+        res.json({ success: true, daily: rows });
+    }
+    catch (err) {
+        logger_1.logger.error({ err }, 'dashboard usage error');
+        res.status(500).json({ success: false, error: 'Internal error' });
+    }
+});
+/**
+ * GET /api/dashboard/api-keys
+ * List user's active API keys.
+ */
+exports.dashboardRouter.get('/api-keys', async (req, res) => {
+    try {
+        const pool = (0, database_1.getPool)();
+        const [rows] = await pool.execute('SELECT id, key_prefix, name, status, last_used_at, created_at FROM api_keys WHERE user_id = ? AND status = ? ORDER BY created_at DESC', [req.userId, 'active']);
+        res.json({ success: true, keys: rows });
+    }
+    catch (err) {
+        logger_1.logger.error({ err }, 'list keys error');
+        res.status(500).json({ success: false, error: 'Internal error' });
+    }
+});
+/**
+ * POST /api/dashboard/api-keys
+ * Create a new API key.
+ */
+exports.dashboardRouter.post('/api-keys', async (req, res) => {
+    try {
+        const pool = (0, database_1.getPool)();
+        const { name = 'Default' } = req.body;
+        // Check plan limit
+        const [subs] = await pool.execute(`
+      SELECT p.max_api_keys FROM subscriptions s JOIN plans p ON s.plan_id = p.id
+      WHERE s.user_id = ? ORDER BY s.period_start DESC LIMIT 1
+    `, [req.userId]);
+        const maxKeys = subs[0]?.max_api_keys || 1;
+        const [existing] = await pool.execute('SELECT COUNT(*) as cnt FROM api_keys WHERE user_id = ? AND status = ?', [req.userId, 'active']);
+        if (existing[0].cnt >= maxKeys) {
+            res.status(400).json({ success: false, error: `Maximum ${maxKeys} API keys allowed on your plan` });
+            return;
+        }
+        // Generate key: sk-relay-<48 hex chars>
+        const rawKey = `sk-relay-${crypto_1.default.randomBytes(24).toString('hex')}`;
+        const keyPrefix = rawKey.substring(0, 12);
+        const keyHash = crypto_1.default.createHash('sha256').update(rawKey).digest('hex');
+        await pool.execute('INSERT INTO api_keys (user_id, key_prefix, key_hash, name) VALUES (?, ?, ?, ?)', [req.userId, keyPrefix, keyHash, name]);
+        // Return full key ONCE (never stored in plain text)
+        res.json({ success: true, key: rawKey, prefix: keyPrefix });
+    }
+    catch (err) {
+        logger_1.logger.error({ err }, 'create key error');
+        res.status(500).json({ success: false, error: 'Internal error' });
+    }
+});
+/**
+ * DELETE /api/dashboard/api-keys/:id
+ * Revoke an API key.
+ */
+exports.dashboardRouter.delete('/api-keys/:id', async (req, res) => {
+    try {
+        const pool = (0, database_1.getPool)();
+        await pool.execute('UPDATE api_keys SET status = ? WHERE id = ? AND user_id = ?', ['revoked', req.params.id, req.userId]);
+        res.json({ success: true });
+    }
+    catch (err) {
+        logger_1.logger.error({ err }, 'revoke key error');
+        res.status(500).json({ success: false, error: 'Internal error' });
+    }
+});
+/**
+ * GET /api/dashboard/recent
+ * Recent API requests (last 10).
+ */
+exports.dashboardRouter.get('/recent', async (req, res) => {
+    try {
+        const pool = (0, database_1.getPool)();
+        const [rows] = await pool.execute(`
+      SELECT model, provider_name, input_tokens, output_tokens, thinking_tokens,
+             ttft_ms, tokens_per_sec, duration_ms, status, created_at
+      FROM usage_logs WHERE user_id = ?
+      ORDER BY created_at DESC LIMIT 10
+    `, [req.userId]);
+        res.json({ success: true, recent: rows });
+    }
+    catch (err) {
+        logger_1.logger.error({ err }, 'recent error');
+        res.status(500).json({ success: false, error: 'Internal error' });
+    }
+});
+//# sourceMappingURL=dashboard.js.map

package/dist/routes/dashboard.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"dashboard.js","sourceRoot":"","sources":["../../src/routes/dashboard.ts"],"names":[],"mappings":";;;;;;AAAA,qCAAiC;AAEjC,oDAA4B;AAE5B,mDAA+C;AAC/C,6DAAyD;AACzD,4CAAyC;AAE5B,QAAA,eAAe,GAAG,IAAA,gBAAM,GAAE,CAAC;AAExC,kCAAkC;AAClC,uBAAe,CAAC,GAAG,CAAC,0BAAW,CAAC,CAAC;AAEjC;;;GAGG;AACH,uBAAe,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IAClE,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAA,kBAAO,GAAE,CAAC;QACvB,MAAM,MAAM,GAAG,GAAG,CAAC,MAAO,CAAC;QAE3B,oBAAoB;QACpB,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;;;;KAIjC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;QACb,MAAM,GAAG,GAAI,IAAc,CAAC,CAAC,CAAC,CAAC;QAE/B,kBAAkB;QAClB,MAAM,CAAC,MAAM,CAAC,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;;;;;;;;;;;KAWnC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;QAEb,mBAAmB;QACnB,MAAM,CAAC,KAAK,CAAC,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;;;KAGlC,EAAE,CAAC,MAAM,CAAC,CAAC,CAAC;QAEb,gBAAgB;QAChB,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,IAAI,CAAC,OAAO,CAC/B,uEAAuE,EACvE,CAAC,MAAM,EAAE,QAAQ,CAAC,CACnB,CAAC;QAEF,MAAM,SAAS,GAAI,MAAgB,CAAC,CAAC,CAAC,CAAC;QACvC,MAAM,SAAS,GAAG,SAAS,CAAC,WAAW,GAAG,SAAS,CAAC,YAAY,CAAC;QACjE,MAAM,KAAK,GAAG,GAAG,EAAE,mBAAmB,IAAI,CAAC,CAAC;QAE5C,GAAG,CAAC,IAAI,CAAC;YACP,OAAO,EAAE,IAAI;YACb,YAAY,EAAE,GAAG;YACjB,KAAK,EAAE;gBACL,UAAU,EAAE,SAAS,CAAC,WAAW;gBACjC,WAAW,EAAE,SAAS,CAAC,YAAY;gBACnC,aAAa,EAAE,SAAS,CAAC,cAAc;gBACvC,SAAS,EAAE,UAAU,CAAC,SAAS,CAAC,UAAU,CAAC;gBAC3C,aAAa,EAAE,SAAS,CAAC,cAAc;gBACvC,OAAO,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,QAAQ,CAAC;gBACvC,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,OAAO,GAAG,GAAG,CAAC,GAAG,GAAG;gBACjD,WAAW,EAAE,IAAI,CAAC,KAAK,CAAC,SAAS,CAAC,YAAY,CAAC;gBAC/C,SAAS;gBACT,WAAW,EAAE,KAAK,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC,SAAS,GAAG,KAAK,CAAC,GAAG,KAAK,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;aAC3E;YACD,KAAK,EAAG,KAAe,CAAC,CAAC,CAAC;YAC1B,WAAW,EAAG,IAAc,CAAC,CAAC,CAAC,CAAC,GAAG;SACpC,CAAC,CAAC;IACL,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,uBAAuB,CAAC,CAAC;QAC/C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;IACpE,CAAC;AACH,CAAC,CAAC,CAAC;AAEH;;;GAGG;AACH,uBAAe,CAAC,GAAG,CAAC,QAAQ,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IAClE,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAA,kBAAO,GAAE,CAAC;QACvB,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;;;;;;;;;;KAUjC,EAAE,CAAC,GAAG,CAAC,MAAO,CAAC,CAAC,CAAC;QAElB,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,IAAI,EAAE,CAAC,CAAC;IAC3C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,uBAAuB,CAAC,CAAC;QAC/C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;IACpE,CAAC;AACH,CAAC,CAAC,CAAC;AAEH;;;GAGG;AACH,uBAAe,CAAC,GAAG,CAAC,WAAW,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IACrE,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAA,kBAAO,GAAE,CAAC;QACvB,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,IAAI,CAAC,OAAO,CAC/B,uIAAuI,EACvI,CAAC,GAAG,CAAC,MAAO,EAAE,QAAQ,CAAC,CACxB,CAAC;QACF,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,iBAAiB,CAAC,CAAC;QACzC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;IACpE,CAAC;AACH,CAAC,CAAC,CAAC;AAEH;;;GAGG;AACH,uBAAe,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IACtE,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAA,kBAAO,GAAE,CAAC;QACvB,MAAM,EAAE,IAAI,GAAG,SAAS,EAAE,GAAG,GAAG,CAAC,IAAI,CAAC;QAEtC,mBAAmB;QACnB,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;;;KAGjC,EAAE,CAAC,GAAG,CAAC,MAAO,CAAC,CAAC,CAAC;QAClB,MAAM,OAAO,GAAI,IAAc,CAAC,CAAC,CAAC,EAAE,YAAY,IAAI,CAAC,CAAC;QAEtD,MAAM,CAAC,QAAQ,CAAC,GAAG,MAAM,IAAI,CAAC,OAAO,CACnC,uEAAuE,EACvE,CAAC,GAAG,CAAC,MAAO,EAAE,QAAQ,CAAC,CACxB,CAAC;QACF,IAAK,QAAkB,CAAC,CAAC,CAAC,CAAC,GAAG,IAAI,OAAO,EAAE,CAAC;YAC1C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,WAAW,OAAO,gCAAgC,EAAE,CAAC,CAAC;YACpG,OAAO;QACT,CAAC;QAED,wCAAwC;QACxC,MAAM,MAAM,GAAG,YAAY,gBAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACpE,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;QAC1C,MAAM,OAAO,GAAG,gBAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAEzE,MAAM,IAAI,CAAC,OAAO,CAChB,gFAAgF,EAChF,CAAC,GAAG,CAAC,MAAO,EAAE,SAAS,EAAE,OAAO,EAAE,IAAI,CAAC,CACxC,CAAC;QAEF,oDAAoD;QACpD,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,GAAG,EAAE,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,CAAC,CAAC;IAC9D,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,kBAAkB,CAAC,CAAC;QAC1C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;IACpE,CAAC;AACH,CAAC,CAAC,CAAC;AAEH;;;GAGG;AACH,uBAAe,CAAC,MAAM,CAAC,eAAe,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IAC5E,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAA,kBAAO,GAAE,CAAC;QACvB,MAAM,IAAI,CAAC,OAAO,CAChB,6DAA6D,EAC7D,CAAC,SAAS,EAAE,GAAG,CAAC,MAAM,CAAC,EAAE,EAAE,GAAG,CAAC,MAAO,CAAC,CACxC,CAAC;QACF,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IAC9B,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,kBAAkB,CAAC,CAAC;QAC1C,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;IACpE,CAAC;AACH,CAAC,CAAC,CAAC;AAEH;;;GAGG;AACH,uBAAe,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,EAAE;IACnE,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,IAAA,kBAAO,GAAE,CAAC;QACvB,MAAM,CAAC,IAAI,CAAC,GAAG,MAAM,IAAI,CAAC,OAAO,CAAC;;;;;KAKjC,EAAE,CAAC,GAAG,CAAC,MAAO,CAAC,CAAC,CAAC;QAClB,GAAG,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC;IAC5C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,eAAM,CAAC,KAAK,CAAC,EAAE,GAAG,EAAE,EAAE,cAAc,CAAC,CAAC;QACtC,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,gBAAgB,EAAE,CAAC,CAAC;IACpE,CAAC;AACH,CAAC,CAAC,CAAC"}

package/dist/routes/messages.d.ts

@@ -0,0 +1 @@
+export declare const messagesRouter: import("express-serve-static-core").Router;