mcp-twin 1.2.0 → 1.3.0

package/src/cloud/routes/auth.ts

@@ -0,0 +1,355 @@
+/**
+ * Auth Routes
+ * MCP Twin Cloud
+ */
+
+import { Router, Request, Response } from 'express';
+import { query, queryOne } from '../db';
+import {
+  hashPassword,
+  verifyPassword,
+  generateSessionToken,
+  generateApiKey,
+  authenticateApiKey,
+  User,
+  ApiKey,
+} from '../auth';
+
+const router = Router();
+
+/**
+ * POST /api/auth/signup
+ * Create a new account
+ */
+router.post('/signup', async (req: Request, res: Response) => {
+  try {
+    const { email, password } = req.body;
+
+    // Validate input
+    if (!email || !password) {
+      res.status(400).json({
+        error: {
+          code: 'VALIDATION_ERROR',
+          message: 'Email and password are required',
+        },
+      });
+      return;
+    }
+
+    if (password.length < 8) {
+      res.status(400).json({
+        error: {
+          code: 'VALIDATION_ERROR',
+          message: 'Password must be at least 8 characters',
+        },
+      });
+      return;
+    }
+
+    // Check if user exists
+    const existing = await queryOne<User>(
+      'SELECT id FROM users WHERE email = $1',
+      [email.toLowerCase()]
+    );
+
+    if (existing) {
+      res.status(409).json({
+        error: {
+          code: 'USER_EXISTS',
+          message: 'An account with this email already exists',
+        },
+      });
+      return;
+    }
+
+    // Create user
+    const passwordHash = await hashPassword(password);
+    const users = await query<User>(
+      `INSERT INTO users (email, password_hash)
+       VALUES ($1, $2)
+       RETURNING id, email, tier, created_at`,
+      [email.toLowerCase(), passwordHash]
+    );
+
+    const user = users[0];
+
+    // Generate initial API key
+    const { key, hash, prefix } = await generateApiKey();
+    await query(
+      `INSERT INTO api_keys (user_id, key_hash, key_prefix, name)
+       VALUES ($1, $2, $3, $4)`,
+      [user.id, hash, prefix, 'Default API Key']
+    );
+
+    // Generate session token
+    const sessionToken = generateSessionToken({
+      id: user.id,
+      email: user.email,
+      tier: user.tier,
+    });
+
+    res.status(201).json({
+      message: 'Account created successfully',
+      user: {
+        id: user.id,
+        email: user.email,
+        tier: user.tier,
+      },
+      apiKey: key,
+      sessionToken,
+    });
+  } catch (error: any) {
+    console.error('[Auth] Signup error:', error);
+    res.status(500).json({
+      error: {
+        code: 'INTERNAL_ERROR',
+        message: 'Failed to create account',
+      },
+    });
+  }
+});
+
+/**
+ * POST /api/auth/login
+ * Login and get session token
+ */
+router.post('/login', async (req: Request, res: Response) => {
+  try {
+    const { email, password } = req.body;
+
+    if (!email || !password) {
+      res.status(400).json({
+        error: {
+          code: 'VALIDATION_ERROR',
+          message: 'Email and password are required',
+        },
+      });
+      return;
+    }
+
+    // Find user
+    const user = await queryOne<User>(
+      'SELECT * FROM users WHERE email = $1',
+      [email.toLowerCase()]
+    );
+
+    if (!user) {
+      res.status(401).json({
+        error: {
+          code: 'INVALID_CREDENTIALS',
+          message: 'Invalid email or password',
+        },
+      });
+      return;
+    }
+
+    // Verify password
+    const valid = await verifyPassword(password, user.password_hash);
+    if (!valid) {
+      res.status(401).json({
+        error: {
+          code: 'INVALID_CREDENTIALS',
+          message: 'Invalid email or password',
+        },
+      });
+      return;
+    }
+
+    // Generate session token
+    const sessionToken = generateSessionToken({
+      id: user.id,
+      email: user.email,
+      tier: user.tier,
+    });
+
+    res.json({
+      message: 'Login successful',
+      user: {
+        id: user.id,
+        email: user.email,
+        tier: user.tier,
+      },
+      sessionToken,
+      expiresIn: '7d',
+    });
+  } catch (error: any) {
+    console.error('[Auth] Login error:', error);
+    res.status(500).json({
+      error: {
+        code: 'INTERNAL_ERROR',
+        message: 'Login failed',
+      },
+    });
+  }
+});
+
+/**
+ * GET /api/auth/me
+ * Get current user info
+ */
+router.get('/me', authenticateApiKey, async (req: Request, res: Response) => {
+  try {
+    const user = await queryOne<User>(
+      'SELECT id, email, tier, stripe_customer_id, created_at FROM users WHERE id = $1',
+      [req.user!.id]
+    );
+
+    if (!user) {
+      res.status(404).json({
+        error: {
+          code: 'NOT_FOUND',
+          message: 'User not found',
+        },
+      });
+      return;
+    }
+
+    // Get API key count
+    const apiKeys = await query<{ count: string }>(
+      'SELECT COUNT(*) as count FROM api_keys WHERE user_id = $1 AND revoked_at IS NULL',
+      [user.id]
+    );
+
+    // Get twin count
+    const twins = await query<{ count: string }>(
+      'SELECT COUNT(*) as count FROM twins WHERE user_id = $1',
+      [user.id]
+    );
+
+    res.json({
+      user: {
+        id: user.id,
+        email: user.email,
+        tier: user.tier,
+        createdAt: user.created_at,
+      },
+      stats: {
+        apiKeys: parseInt(apiKeys[0]?.count || '0'),
+        twins: parseInt(twins[0]?.count || '0'),
+      },
+    });
+  } catch (error: any) {
+    console.error('[Auth] Get me error:', error);
+    res.status(500).json({
+      error: {
+        code: 'INTERNAL_ERROR',
+        message: 'Failed to get user info',
+      },
+    });
+  }
+});
+
+/**
+ * POST /api/auth/api-keys
+ * Create a new API key
+ */
+router.post('/api-keys', authenticateApiKey, async (req: Request, res: Response) => {
+  try {
+    const { name } = req.body;
+
+    // Generate new key
+    const { key, hash, prefix } = await generateApiKey();
+
+    const keys = await query<ApiKey>(
+      `INSERT INTO api_keys (user_id, key_hash, key_prefix, name)
+       VALUES ($1, $2, $3, $4)
+       RETURNING id, key_prefix, name, created_at`,
+      [req.user!.id, hash, prefix, name || 'API Key']
+    );
+
+    res.status(201).json({
+      message: 'API key created',
+      apiKey: {
+        id: keys[0].id,
+        key, // Only returned once at creation
+        prefix: keys[0].key_prefix,
+        name: keys[0].name,
+        createdAt: keys[0].created_at,
+      },
+    });
+  } catch (error: any) {
+    console.error('[Auth] Create API key error:', error);
+    res.status(500).json({
+      error: {
+        code: 'INTERNAL_ERROR',
+        message: 'Failed to create API key',
+      },
+    });
+  }
+});
+
+/**
+ * GET /api/auth/api-keys
+ * List user's API keys
+ */
+router.get('/api-keys', authenticateApiKey, async (req: Request, res: Response) => {
+  try {
+    const keys = await query<ApiKey>(
+      `SELECT id, key_prefix, name, last_used_at, created_at
+       FROM api_keys
+       WHERE user_id = $1 AND revoked_at IS NULL
+       ORDER BY created_at DESC`,
+      [req.user!.id]
+    );
+
+    res.json({
+      apiKeys: keys.map((k) => ({
+        id: k.id,
+        prefix: k.key_prefix,
+        name: k.name,
+        lastUsedAt: k.last_used_at,
+        createdAt: k.created_at,
+      })),
+    });
+  } catch (error: any) {
+    console.error('[Auth] List API keys error:', error);
+    res.status(500).json({
+      error: {
+        code: 'INTERNAL_ERROR',
+        message: 'Failed to list API keys',
+      },
+    });
+  }
+});
+
+/**
+ * DELETE /api/auth/api-keys/:id
+ * Revoke an API key
+ */
+router.delete('/api-keys/:id', authenticateApiKey, async (req: Request, res: Response) => {
+  try {
+    const { id } = req.params;
+
+    const result = await query(
+      `UPDATE api_keys
+       SET revoked_at = NOW()
+       WHERE id = $1 AND user_id = $2 AND revoked_at IS NULL
+       RETURNING id`,
+      [id, req.user!.id]
+    );
+
+    if (result.length === 0) {
+      res.status(404).json({
+        error: {
+          code: 'NOT_FOUND',
+          message: 'API key not found',
+        },
+      });
+      return;
+    }
+
+    res.json({
+      message: 'API key revoked',
+    });
+  } catch (error: any) {
+    console.error('[Auth] Revoke API key error:', error);
+    res.status(500).json({
+      error: {
+        code: 'INTERNAL_ERROR',
+        message: 'Failed to revoke API key',
+      },
+    });
+  }
+});
+
+export default router;