postbase 0.1.0

package/backend/package.json

@@ -0,0 +1,27 @@
+{
+    "name": "postbase-backend",
+    "version": "0.1.0",
+    "license": "MIT",
+    "author": "Umair Ashraf",
+    "url": "http://github.com/umrashrf/postbase",
+    "scripts": {
+        "dev": "nodemon local.js",
+        "migrate:up": "node-pg-migrate up",
+        "migrate:down": "node-pg-migrate down",
+        "migrate:redo": "node-pg-migrate redo",
+        "migrate:create": "node-pg-migrate create"
+    },
+    "dependencies": {
+        "better-auth": "^1.3.34",
+        "cors": "^2.8.5",
+        "dotenv": "^16.6.1",
+        "express": "^4.21.2",
+        "multer": "^2.0.2",
+        "pg": "^8.16.3",
+        "uuid": "^9.0.0",
+        "ws": "^8.18.3"
+    },
+    "devDependencies": {
+        "node-pg-migrate": "^8.0.3"
+    }
+}

package/backend/postbase_db_rules.js

@@ -0,0 +1,128 @@
+// server/rules.js
+import { RuleHelpers as H } from './lib/postbase/rulesEngine.js';
+
+/**
+ * This ruleset mirrors your Firestore rules.
+ * Each table corresponds to a Firestore collection.
+ * All functions receive (request, resource)
+ *   - request.auth may be null or { uid, ... }
+ *   - request.resource.data equivalent → request.resource (on create)
+ *   - resource.data → resource (for read/update/delete)
+ */
+export default {
+    tables: {
+        /** === USERS === */
+        users: {
+            // Allow read and update if the auth.id matches the userId (row id)
+            read: (req, res) => H.isAuth(req) && (req.auth.id === String(res.id) || req.user?.role === "admin"),
+            update: (req, res) => H.isAuth(req) && req.auth.id === String(res.id),
+
+            // Allow create if auth.id == resource.userId
+            create: (req, res) => H.isAuth(req) && req.auth.id === String(res.id),
+
+            // Delete not allowed
+            delete: () => false,
+        },
+
+        /** === REVIEWS === */
+        reviews: {
+            // Everyone can read
+            read: () => true,
+
+            // Authenticated users can create reviews with proper fields and constraints
+            create: (req, res) => {
+                if (!H.isAuth(req)) return false;
+                const d = req.resource || {};
+                const isString = (v) => typeof v === 'string' && v.trim().length > 0;
+                const isInt = (v) => Number.isInteger(v);
+
+                const valid =
+                    isString(d.name) &&
+                    isString(d.email) &&
+                    isString(d.comment) &&
+                    isInt(d.stars) &&
+                    d.stars >= 1 &&
+                    d.stars <= 5 &&
+                    // check createdAt equals request.time: approximated by presence of field
+                    !!d.createdAt;
+
+                return valid;
+            },
+
+            // No updates or deletes
+            update: () => false,
+            delete: () => false,
+        },
+
+        /** === DEV_REQUESTS === */
+        dev_requests: {
+            // Authenticated user can read their own requests
+            read: (req, res) =>
+                H.isAuth(req) && req.auth.id === String(res.user_id || res.userId),
+
+            // Authenticated user can create their own requests with valid data
+            create: (req, res) => {
+                if (!H.isAuth(req)) return false;
+                const d = req.resource || {};
+                const isString = (v) => typeof v === 'string' && v.trim().length > 0;
+
+                return (
+                    req.auth.id === String(d.user_id || d.userId) &&
+                    isString(d.name) &&
+                    isString(d.email) &&
+                    isString(d.description)
+                );
+            },
+
+            // No updates or deletes
+            update: () => false,
+            delete: () => false,
+        },
+
+        /** === API_KEYS === */
+        api_keys: {
+            // Read / update / delete allowed only for owner
+            read: (req, res) => {
+                if (!res) return H.isAuth(req);
+                return H.isAuth(req) && req.auth.id === String(res.user_id || res.userId);
+            },
+            update: (req, res) =>
+                H.isAuth(req) && req.auth.id === String(res.user_id || res.userId),
+            delete: (req, res) =>
+                H.isAuth(req) && req.auth.id === String(res.user_id || res.userId),
+
+            // Create: must be owner and valid key string with length >= 16
+            create: (req, res) => {
+                if (!H.isAuth(req)) return false;
+                const d = req.resource || {};
+                const isString = (v) => typeof v === 'string' && v.trim().length >= 16;
+                return (
+                    req.auth.id === String(d.user_id || d.userId) &&
+                    isString(d.key)
+                );
+            },
+        },
+
+        /** === BILLING === */
+        billing: {
+            // Read and write allowed only for owner
+            read: (req, res) =>
+                H.isAuth(req) && req.auth.id === String(res.user_id || res.userId),
+            create: (req, res) =>
+                H.isAuth(req) && req.auth.id === String(res.user_id || res.userId),
+            update: (req, res) =>
+                H.isAuth(req) && req.auth.id === String(res.user_id || res.userId),
+            delete: (req, res) =>
+                H.isAuth(req) && req.auth.id === String(res.user_id || res.userId),
+        },
+    },
+
+    /** === GLOBAL DEFAULTS === */
+    default: {
+        // Default deny everything (read/write false)
+        read: () => false,
+        create: () => false,
+        update: () => false,
+        delete: () => false,
+    },
+};

package/backend/postbase_rtdb_rules.js

@@ -0,0 +1,27 @@
+// backend/postbase_rtdb_rules.js
+export default {
+    paths: {
+        "/users/$uid": {
+            read: (req, ctx) =>
+                !!req.auth && req.auth.id === ctx.params.uid,
+
+            write: (req, ctx) =>
+                !!req.auth && req.auth.id === ctx.params.uid,
+
+            delete: (req, ctx) =>
+                !!req.auth && req.auth.id === ctx.params.uid,
+        },
+
+        "/public": {
+            read: true,
+            write: false,
+            delete: false,
+        },
+    },
+
+    default: {
+        read: false,
+        write: false,
+        delete: false,
+    }
+};

package/backend/postbase_storage_rules.js

@@ -0,0 +1,45 @@
+// fileRules.js
+import { RuleHelpers as H } from './lib/postbase/rulesEngine.js'; // adjust import path to your evaluator helpers
+
+export default {
+    tables: {
+        files: {
+            // read: allowed if authenticated and auth.id equals owner OR auth.id in allowedUsers
+            read: (req, resource) => {
+                if (!resource) return false;
+                if (!H.isAuth(req)) return false;
+                const uid = req.auth.id;
+                if (!uid) return false;
+                if (resource.owner && String(resource.owner) === String(uid)) return true;
+                if (Array.isArray(resource.allowedUsers) && resource.allowedUsers.map(String).includes(String(uid))) return true;
+                return false;
+            },
+
+            // create: allow if auth.id equals incoming owner OR auth.id in incoming allowedUsers
+            create: (req, resource) => {
+                if (!H.isAuth(req)) return false;
+                const uid = req.auth.id;
+                if (!uid) return false;
+                // resource is the incoming metadata object: must specify owner or allowedUsers
+                if (resource.owner && String(resource.owner) === String(uid)) return true;
+                if (Array.isArray(resource.allowedUsers) && resource.allowedUsers.map(String).includes(String(uid))) return true;
+                return false;
+            },
+
+            // delete: only owner
+            delete: (req, resource) => {
+                if (!H.isAuth(req)) return false;
+                const uid = req.auth.id;
+                return resource && resource.owner && String(resource.owner) === String(uid);
+            }
+        }
+    },
+
+    // default denies everything
+    default: {
+        read: () => false,
+        create: () => false,
+        update: () => false,
+        delete: () => false
+    }
+};

package/backend/template.env

@@ -0,0 +1,10 @@
+API_BASE=https://www.your_website.com/api
+BETTER_AUTH_SECRET=
+GOOGLE_CLIENT_ID=
+GOOGLE_CLIENT_SECRET=
+POSTBASE_BACKEND_HTTP_PORT=8081
+POSTBASE_BACKEND_HTTPS_PORT=4431
+LETSENCRYPT_CERT="/Users/your_username/your_website/nginx/letsencrypt/cert.pem"
+LETSENCRYPT_KEY="/Users/your_username/your_website/nginx/letsencrypt/privkey.pem"
+DATABASE_URL="postgresql://postgres:yoursecretpassword@127.0.0.1:5432/postgres"
+ADMIN_USER_ID=

package/backend-systemd/README.md

@@ -0,0 +1,39 @@
+# Systemd for backend process
+
+### Reload the systemd user configuration to recognize the new service:
+
+```
+systemctl --user daemon-reload
+```
+
+### Start the service.
+
+```
+systemctl --user start your_website.com.service
+```
+
+### Enable the service to start automatically on login:
+
+```
+systemctl --user enable your_website.com.service
+```
+
+### Check the service status.
+
+```
+systemctl --user status your_website.com.service
+```
+
+### Restart the service.
+
+```
+systemctl --user restart your_website.com.service
+```
+
+## Lingering
+
+### Lingering: If you want your user service to continue running even after you log out, you need to enable user lingering:
+
+```
+loginctl enable-linger your_username
+```

package/backend-systemd/your_website.com.service

@@ -0,0 +1,12 @@
+[Unit]
+Description=your_website.com
+After=network.target
+
+[Service]
+ExecStart=/path/to/bin/node main.js
+Restart=always
+User=your_username
+WorkingDirectory=/home/your_username/my-app-directory/
+
+[Install]
+WantedBy=default.target

package/frontend/404.html

@@ -0,0 +1,33 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>Page Not Found</title>
+
+    <style media="screen">
+      body { background: #ECEFF1; color: rgba(0,0,0,0.87); font-family: Roboto, Helvetica, Arial, sans-serif; margin: 0; padding: 0; }
+      #message { background: white; max-width: 360px; margin: 100px auto 16px; padding: 32px 24px 16px; border-radius: 3px; }
+      #message h3 { color: #888; font-weight: normal; font-size: 16px; margin: 16px 0 12px; }
+      #message h2 { color: #ffa100; font-weight: bold; font-size: 16px; margin: 0 0 8px; }
+      #message h1 { font-size: 22px; font-weight: 300; color: rgba(0,0,0,0.6); margin: 0 0 16px;}
+      #message p { line-height: 140%; margin: 16px 0 24px; font-size: 14px; }
+      #message a { display: block; text-align: center; background: #039be5; text-transform: uppercase; text-decoration: none; color: white; padding: 16px; border-radius: 4px; }
+      #message, #message a { box-shadow: 0 1px 3px rgba(0,0,0,0.12), 0 1px 2px rgba(0,0,0,0.24); }
+      #load { color: rgba(0,0,0,0.4); text-align: center; font-size: 13px; }
+      @media (max-width: 600px) {
+        body, #message { margin-top: 0; background: white; box-shadow: none; }
+        body { border-top: 16px solid #ffa100; }
+      }
+    </style>
+  </head>
+  <body>
+    <div id="message">
+      <h2>404</h2>
+      <h1>Page Not Found</h1>
+      <p>The specified file was not found on this website. Please check the URL for mistakes and try again.</p>
+      <h3>Why am I seeing this?</h3>
+      <p>This page was generated by the Firebase Command-Line Interface. To modify it, edit the <code>404.html</code> file in your project's configured <code>public</code> directory.</p>
+    </div>
+  </body>
+</html>

package/frontend/README.md

@@ -0,0 +1,25 @@
+# Frontend
+
+## Install
+
+```
+cd frontend
+cp template.env .env
+npm insall
+```
+
+Make sure your backend is running and double check frontend/.env file is accurate.
+
+## Run
+
+This will watch for changes and build while running the server.
+
+```
+npm run dev
+```
+
+## Build (Nginx)
+
+```
+npm run build
+```

package/frontend/index.html

@@ -0,0 +1,15 @@
+<!doctype html>
+<html>
+
+<head>
+    <meta charset="utf-8" />
+    <meta name="viewport" content="width=device-width,initial-scale=1" />
+    <title>Postbase Demo</title>
+</head>
+
+<body>
+    <div id="app"></div>
+    <script type="module" src="/src/main.jsx"></script>
+</body>
+
+</html>

package/frontend/jsconfig.json

@@ -0,0 +1,20 @@
+{
+	"compilerOptions": {
+		"target": "ES2020",
+		"module": "ESNext",
+		"moduleResolution": "bundler",
+		"noEmit": true,
+		"allowJs": true,
+		"checkJs": true,
+
+		/* Preact Config */
+		"jsx": "react-jsx",
+		"jsxImportSource": "preact",
+		"skipLibCheck": true,
+		"paths": {
+			"react": ["./node_modules/preact/compat/"],
+			"react-dom": ["./node_modules/preact/compat/"]
+		}
+	},
+	"include": ["node_modules/vite/client.d.ts", "**/*"]
+}

package/frontend/lib/postbase/auth.js

@@ -0,0 +1,132 @@
+/**
+ * A wrapper around better-auth/client's createAuthClient
+ * that adds Firebase-like helpers:
+ * - onAuthStateChanged(callback)
+ * - getIdToken()
+ * - currentUser
+ */
+export function createAuthClient(betterAuthClient) {
+    // Track current user state
+    let currentUser = null;
+    const subscribers = new Set();
+
+    function notifySubscribers(user) {
+        for (const cb of subscribers) {
+            try {
+                cb(user);
+            } catch (err) {
+                console.error("Error in onAuthStateChanged listener:", err);
+            }
+        }
+    }
+
+    // Poll for session changes (adjust interval as needed)
+    async function checkSession() {
+        try {
+            const { data } = await betterAuthClient.getSession();
+            const newUser = data?.user ?? null;
+            if (newUser) {
+                newUser.uid = newUser.id;
+            }
+
+            if (JSON.stringify(newUser) !== JSON.stringify(currentUser)) {
+                currentUser = newUser;
+                if (currentUser) {
+                    currentUser.getIdToken = getIdToken;
+                }
+                notifySubscribers(currentUser);
+            }
+        } catch (err) {
+            console.error("Error checking session:", err);
+        }
+    }
+
+    // Simple polling loop (every 5 seconds by default)
+    const POLL_INTERVAL = 5000;
+    let pollTimer = setInterval(checkSession, POLL_INTERVAL);
+
+    /**
+     * Adds a listener for auth state changes.
+     * Returns an unsubscribe function (for React/Preact useEffect cleanup).
+     */
+    function onAuthStateChanged(callback) {
+        subscribers.add(callback);
+
+        // Immediately invoke with current user
+        (async () => {
+            const { data } = await betterAuthClient.getSession();
+            const newUser = data?.user ?? null;
+            if (newUser) {
+                newUser.uid = newUser.id;
+            }
+            currentUser = newUser;
+            if (currentUser) {
+                currentUser.getIdToken = getIdToken;
+            }
+            try {
+                callback(newUser);
+            } catch (err) {
+                console.error("Error in onAuthStateChanged listener:", err);
+            }
+        })();
+
+        // Return unsubscribe
+        return () => {
+            subscribers.delete(callback);
+            if (subscribers.size === 0) {
+                clearInterval(pollTimer);
+                pollTimer = null;
+            }
+        };
+    }
+
+    /**
+     * Firebase-like getIdToken() equivalent.
+     * Returns the current access token (JWT) if a session exists.
+     */
+    async function getIdToken(refresh = false) {
+        const { data } = await betterAuthClient.getSession();
+        const token =
+            data?.session?.token ?? data?.session?.token ?? null;
+        return token;
+    }
+
+    async function getBetterAuthToken() {
+        const authToken = window.sessionStorage.getItem('authToken');
+        if (authToken) {
+            return authToken;
+        }
+        const { data } = await betterAuthClient.getSession();
+        if (data && data.hasOwnProperty('session') && data.session?.token) {
+            window.sessionStorage.setItem('authToken', data.session?.token);
+            return data.session?.token;
+        }
+        return null;
+    }
+
+    const signOut = (...args) => {
+        const authToken = window.sessionStorage.getItem('authToken');
+        if (authToken) {
+            window.sessionStorage.removeItem('authToken');
+        }
+        // at the end because it can trigger navigation
+        betterAuthClient.signOut.apply(this, ...args);
+    }
+
+    // Return wrapped client with added helpers and dynamic currentUser getter
+    return {
+        ...betterAuthClient,
+
+        /**
+         * Returns the most recent known user (Firebase-like).
+         * This does not fetch the server — it reflects the last known session state.
+         */
+        get currentUser() {
+            return currentUser;
+        },
+
+        onAuthStateChanged,
+        getBetterAuthToken,
+        signOut,
+    };
+}

package/frontend/lib/postbase/compat/firebase/app.js

@@ -0,0 +1,3 @@
+export function initializeApp(firebaseConfig) {
+    return firebaseConfig;
+}

package/frontend/lib/postbase/compat/firebase/auth.js

@@ -0,0 +1,115 @@
+//import { createAuthClient } from '../../auth';
+
+export function createFirebaseAuthClient(postbaseAuthClientWithBetterAuthFunctions) {
+    // if (!(auth instanceof createAuthClient)) {
+    //     throw new Error("");
+    // }
+
+    const createUserWithEmailAndPassword = async (auth, email, password, name = null) => {
+        try {
+            // better-auth requires name whereas firebase auth doesn't
+            let _name = name;
+            if (!_name) {
+                _name = email.split('@')[0];
+            }
+
+            await auth.signUp.email({
+                email,
+                password,
+                name,
+                //callbackURL: "/dashboard",
+            });
+
+            const { data } = await auth.getSession();
+            const user = data?.user ?? null;
+
+            const userCredential = { user };
+
+            return userCredential;
+
+        } catch (err) {
+            throw {
+                code: '500',
+                message: err.message,
+            };
+        }
+    };
+
+    const signInWithEmailAndPassword = async (auth, email, password) => {
+        try {
+            await auth.signIn.email({
+                email,
+                password,
+                //callbackURL: '/dashboard',
+            });
+
+            const { data } = await auth.getSession();
+            const user = data?.user ?? null;
+
+            const userCredential = { user };
+
+            return userCredential;
+
+        } catch (err) {
+            throw {
+                code: '500',
+                message: err.message,
+            };
+        }
+    };
+
+    const sendEmailVerification = async (currentUser) => {
+        /** // Must have following function on the server: 
+         *  // https://better-auth.com/docs/concepts/email
+         *  import { betterAuth } from 'better-auth';
+            import { sendEmail } from './email'; // your email sending function
+            export const auth = betterAuth({
+                emailVerification: {
+                    sendVerificationEmail: async ({ user, url, token }, request) => {
+                        void sendEmail({
+                            to: user.email,
+                            subject: 'Verify your email address',
+                            text: `Click the link to verify your email: ${url}`
+                        })
+                    }
+                }
+            })
+        */
+        await postbaseAuthClientWithBetterAuthFunctions.sendVerificationEmail({
+            email: currentUser.email
+        });
+    };
+
+    const updateProfile = async () => { };
+
+    const updateEmail = async () => { };
+
+    const updatePassword = async () => { };
+
+    const sendPasswordResetEmail = async (auth, email) => {
+        await auth.requestPasswordReset({
+            email,
+        });
+
+    };
+
+    const signOut = async (auth) => {
+        const authToken = window.sessionStorage.getItem('authToken');
+        if (authToken) {
+            window.sessionStorage.removeItem('authToken');
+        }
+        // at the end because it can trigger navigation
+        auth.signOut.apply(this, []);
+    };
+
+    return {
+        createUserWithEmailAndPassword,
+        sendEmailVerification,
+        sendPasswordResetEmail,
+        signInWithEmailAndPassword,
+        updateProfile,
+        updateEmail,
+        updatePassword,
+        signOut,
+    };
+}

package/frontend/lib/postbase/compat/firebase/database.js

@@ -0,0 +1,11 @@
+import { getBetterAuthToken } from "../../../../src/auth";
+import { RtdbClient } from "../../rtdb";
+
+export function getDatabase(app) {
+    // app is just {} having baseUrl and getAuthToken
+    return new RtdbClient({
+        restUrl: app.baseUrl,
+        wsUrl: app.baseUrl.replace('https://', 'wss://'),
+        getAuthToken: getBetterAuthToken,
+    });
+}