settld 0.2.4 → 0.2.6

package/services/magic-link/src/settlement-decisions.js

@@ -0,0 +1,84 @@
+import fs from "node:fs/promises";
+import path from "node:path";
+
+function isPlainObject(v) {
+  return Boolean(v && typeof v === "object" && !Array.isArray(v) && (Object.getPrototypeOf(v) === Object.prototype || Object.getPrototypeOf(v) === null));
+}
+
+function dirFor({ dataDir, token }) {
+  return path.join(dataDir, "settlement_decisions", String(token));
+}
+
+function parseSeqFromName(name) {
+  const m = /^([0-9]{4})_(approve|hold)\.json$/.exec(String(name ?? ""));
+  if (!m) return null;
+  const n = Number.parseInt(m[1], 10);
+  if (!Number.isInteger(n) || n < 0) return null;
+  return n;
+}
+
+export async function listSettlementDecisionReportFiles({ dataDir, token }) {
+  const dir = dirFor({ dataDir, token });
+  let names = [];
+  try {
+    names = (await fs.readdir(dir)).filter((n) => n.endsWith(".json"));
+  } catch {
+    return [];
+  }
+  const parsed = [];
+  for (const name of names) {
+    const seq = parseSeqFromName(name);
+    if (seq === null) continue;
+    parsed.push({ seq, name, path: path.join(dir, name) });
+  }
+  parsed.sort((a, b) => a.seq - b.seq || String(a.name).localeCompare(String(b.name)));
+  return parsed;
+}
+
+export async function loadLatestSettlementDecisionReport({ dataDir, token }) {
+  const files = await listSettlementDecisionReportFiles({ dataDir, token });
+  if (!files.length) return null;
+  const last = files[files.length - 1];
+  try {
+    return JSON.parse(await fs.readFile(last.path, "utf8"));
+  } catch {
+    return null;
+  }
+}
+
+function nextSeq(files) {
+  let max = 0;
+  for (const f of Array.isArray(files) ? files : []) {
+    const n = Number(f?.seq);
+    if (Number.isInteger(n) && n >= max) max = n + 1;
+  }
+  return max;
+}
+
+function normalizeDecision(v) {
+  const s = String(v ?? "").trim().toLowerCase();
+  if (s === "approve" || s === "hold") return s;
+  return null;
+}
+
+export async function appendSettlementDecisionReport({ dataDir, token, report }) {
+  if (!isPlainObject(report) || String(report.schemaVersion ?? "") !== "SettlementDecisionReport.v1") {
+    return { ok: false, error: "INVALID_REPORT", message: "report must be SettlementDecisionReport.v1" };
+  }
+  const decision = normalizeDecision(report.decision);
+  if (!decision) return { ok: false, error: "INVALID_DECISION", message: "decision must be approve|hold" };
+
+  const dir = dirFor({ dataDir, token });
+  await fs.mkdir(dir, { recursive: true });
+
+  const existing = await listSettlementDecisionReportFiles({ dataDir, token });
+  const seq = nextSeq(existing);
+  if (seq > 9999) return { ok: false, error: "TOO_MANY_DECISIONS", message: "too many settlement decisions recorded" };
+
+  const name = `${String(seq).padStart(4, "0")}_${decision}.json`;
+  const fp = path.join(dir, name);
+  const raw = JSON.stringify(report, null, 2) + "\n";
+  await fs.writeFile(fp, raw, "utf8");
+  return { ok: true, path: fp, name, seq };
+}
+

package/services/magic-link/src/smtp.js

@@ -0,0 +1,217 @@
+import net from "node:net";
+import tls from "node:tls";
+import crypto from "node:crypto";
+
+function b64(text) {
+  return Buffer.from(String(text ?? ""), "utf8").toString("base64");
+}
+
+function nowRfc2822() {
+  return new Date().toUTCString();
+}
+
+function makeMessageId(domain = "localhost") {
+  const id = crypto.randomBytes(16).toString("hex");
+  return `<${id}@${domain}>`;
+}
+
+function clampText(v, { max }) {
+  const s = String(v ?? "");
+  if (s.length <= max) return s;
+  return s.slice(0, Math.max(0, max - 1)) + "…";
+}
+
+const SIMPLE_EMAIL_RE = /^[^\s@<>]+@[^\s@<>]+$/;
+
+export function extractSmtpEnvelopeAddress(value, { fieldName = "address" } = {}) {
+  const raw = String(value ?? "").trim();
+  if (!raw) throw new Error(`smtp ${fieldName} required`);
+  const bracketed = /<\s*([^<>\s@]+@[^\s@<>]+)\s*>/.exec(raw);
+  const candidate = (bracketed ? bracketed[1] : raw).trim();
+  if (!SIMPLE_EMAIL_RE.test(candidate)) {
+    throw new Error(`smtp ${fieldName} must be an email address`);
+  }
+  return candidate;
+}
+
+export function formatSmtpMessage({ from, to, subject, text, messageIdDomain }) {
+  const subj = clampText(subject, { max: 200 });
+  const body = String(text ?? "");
+  const msgId = makeMessageId(messageIdDomain ?? "localhost");
+  const headers = [
+    `From: ${from}`,
+    `To: ${to}`,
+    `Subject: ${subj}`,
+    `Date: ${nowRfc2822()}`,
+    `Message-ID: ${msgId}`,
+    "MIME-Version: 1.0",
+    "Content-Type: text/plain; charset=utf-8",
+    "Content-Transfer-Encoding: 8bit"
+  ];
+  // Ensure CRLF line endings for SMTP DATA.
+  const normalizedBody = body.replaceAll("\r\n", "\n").replaceAll("\r", "\n").split("\n").join("\r\n");
+  return headers.join("\r\n") + "\r\n\r\n" + normalizedBody + "\r\n";
+}
+
+export function dotStuffSmtpData(data) {
+  return String(data ?? "")
+    .split("\r\n")
+    .map((l) => (l.startsWith(".") ? "." + l : l))
+    .join("\r\n");
+}
+
+function createLineReader(socket, { timeoutMs }) {
+  let buf = "";
+  const queue = [];
+  const waiters = [];
+
+  function pushLine(line) {
+    if (waiters.length) {
+      const w = waiters.shift();
+      w.resolve(line);
+      return;
+    }
+    queue.push(line);
+  }
+
+  socket.on("data", (d) => {
+    buf += d.toString("utf8");
+    while (true) {
+      const idx = buf.indexOf("\n");
+      if (idx === -1) break;
+      const raw = buf.slice(0, idx + 1);
+      buf = buf.slice(idx + 1);
+      const line = raw.replace(/\r?\n$/, "");
+      pushLine(line);
+    }
+  });
+
+  function readLine() {
+    if (queue.length) return Promise.resolve(queue.shift());
+    return new Promise((resolve, reject) => {
+      const t = setTimeout(() => reject(new Error("smtp timeout")), timeoutMs);
+      waiters.push({
+        resolve: (v) => {
+          clearTimeout(t);
+          resolve(v);
+        }
+      });
+    });
+  }
+
+  return { readLine };
+}
+
+async function readReply(reader) {
+  const lines = [];
+  let code = null;
+  while (true) {
+    // eslint-disable-next-line no-await-in-loop
+    const line = await reader.readLine();
+    lines.push(line);
+    const m = /^(\d{3})([ -])/.exec(line);
+    if (!m) continue;
+    code = Number.parseInt(m[1], 10);
+    const sep = m[2];
+    if (sep === " ") break;
+  }
+  return { code: code ?? 0, lines };
+}
+
+async function sendCmd(socket, reader, cmd, expectedCodes) {
+  socket.write(String(cmd ?? "") + "\r\n");
+  const rep = await readReply(reader);
+  const allowed = Array.isArray(expectedCodes) ? expectedCodes : [expectedCodes];
+  if (!allowed.includes(rep.code)) {
+    const detail = rep.lines.join("\n");
+    throw new Error(`smtp unexpected reply for ${String(cmd).split(" ")[0]}: ${rep.code}\n${detail}`);
+  }
+  return rep;
+}
+
+export async function sendSmtpMail({
+  host,
+  port,
+  secure = false,
+  starttls = true,
+  auth = null,
+  from,
+  to,
+  subject,
+  text,
+  timeoutMs = 10_000
+} = {}) {
+  const h = String(host ?? "").trim();
+  const p = Number.parseInt(String(port ?? ""), 10);
+  if (!h) throw new Error("smtp host required");
+  if (!Number.isInteger(p) || p < 1 || p > 65535) throw new Error("smtp port invalid");
+  if (!from || !to) throw new Error("smtp from/to required");
+  const envelopeFrom = extractSmtpEnvelopeAddress(from, { fieldName: "from" });
+  const envelopeTo = extractSmtpEnvelopeAddress(to, { fieldName: "to" });
+
+  const connect = secure
+    ? () => tls.connect({ host: h, port: p, servername: h })
+    : () => net.connect({ host: h, port: p });
+
+  let socket = connect();
+  socket.setTimeout(timeoutMs);
+  socket.on("timeout", () => {
+    try {
+      socket.destroy(new Error("smtp timeout"));
+    } catch {
+      // ignore
+    }
+  });
+
+  await new Promise((resolve, reject) => {
+    socket.once("error", reject);
+    socket.once("connect", resolve);
+  });
+
+  let reader = createLineReader(socket, { timeoutMs });
+  const greet = await readReply(reader);
+  if (greet.code !== 220) throw new Error(`smtp bad greeting: ${greet.code}`);
+
+  const ehlo = async () => await sendCmd(socket, reader, `EHLO settld`, 250);
+  let ehloReply = await ehlo();
+
+  const supportsStarttls = ehloReply.lines.some((l) => /STARTTLS/i.test(l));
+  if (!secure && starttls && supportsStarttls) {
+    await sendCmd(socket, reader, "STARTTLS", 220);
+    socket = tls.connect({ socket, servername: h });
+    socket.setTimeout(timeoutMs);
+    reader = createLineReader(socket, { timeoutMs });
+    ehloReply = await ehlo();
+  }
+
+  if (auth && typeof auth === "object") {
+    const user = typeof auth.user === "string" ? auth.user : "";
+    const pass = typeof auth.pass === "string" ? auth.pass : "";
+    if (user && pass) {
+      const token = b64(`\u0000${user}\u0000${pass}`);
+      await sendCmd(socket, reader, `AUTH PLAIN ${token}`, [235, 250]);
+    }
+  }
+
+  await sendCmd(socket, reader, `MAIL FROM:<${envelopeFrom}>`, 250);
+  await sendCmd(socket, reader, `RCPT TO:<${envelopeTo}>`, [250, 251]);
+  await sendCmd(socket, reader, "DATA", 354);
+
+  const domain = (() => {
+    const i = envelopeFrom.indexOf("@");
+    return i !== -1 ? envelopeFrom.slice(i + 1) : "localhost";
+  })();
+  const msg = formatSmtpMessage({ from, to, subject, text, messageIdDomain: domain });
+
+  const stuffed = dotStuffSmtpData(msg);
+
+  socket.write(stuffed + "\r\n.\r\n");
+  const dataReply = await readReply(reader);
+  if (dataReply.code !== 250) throw new Error(`smtp DATA failed: ${dataReply.code}`);
+
+  try {
+    await sendCmd(socket, reader, "QUIT", 221);
+  } catch {
+    // ignore
+  }
+}

package/services/magic-link/src/storage-cli.js

@@ -0,0 +1,88 @@
+#!/usr/bin/env node
+import process from "node:process";
+
+import { checkAndMigrateDataDir, readFormatInfo, MAGIC_LINK_DATA_FORMAT_VERSION_CURRENT } from "./storage-format.js";
+
+function usage() {
+  // eslint-disable-next-line no-console
+  console.error(
+    [
+      "usage:",
+      "  node services/magic-link/src/storage-cli.js check --data-dir <path>",
+      "  node services/magic-link/src/storage-cli.js migrate --data-dir <path>",
+      "",
+      "notes:",
+      `  current format version: ${MAGIC_LINK_DATA_FORMAT_VERSION_CURRENT}`,
+      "  check does not write; migrate initializes/upgrades the data dir format marker."
+    ].join("\n")
+  );
+  process.exit(2);
+}
+
+function parseArgs(argv) {
+  const cmd = argv[0];
+  if (cmd !== "check" && cmd !== "migrate") usage();
+
+  let dataDir = null;
+  for (let i = 1; i < argv.length; i += 1) {
+    const a = argv[i];
+    if (a === "--data-dir") {
+      dataDir = String(argv[i + 1] ?? "");
+      i += 1;
+      continue;
+    }
+    if (a === "--help" || a === "-h") usage();
+    usage();
+  }
+  if (!dataDir) usage();
+  return { cmd, dataDir };
+}
+
+async function main() {
+  const { cmd, dataDir } = parseArgs(process.argv.slice(2));
+
+  if (cmd === "check") {
+    const info = await readFormatInfo({ dataDir });
+    if (!info) {
+      // eslint-disable-next-line no-console
+      console.error(JSON.stringify({ ok: false, code: "DATA_DIR_UNINITIALIZED", currentVersion: MAGIC_LINK_DATA_FORMAT_VERSION_CURRENT }, null, 2));
+      process.exit(3);
+    }
+    const v = Number.parseInt(String(info.version ?? ""), 10);
+    if (!Number.isInteger(v)) {
+      // eslint-disable-next-line no-console
+      console.error(JSON.stringify({ ok: false, code: "DATA_DIR_FORMAT_INVALID", currentVersion: MAGIC_LINK_DATA_FORMAT_VERSION_CURRENT, format: info }, null, 2));
+      process.exit(4);
+    }
+    if (v > MAGIC_LINK_DATA_FORMAT_VERSION_CURRENT) {
+      // eslint-disable-next-line no-console
+      console.error(
+        JSON.stringify(
+          { ok: false, code: "DATA_DIR_TOO_NEW", currentVersion: MAGIC_LINK_DATA_FORMAT_VERSION_CURRENT, foundVersion: v, format: info },
+          null,
+          2
+        )
+      );
+      process.exit(5);
+    }
+    // eslint-disable-next-line no-console
+    console.log(JSON.stringify({ ok: true, currentVersion: MAGIC_LINK_DATA_FORMAT_VERSION_CURRENT, foundVersion: v, format: info }, null, 2));
+    process.exit(0);
+  }
+
+  const migrated = await checkAndMigrateDataDir({ dataDir, migrateOnStartup: true });
+  if (!migrated.ok) {
+    // eslint-disable-next-line no-console
+    console.error(JSON.stringify(migrated, null, 2));
+    process.exit(1);
+  }
+  // eslint-disable-next-line no-console
+  console.log(JSON.stringify(migrated, null, 2));
+}
+
+main().catch((err) => {
+  // eslint-disable-next-line no-console
+  console.error(err?.stack ?? String(err ?? ""));
+  process.exit(1);
+});
+

package/services/magic-link/src/storage-format.js

@@ -0,0 +1,59 @@
+import fs from "node:fs/promises";
+import path from "node:path";
+
+function nowIso() {
+  return new Date().toISOString();
+}
+
+function isPlainObject(v) {
+  return Boolean(v && typeof v === "object" && !Array.isArray(v) && (Object.getPrototypeOf(v) === Object.prototype || Object.getPrototypeOf(v) === null));
+}
+
+export const MAGIC_LINK_DATA_FORMAT_VERSION_CURRENT = 1;
+
+export function formatInfoPath({ dataDir }) {
+  return path.join(String(dataDir ?? ""), "format.json");
+}
+
+export async function readFormatInfo({ dataDir }) {
+  const fp = formatInfoPath({ dataDir });
+  try {
+    const raw = await fs.readFile(fp, "utf8");
+    const j = JSON.parse(raw);
+    if (!isPlainObject(j)) return null;
+    if (String(j.schemaVersion ?? "") !== "MagicLinkDataFormat.v1") return null;
+    return j;
+  } catch {
+    return null;
+  }
+}
+
+export async function writeFormatInfo({ dataDir, version }) {
+  const fp = formatInfoPath({ dataDir });
+  await fs.mkdir(path.dirname(fp), { recursive: true });
+  const record = { schemaVersion: "MagicLinkDataFormat.v1", version, writtenAt: nowIso() };
+  await fs.writeFile(fp, JSON.stringify(record, null, 2) + "\n", "utf8");
+  return record;
+}
+
+export async function checkAndMigrateDataDir({ dataDir, migrateOnStartup = true } = {}) {
+  const cur = MAGIC_LINK_DATA_FORMAT_VERSION_CURRENT;
+  const existing = await readFormatInfo({ dataDir });
+  if (!existing) {
+    if (!migrateOnStartup) return { ok: false, code: "DATA_DIR_UNINITIALIZED", currentVersion: cur };
+    const written = await writeFormatInfo({ dataDir, version: cur });
+    return { ok: true, currentVersion: cur, previousVersion: null, initialized: true, migrated: false, format: written };
+  }
+
+  const v = Number.parseInt(String(existing.version ?? ""), 10);
+  if (!Number.isInteger(v) || v < 1) return { ok: false, code: "DATA_DIR_FORMAT_INVALID", currentVersion: cur, format: existing };
+  if (v === cur) return { ok: true, currentVersion: cur, previousVersion: v, initialized: false, migrated: false, format: existing };
+  if (v > cur) return { ok: false, code: "DATA_DIR_TOO_NEW", currentVersion: cur, foundVersion: v, format: existing };
+
+  if (!migrateOnStartup) return { ok: false, code: "MIGRATIONS_DISABLED", currentVersion: cur, foundVersion: v, format: existing };
+
+  // v1 -> current (no-op today). Future versions should apply explicit migrations here.
+  const written = await writeFormatInfo({ dataDir, version: cur });
+  return { ok: true, currentVersion: cur, previousVersion: v, initialized: false, migrated: true, format: written };
+}
+

package/services/magic-link/src/tenant-billing.js

@@ -0,0 +1,115 @@
+import fs from "node:fs/promises";
+import path from "node:path";
+
+function nowIso() {
+  return new Date().toISOString();
+}
+
+function isPlainObject(v) {
+  return Boolean(v && typeof v === "object" && !Array.isArray(v) && (Object.getPrototypeOf(v) === Object.prototype || Object.getPrototypeOf(v) === null));
+}
+
+export function defaultTenantBillingState({ tenantId }) {
+  return {
+    schemaVersion: "MagicLinkTenantBilling.v1",
+    tenantId,
+    provider: "stripe",
+    currentPlan: "free",
+    status: "inactive",
+    customerId: null,
+    subscriptionId: null,
+    lastCheckoutSessionId: null,
+    paymentDelinquent: false,
+    suspended: false,
+    updatedAt: nowIso(),
+    lastEvent: null
+  };
+}
+
+function billingStatePath({ dataDir, tenantId }) {
+  return path.join(dataDir, "tenants", tenantId, "billing.json");
+}
+
+function stripeEventPath({ dataDir, eventId }) {
+  return path.join(dataDir, "billing", "stripe", "events", `${eventId}.json`);
+}
+
+function stripeCustomerPath({ dataDir, customerId }) {
+  return path.join(dataDir, "billing", "stripe", "customers", `${customerId}.json`);
+}
+
+export async function loadTenantBillingStateBestEffort({ dataDir, tenantId }) {
+  const fp = billingStatePath({ dataDir, tenantId });
+  try {
+    const raw = JSON.parse(await fs.readFile(fp, "utf8"));
+    if (!isPlainObject(raw)) return defaultTenantBillingState({ tenantId });
+    return { ...defaultTenantBillingState({ tenantId }), ...raw, tenantId };
+  } catch {
+    return defaultTenantBillingState({ tenantId });
+  }
+}
+
+export async function saveTenantBillingState({ dataDir, tenantId, state }) {
+  const fp = billingStatePath({ dataDir, tenantId });
+  await fs.mkdir(path.dirname(fp), { recursive: true });
+  const next = { ...defaultTenantBillingState({ tenantId }), ...(isPlainObject(state) ? state : {}), tenantId, updatedAt: nowIso() };
+  await fs.writeFile(fp, JSON.stringify(next, null, 2) + "\n", "utf8");
+  return next;
+}
+
+export async function patchTenantBillingState({ dataDir, tenantId, patch }) {
+  const cur = await loadTenantBillingStateBestEffort({ dataDir, tenantId });
+  return await saveTenantBillingState({ dataDir, tenantId, state: { ...cur, ...(isPlainObject(patch) ? patch : {}) } });
+}
+
+export async function isStripeEventProcessed({ dataDir, eventId }) {
+  if (!eventId || typeof eventId !== "string") return false;
+  const fp = stripeEventPath({ dataDir, eventId });
+  try {
+    await fs.access(fp);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+export async function markStripeEventProcessed({ dataDir, eventId, payload }) {
+  if (!eventId || typeof eventId !== "string") return null;
+  const fp = stripeEventPath({ dataDir, eventId });
+  await fs.mkdir(path.dirname(fp), { recursive: true });
+  const row = {
+    schemaVersion: "MagicLinkStripeEventReceipt.v1",
+    eventId,
+    receivedAt: nowIso(),
+    payload
+  };
+  await fs.writeFile(fp, JSON.stringify(row, null, 2) + "\n", "utf8");
+  return row;
+}
+
+export async function setStripeCustomerTenantMap({ dataDir, customerId, tenantId }) {
+  if (!customerId || !tenantId) return null;
+  const fp = stripeCustomerPath({ dataDir, customerId });
+  await fs.mkdir(path.dirname(fp), { recursive: true });
+  const row = {
+    schemaVersion: "MagicLinkStripeCustomerTenantMap.v1",
+    customerId,
+    tenantId,
+    updatedAt: nowIso()
+  };
+  await fs.writeFile(fp, JSON.stringify(row, null, 2) + "\n", "utf8");
+  return row;
+}
+
+export async function getTenantIdByStripeCustomerId({ dataDir, customerId }) {
+  if (!customerId || typeof customerId !== "string") return null;
+  const fp = stripeCustomerPath({ dataDir, customerId });
+  try {
+    const raw = JSON.parse(await fs.readFile(fp, "utf8"));
+    if (!isPlainObject(raw)) return null;
+    const tenantId = typeof raw.tenantId === "string" ? raw.tenantId.trim() : "";
+    return tenantId || null;
+  } catch {
+    return null;
+  }
+}