showpane 0.4.1 → 0.4.2

package/bundle/scaffold/src/app/api/client-auth/route.ts

@@ -0,0 +1,82 @@
+import { NextRequest, NextResponse } from "next/server";
+import { validateClientLogin, resolveDefaultOrganizationId } from "@/lib/client-portals";
+import {
+  isClientAuthConfigured,
+  signSessionToken,
+  setClientAuthCookie,
+} from "@/lib/client-auth";
+
+const attempts = new Map<string, { count: number; resetAt: number }>();
+const MAX_ATTEMPTS = 5;
+const WINDOW_MS = 5 * 60_000;
+
+function isRateLimited(ip: string): boolean {
+  const now = Date.now();
+  const entry = attempts.get(ip);
+
+  if (!entry || now > entry.resetAt) {
+    if (attempts.size > 1000) {
+      for (const [key, e] of attempts) {
+        if (now > e.resetAt) attempts.delete(key);
+      }
+    }
+    attempts.set(ip, { count: 1, resetAt: now + WINDOW_MS });
+    return false;
+  }
+
+  entry.count++;
+  return entry.count > MAX_ATTEMPTS;
+}
+
+export async function POST(req: NextRequest) {
+  if (!isClientAuthConfigured()) {
+    return NextResponse.json(
+      { error: "Client portal auth is not configured." },
+      { status: 503 }
+    );
+  }
+
+  const ip =
+    req.headers.get("x-forwarded-for")?.split(",")[0]?.trim() ||
+    req.headers.get("x-real-ip") ||
+    "unknown";
+
+  if (isRateLimited(ip)) {
+    return NextResponse.json(
+      { error: "Too many attempts. Please try again later." },
+      { status: 429 }
+    );
+  }
+
+  let body: { username?: string; password?: string };
+  try {
+    body = await req.json();
+  } catch {
+    return NextResponse.json({ error: "Invalid request" }, { status: 400 });
+  }
+
+  const { username, password } = body;
+  if (!username || !password) {
+    return NextResponse.json({ error: "Invalid credentials" }, { status: 401 });
+  }
+
+  // Resolve organization — self-hosted uses first org, cloud reads ORG_ID env var
+  const orgId = await resolveDefaultOrganizationId();
+  if (!orgId) {
+    return NextResponse.json({ error: "No organization configured" }, { status: 503 });
+  }
+
+  const slug = await validateClientLogin(orgId, username, password);
+  if (!slug) {
+    return NextResponse.json({ error: "Invalid credentials" }, { status: 401 });
+  }
+
+  const token = await signSessionToken(orgId, slug);
+  if (!token) {
+    return NextResponse.json({ error: "Unable to create session" }, { status: 500 });
+  }
+
+  const res = NextResponse.json({ ok: true, slug });
+  setClientAuthCookie(res, token);
+  return res;
+}

package/bundle/scaffold/src/app/api/client-auth/share/route.ts

@@ -0,0 +1,30 @@
+import { NextRequest, NextResponse } from "next/server";
+import {
+  getAuthenticatedPortal,
+  isClientAuthConfigured,
+  signShareToken,
+} from "@/lib/client-auth";
+
+export async function GET(req: NextRequest) {
+  if (!isClientAuthConfigured()) {
+    return NextResponse.json(
+      { error: "Client portal auth is not configured." },
+      { status: 503 }
+    );
+  }
+
+  const portal = await getAuthenticatedPortal(req, "session");
+  if (!portal) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+
+  const shareToken = await signShareToken(portal.orgId, portal.slug);
+  if (!shareToken) {
+    return NextResponse.json({ error: "Unable to create share link" }, { status: 500 });
+  }
+
+  const baseUrl = process.env.NEXT_PUBLIC_APP_URL || `${req.nextUrl.protocol}//${req.nextUrl.host}`;
+  const shareUrl = `${baseUrl}/client/${portal.slug}/s/${shareToken}`;
+
+  return NextResponse.json({ shareUrl });
+}

package/bundle/scaffold/src/app/api/client-events/route.ts

@@ -0,0 +1,87 @@
+import { NextRequest, NextResponse } from "next/server";
+import { getAuthenticatedPortal } from "@/lib/client-auth";
+import { getClientPortalId } from "@/lib/client-portals";
+import { sendControlPlaneEvent } from "@/lib/control-plane";
+import {
+  EVENT_METADATA_MAX_BYTES,
+  isEventRateLimited,
+} from "@/lib/abuse-controls";
+import { prisma } from "@/lib/db";
+import {
+  isPortalEventType,
+  PORTAL_EVENT_TYPES,
+  type PortalEventMetadata,
+} from "@/lib/portal-contracts";
+import { isRuntimeSnapshotMode } from "@/lib/runtime-state";
+
+const VALID_EVENTS = new Set(PORTAL_EVENT_TYPES);
+
+export async function POST(req: NextRequest) {
+  const portal = await getAuthenticatedPortal(req);
+  if (!portal) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+
+  let body: unknown;
+  try {
+    body = await req.json();
+  } catch {
+    return NextResponse.json({ error: "Invalid JSON" }, { status: 400 });
+  }
+
+  const { event, detail, visitorId, metadata } = body as {
+    event?: string;
+    detail?: string;
+    visitorId?: string;
+    metadata?: PortalEventMetadata;
+  };
+
+  if (!event || !isPortalEventType(event) || !VALID_EVENTS.has(event)) {
+    return NextResponse.json({ error: "Invalid event type" }, { status: 400 });
+  }
+
+  if (isEventRateLimited(`${portal.orgId}:${portal.slug}:${visitorId || "anon"}`)) {
+    return NextResponse.json({ error: "Too many events. Try again later." }, { status: 429 });
+  }
+
+  const metadataText = metadata ? JSON.stringify(metadata) : null;
+  if (metadataText && Buffer.byteLength(metadataText, "utf8") > EVENT_METADATA_MAX_BYTES) {
+    return NextResponse.json({ error: "Event metadata too large" }, { status: 413 });
+  }
+
+  const ip =
+    req.headers.get("x-forwarded-for")?.split(",")[0]?.trim() ||
+    req.headers.get("x-real-ip") ||
+    "unknown";
+
+  if (isRuntimeSnapshotMode()) {
+    try {
+      await sendControlPlaneEvent(portal.slug, {
+        event,
+        detail,
+        visitorId,
+        metadata,
+      });
+    } catch {
+      // Do not fail portal interactions if analytics forwarding is unavailable.
+    }
+  } else {
+    // Look up portal by org-scoped slug to get its ID
+    const portalId = await getClientPortalId(portal.orgId, portal.slug);
+
+    if (portalId) {
+      await prisma.portalEvent.create({
+        data: {
+          portalId,
+          event,
+          detail: detail || null,
+          visitorId: visitorId || null,
+          metadata: metadataText,
+          ipAddress: ip,
+        },
+      });
+    }
+  }
+
+  return NextResponse.json({ ok: true });
+}

package/bundle/scaffold/src/app/api/client-files/[...path]/route.ts

@@ -0,0 +1,80 @@
+import { NextRequest, NextResponse } from "next/server";
+import { getAuthenticatedPortal } from "@/lib/client-auth";
+import { downloadControlPlaneFile } from "@/lib/control-plane";
+import { readFile_, StorageError } from "@/lib/storage";
+import { prisma } from "@/lib/db";
+import { getServedFileMetadata, hasSafePathSegments } from "@/lib/files";
+import { getStoragePath } from "@/lib/storage";
+import { isRuntimeSnapshotMode } from "@/lib/runtime-state";
+
+export async function GET(
+  req: NextRequest,
+  { params }: { params: Promise<{ path: string[] }> }
+) {
+  const portal = await getAuthenticatedPortal(req);
+  if (!portal) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+
+  const { path: pathSegments } = await params;
+  if (!hasSafePathSegments(pathSegments) || pathSegments.length !== 1) {
+    return NextResponse.json({ error: "Invalid file path" }, { status: 400 });
+  }
+
+  if (isRuntimeSnapshotMode()) {
+    const res = await downloadControlPlaneFile(portal.slug, pathSegments);
+    if (!res.ok) {
+      return NextResponse.json({ error: "File not found" }, { status: res.status });
+    }
+    return new NextResponse(res.body, {
+      status: res.status,
+      headers: res.headers,
+    });
+  }
+
+  const filename = pathSegments[0];
+  const filePath = getStoragePath(portal.orgId, portal.slug, filename);
+
+  try {
+    const record = await prisma.portalFile.findFirst({
+      where: {
+        storagePath: filePath,
+        portal: {
+          organizationId: portal.orgId,
+          slug: portal.slug,
+          isActive: true,
+        },
+      },
+      select: {
+        filename: true,
+        mimeType: true,
+        storagePath: true,
+      },
+    });
+
+    if (!record) {
+      return NextResponse.json({ error: "File not found" }, { status: 404 });
+    }
+
+    const data = await readFile_(record.storagePath);
+    if (!data) {
+      return NextResponse.json({ error: "File not found" }, { status: 404 });
+    }
+
+    const served = getServedFileMetadata(record.filename, record.mimeType);
+
+    return new NextResponse(new Uint8Array(data), {
+      headers: {
+        "Content-Type": served.contentType,
+        "Content-Disposition": `${served.disposition}; filename="${record.filename}"`,
+        "Cache-Control": "private, max-age=3600",
+        "X-Content-Type-Options": "nosniff",
+      },
+    });
+  } catch (err) {
+    if (err instanceof StorageError) {
+      return NextResponse.json({ error: "Storage unavailable" }, { status: 502 });
+    }
+    throw err;
+  }
+}

package/bundle/scaffold/src/app/api/client-files/client-upload/route.ts

@@ -0,0 +1,118 @@
+import { NextRequest, NextResponse } from "next/server";
+import { createHash } from "crypto";
+import { getAuthenticatedPortal } from "@/lib/client-auth";
+import { getClientPortalId } from "@/lib/client-portals";
+import { uploadControlPlaneFile } from "@/lib/control-plane";
+import { prisma } from "@/lib/db";
+import { saveFile, getStoragePath, StorageError } from "@/lib/storage";
+import { isRuntimeSnapshotMode } from "@/lib/runtime-state";
+import {
+  DEFAULT_PORTAL_STORAGE_QUOTA_BYTES,
+  isUploadRateLimited,
+} from "@/lib/abuse-controls";
+import {
+  isAllowedUploadFilename,
+  isBlockedUploadFilename,
+  sanitizeFilename,
+  sniffUploadContentType,
+} from "@/lib/files";
+
+const MAX_FILE_SIZE = 50 * 1024 * 1024; // 50MB
+
+export async function POST(req: NextRequest) {
+  const portal = await getAuthenticatedPortal(req, "session");
+  if (!portal) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+
+  let formData: FormData;
+  try {
+    formData = await req.formData();
+  } catch {
+    return NextResponse.json({ error: "Invalid multipart data" }, { status: 400 });
+  }
+
+  const file = formData.get("file") as File | null;
+
+  if (!file) {
+    return NextResponse.json({ error: "Missing file" }, { status: 400 });
+  }
+
+  if (isRuntimeSnapshotMode()) {
+    const upstream = await uploadControlPlaneFile(portal.slug, file);
+    return new NextResponse(upstream.body, {
+      status: upstream.status,
+      headers: upstream.headers,
+    });
+  }
+
+  if (file.size > MAX_FILE_SIZE) {
+    return NextResponse.json({ error: "File too large (max 50MB)" }, { status: 413 });
+  }
+
+  const portalId = await getClientPortalId(portal.orgId, portal.slug);
+
+  if (!portalId) {
+    return NextResponse.json({ error: "Portal not found" }, { status: 404 });
+  }
+
+  if (isUploadRateLimited(`client:${portal.orgId}:${portal.slug}`)) {
+    return NextResponse.json({ error: "Too many uploads. Try again later." }, { status: 429 });
+  }
+
+  const filename = sanitizeFilename(file.name);
+  const buffer = Buffer.from(await file.arrayBuffer());
+  const checksum = createHash("sha256").update(buffer).digest("hex");
+  const mimeType = sniffUploadContentType(filename, buffer, file.type || undefined);
+
+  if (isBlockedUploadFilename(filename) || !isAllowedUploadFilename(filename)) {
+    return NextResponse.json({ error: "File type not allowed" }, { status: 415 });
+  }
+
+  const storagePath = getStoragePath(portal.orgId, portal.slug, filename);
+
+  const [existingFile, portalUsage] = await Promise.all([
+    prisma.portalFile.findUnique({
+      where: { storagePath },
+      select: { size: true },
+    }),
+    prisma.portalFile.aggregate({
+      where: { portalId },
+      _sum: { size: true },
+    }),
+  ]);
+
+  const currentUsage = portalUsage._sum.size ?? 0;
+  const existingSize = existingFile?.size ?? 0;
+  const projectedUsage = currentUsage - existingSize + file.size;
+  if (projectedUsage > DEFAULT_PORTAL_STORAGE_QUOTA_BYTES) {
+    return NextResponse.json({ error: "Portal storage quota exceeded" }, { status: 413 });
+  }
+
+  try {
+    await saveFile(storagePath, buffer, mimeType);
+  } catch (err) {
+    if (err instanceof StorageError) {
+      return NextResponse.json({ error: "Storage unavailable" }, { status: 502 });
+    }
+    throw err;
+  }
+
+  try {
+    const record = await prisma.portalFile.upsert({
+      where: { storagePath },
+      update: { filename, mimeType, checksum, size: file.size, uploadedBy: "client", uploadedAt: new Date() },
+      create: { portalId: portalId, filename, mimeType, storagePath, checksum, size: file.size, uploadedBy: "client" },
+    });
+
+    console.log(JSON.stringify({ event: "file_upload", slug: portal.slug, filename, size: file.size, uploadedBy: "client" }));
+
+    return NextResponse.json({
+      ok: true,
+      file: { id: record.id, filename: record.filename, mimeType: record.mimeType, size: record.size, uploadedBy: record.uploadedBy },
+    });
+  } catch (err) {
+    console.error("DB error during file upload:", err);
+    return NextResponse.json({ error: "Database error" }, { status: 503 });
+  }
+}

package/bundle/scaffold/src/app/api/client-files/route.ts

@@ -0,0 +1,37 @@
+import { NextRequest, NextResponse } from "next/server";
+import { getAuthenticatedPortal } from "@/lib/client-auth";
+import { listControlPlaneFiles } from "@/lib/control-plane";
+import { prisma } from "@/lib/db";
+import { isRuntimeSnapshotMode } from "@/lib/runtime-state";
+
+export async function GET(req: NextRequest) {
+  const portal = await getAuthenticatedPortal(req);
+  if (!portal) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+
+  try {
+    if (isRuntimeSnapshotMode()) {
+      const files = await listControlPlaneFiles(portal.slug);
+      return NextResponse.json({ files });
+    }
+
+    const files = await prisma.portalFile.findMany({
+      where: { portal: { organizationId: portal.orgId, slug: portal.slug, isActive: true } },
+      orderBy: { uploadedAt: "desc" },
+      select: {
+        id: true,
+        filename: true,
+        mimeType: true,
+        size: true,
+        uploadedBy: true,
+        uploadedAt: true,
+      },
+    });
+
+    return NextResponse.json({ files });
+  } catch (err) {
+    console.error("DB error listing files:", err);
+    return NextResponse.json({ error: "Database error" }, { status: 503 });
+  }
+}

package/bundle/scaffold/src/app/api/client-files/upload/route.ts

@@ -0,0 +1,131 @@
+import { NextRequest, NextResponse } from "next/server";
+import { timingSafeEqual } from "crypto";
+import { createHash } from "crypto";
+import { uploadControlPlaneFile } from "@/lib/control-plane";
+import { prisma } from "@/lib/db";
+import { saveFile, getStoragePath, StorageError } from "@/lib/storage";
+import { resolveDefaultOrganizationId, getClientPortalId } from "@/lib/client-portals";
+import { isRuntimeSnapshotMode } from "@/lib/runtime-state";
+import {
+  DEFAULT_PORTAL_STORAGE_QUOTA_BYTES,
+  isUploadRateLimited,
+} from "@/lib/abuse-controls";
+import {
+  isAllowedUploadFilename,
+  isBlockedUploadFilename,
+  sanitizeFilename,
+  sniffUploadContentType,
+} from "@/lib/files";
+
+const MAX_FILE_SIZE = 50 * 1024 * 1024; // 50MB
+
+function constantTimeCompare(a: string, b: string): boolean {
+  if (a.length !== b.length) return false;
+  return timingSafeEqual(Buffer.from(a), Buffer.from(b));
+}
+
+export async function POST(req: NextRequest) {
+  const authHeader = req.headers.get("authorization");
+  const secret = process.env.AUTH_SECRET;
+  if (!secret || !authHeader || !constantTimeCompare(authHeader, `Bearer ${secret}`)) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+
+  let formData: FormData;
+  try {
+    formData = await req.formData();
+  } catch {
+    return NextResponse.json({ error: "Invalid multipart data" }, { status: 400 });
+  }
+
+  const file = formData.get("file") as File | null;
+  const portalSlug = formData.get("portalSlug") as string | null;
+
+  if (!file || !portalSlug) {
+    return NextResponse.json({ error: "Missing file or portalSlug" }, { status: 400 });
+  }
+
+  if (isRuntimeSnapshotMode()) {
+    const upstream = await uploadControlPlaneFile(portalSlug, file);
+    return new NextResponse(upstream.body, {
+      status: upstream.status,
+      headers: upstream.headers,
+    });
+  }
+
+  if (file.size > MAX_FILE_SIZE) {
+    return NextResponse.json({ error: "File too large (max 50MB)" }, { status: 413 });
+  }
+
+  // Resolve org — operator uploads use Bearer auth, not cookie
+  const orgId = await resolveDefaultOrganizationId();
+  if (!orgId) {
+    return NextResponse.json({ error: "No organization configured" }, { status: 503 });
+  }
+
+  const portalId = await getClientPortalId(orgId, portalSlug);
+
+  if (!portalId) {
+    return NextResponse.json({ error: "Portal not found" }, { status: 404 });
+  }
+
+  if (isUploadRateLimited(`operator:${orgId}:${portalSlug}`)) {
+    return NextResponse.json({ error: "Too many uploads. Try again later." }, { status: 429 });
+  }
+
+  const filename = sanitizeFilename(file.name);
+  const buffer = Buffer.from(await file.arrayBuffer());
+  const checksum = createHash("sha256").update(buffer).digest("hex");
+  const mimeType = sniffUploadContentType(filename, buffer, file.type || undefined);
+
+  if (isBlockedUploadFilename(filename) || !isAllowedUploadFilename(filename)) {
+    return NextResponse.json({ error: "File type not allowed" }, { status: 415 });
+  }
+
+  const storagePath = getStoragePath(orgId, portalSlug, filename);
+
+  const [existingFile, portalUsage] = await Promise.all([
+    prisma.portalFile.findUnique({
+      where: { storagePath },
+      select: { size: true },
+    }),
+    prisma.portalFile.aggregate({
+      where: { portalId },
+      _sum: { size: true },
+    }),
+  ]);
+
+  const currentUsage = portalUsage._sum.size ?? 0;
+  const existingSize = existingFile?.size ?? 0;
+  const projectedUsage = currentUsage - existingSize + file.size;
+  if (projectedUsage > DEFAULT_PORTAL_STORAGE_QUOTA_BYTES) {
+    return NextResponse.json({ error: "Portal storage quota exceeded" }, { status: 413 });
+  }
+
+  try {
+    await saveFile(storagePath, buffer, mimeType);
+  } catch (err) {
+    if (err instanceof StorageError) {
+      return NextResponse.json({ error: "Storage unavailable" }, { status: 502 });
+    }
+    throw err;
+  }
+
+  try {
+    const record = await prisma.portalFile.upsert({
+      where: { storagePath },
+      update: { filename, mimeType, checksum, size: file.size, uploadedBy: "operator", uploadedAt: new Date() },
+      create: { portalId, filename, mimeType, storagePath, checksum, size: file.size, uploadedBy: "operator" },
+    });
+
+    console.log(JSON.stringify({ event: "file_upload", slug: portalSlug, filename, size: file.size, uploadedBy: "operator" }));
+
+    return NextResponse.json({
+      ok: true,
+      file: { id: record.id, filename: record.filename, mimeType: record.mimeType, size: record.size, uploadedBy: record.uploadedBy },
+    });
+  } catch (err) {
+    console.error("DB error during file upload:", err);
+    return NextResponse.json({ error: "Database error" }, { status: 503 });
+  }
+}

package/bundle/scaffold/src/app/api/health/route.ts

@@ -0,0 +1,19 @@
+import { NextResponse } from "next/server";
+import { prisma } from "@/lib/db";
+import { isRuntimeSnapshotMode } from "@/lib/runtime-state";
+
+export async function GET() {
+  if (isRuntimeSnapshotMode()) {
+    return NextResponse.json({ status: "ok", mode: "runtime-snapshot" });
+  }
+
+  try {
+    await prisma.$queryRaw`SELECT 1`;
+    return NextResponse.json({ status: "ok", db: "connected" });
+  } catch {
+    return NextResponse.json(
+      { status: "error", db: "disconnected" },
+      { status: 503 }
+    );
+  }
+}

package/bundle/scaffold/src/app/globals.css

@@ -0,0 +1,7 @@
+@tailwind base;
+@tailwind components;
+@tailwind utilities;
+
+:root {
+  --color-primary: #111827;
+}

package/bundle/scaffold/src/app/layout.tsx

@@ -0,0 +1,25 @@
+import type { Metadata } from "next";
+import { Inter } from "next/font/google";
+import "./globals.css";
+
+const inter = Inter({ subsets: ["latin"] });
+
+export const metadata: Metadata = {
+  title: "Client Portal",
+  description: "Secure client portal powered by Showpane",
+  robots: { index: false, follow: false },
+};
+
+export default function RootLayout({
+  children,
+}: {
+  children: React.ReactNode;
+}) {
+  return (
+    <html lang="en">
+      <body className={inter.className}>
+        {children}
+      </body>
+    </html>
+  );
+}