sitepaige-mcp-server 1.0.0 → 1.0.3

package/dist/defaultapp/db-password-auth.ts

@@ -0,0 +1,362 @@
+/*
+ * Username/Password Authentication Database Utilities
+ * Handles all database operations related to username/password authentication
+ */
+
+import { db_init, db_query } from './db';
+import type { DatabaseClient } from './db';
+import * as crypto from 'node:crypto';
+import { scrypt, randomBytes } from 'node:crypto';
+import { promisify } from 'node:util';
+
+const scryptAsync = promisify(scrypt);
+
+export interface PasswordAuth {
+  id: string;
+  email: string; // Email serves as username
+  passwordhash: string;
+  salt: string;
+  verificationtoken?: string;
+  verificationtokenexpires?: string;
+  emailverified: boolean;
+  resettoken?: string;
+  resettokenexpires?: string;
+  createdat: string;
+  updatedat: string;
+}
+
+/**
+ * Hash a password using scrypt
+ */
+export async function hashPassword(password: string): Promise<{ hash: string; salt: string }> {
+  const salt = randomBytes(32).toString('base64');
+  const hash = (await scryptAsync(password, salt, 64)) as Buffer;
+  return {
+    hash: hash.toString('base64'),
+    salt
+  };
+}
+
+/**
+ * Verify a password against its hash
+ */
+export async function verifyPassword(password: string, hash: string, salt: string): Promise<boolean> {
+  const derivedKey = (await scryptAsync(password, salt, 64)) as Buffer;
+  return derivedKey.toString('base64') === hash;
+}
+
+/**
+ * Create the password authentication table
+ */
+export async function createPasswordAuthTable(): Promise<void> {
+  const client = await db_init();
+  
+  const createTableQuery = `
+    CREATE TABLE IF NOT EXISTS passwordauth (
+      id TEXT PRIMARY KEY,
+      email TEXT NOT NULL UNIQUE,
+      passwordhash TEXT NOT NULL,
+      salt TEXT NOT NULL,
+      verificationtoken TEXT,
+      verificationtokenexpires TIMESTAMP,
+      emailverified BOOLEAN DEFAULT FALSE,
+      resettoken TEXT,
+      resettokenexpires TIMESTAMP,
+      createdat TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+      updatedat TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+    )
+  `;
+
+  await db_query(client, createTableQuery);
+  
+  // Create index on email for faster lookups
+  await db_query(client, 'CREATE INDEX IF NOT EXISTS idx_passwordauth_email ON passwordauth(email)');
+  await db_query(client, 'CREATE INDEX IF NOT EXISTS idx_passwordauth_verification_token ON passwordauth(verificationtoken)');
+  await db_query(client, 'CREATE INDEX IF NOT EXISTS idx_passwordauth_reset_token ON passwordauth(resettoken)');
+}
+
+/**
+ * Get password auth record by email
+ */
+export async function getPasswordAuthByEmail(email: string): Promise<PasswordAuth | null> {
+  const client = await db_init();
+  
+  const results = await db_query(client, 
+    "SELECT * FROM passwordauth WHERE email = ?",
+    [email.toLowerCase()]
+  );
+  
+  return results.length > 0 ? results[0] as PasswordAuth : null;
+}
+
+/**
+ * Create a new password auth record (for signup)
+ */
+export async function createPasswordAuth(
+  email: string,
+  password: string
+): Promise<{ passwordAuth: PasswordAuth; verificationToken: string }> {
+  const client = await db_init();
+  
+  // Check if email already exists
+  const existing = await getPasswordAuthByEmail(email);
+  if (existing) {
+    throw new Error('Email already registered');
+  }
+  
+  // Hash the password
+  const { hash, salt } = await hashPassword(password);
+  
+  // Generate verification token
+  const verificationToken = randomBytes(32).toString('base64url');
+  const verificationTokenExpires = new Date(Date.now() + 24 * 60 * 60 * 1000); // 24 hours
+  
+  const id = crypto.randomUUID();
+  const now = new Date().toISOString();
+  
+  await db_query(client,
+    `INSERT INTO passwordauth 
+     (id, email, passwordhash, salt, verificationtoken, verificationtokenexpires, emailverified, createdat, updatedat)
+     VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)`,
+    [id, email.toLowerCase(), hash, salt, verificationToken, verificationTokenExpires.toISOString(), false, now, now]
+  );
+  
+  const passwordAuth = await getPasswordAuthByEmail(email);
+  if (!passwordAuth) {
+    throw new Error('Failed to create password auth record');
+  }
+  
+  return { passwordAuth, verificationToken };
+}
+
+/**
+ * Verify email with token
+ */
+export async function verifyEmailWithToken(token: string): Promise<PasswordAuth | null> {
+  const client = await db_init();
+  
+  // Find the auth record with this token
+  const results = await db_query(client,
+    `SELECT * FROM passwordauth 
+     WHERE verificationtoken = ? 
+     AND verificationtokenexpires > CURRENT_TIMESTAMP 
+     AND emailverified = false`,
+    [token]
+  );
+  
+  if (results.length === 0) {
+    return null;
+  }
+  
+  const authRecord = results[0];
+  
+  // Mark email as verified and clear token
+  await db_query(client,
+    `UPDATE passwordauth 
+     SET emailverified = true, 
+         verificationtoken = NULL, 
+         verificationtokenexpires = NULL,
+         updatedat = CURRENT_TIMESTAMP
+     WHERE id = ?`,
+    [authRecord.id]
+  );
+  
+  return await getPasswordAuthByEmail(authRecord.email);
+}
+
+/**
+ * Authenticate user with email and password
+ */
+export async function authenticateUser(email: string, password: string): Promise<PasswordAuth | null> {
+  const authRecord = await getPasswordAuthByEmail(email);
+  
+  if (!authRecord) {
+    return null;
+  }
+  
+  // Check if email is verified
+  if (!authRecord.emailverified) {
+    throw new Error('Email not verified');
+  }
+  
+  // Verify password
+  const isValid = await verifyPassword(password, authRecord.passwordhash, authRecord.salt);
+  
+  if (!isValid) {
+    return null;
+  }
+  
+  return authRecord;
+}
+
+/**
+ * Generate password reset token
+ */
+export async function generatePasswordResetToken(email: string): Promise<string | null> {
+  const client = await db_init();
+  
+  const authRecord = await getPasswordAuthByEmail(email);
+  if (!authRecord) {
+    return null;
+  }
+  
+  const resetToken = randomBytes(32).toString('base64url');
+  const resetTokenExpires = new Date(Date.now() + 60 * 60 * 1000); // 1 hour
+  
+  await db_query(client,
+    `UPDATE passwordauth 
+     SET resettoken = ?, 
+         resettokenexpires = ?,
+         updatedat = CURRENT_TIMESTAMP
+     WHERE id = ?`,
+    [resetToken, resetTokenExpires.toISOString(), authRecord.id]
+  );
+  
+  return resetToken;
+}
+
+/**
+ * Reset password with token
+ */
+export async function resetPasswordWithToken(token: string, newPassword: string): Promise<boolean> {
+  const client = await db_init();
+  
+  // Find the auth record with this token
+  const results = await db_query(client,
+    `SELECT * FROM passwordauth 
+     WHERE resettoken = ? 
+     AND resettokenexpires > CURRENT_TIMESTAMP`,
+    [token]
+  );
+  
+  if (results.length === 0) {
+    return false;
+  }
+  
+  const authRecord = results[0];
+  
+  // Hash the new password
+  const { hash, salt } = await hashPassword(newPassword);
+  
+  // Update password and clear reset token
+  await db_query(client,
+    `UPDATE passwordauth 
+     SET passwordhash = ?, 
+         salt = ?, 
+         resettoken = NULL, 
+         resettokenexpires = NULL,
+         updatedat = CURRENT_TIMESTAMP
+     WHERE id = ?`,
+    [hash, salt, authRecord.id]
+  );
+  
+  return true;
+}
+
+/**
+ * Delete unverified accounts older than 7 days
+ */
+export async function cleanupUnverifiedAccounts(): Promise<number> {
+  const client = await db_init();
+  
+  const result = await db_query(client,
+    `DELETE FROM passwordauth 
+     WHERE emailverified = false 
+     AND createdat < datetime('now', '-7 days')`
+  );
+  
+  return result[0]?.changes || 0;
+}
+
+/**
+ * Update password for authenticated user
+ */
+export async function updatePassword(email: string, currentPassword: string, newPassword: string): Promise<boolean> {
+  // First verify the current password
+  const authRecord = await authenticateUser(email, currentPassword);
+  if (!authRecord) {
+    return false;
+  }
+  
+  // Hash the new password
+  const { hash, salt } = await hashPassword(newPassword);
+  const client = await db_init();
+  
+  // Update password
+  await db_query(client,
+    `UPDATE passwordauth 
+     SET passwordhash = ?, 
+         salt = ?,
+         updatedat = CURRENT_TIMESTAMP
+     WHERE id = ?`,
+    [hash, salt, authRecord.id]
+  );
+  
+  return true;
+}
+
+/**
+ * Regenerate email verification token for unverified accounts
+ */
+export async function regenerateVerificationToken(email: string): Promise<{ passwordAuth: PasswordAuth; verificationToken: string } | null> {
+  const client = await db_init();
+  
+  const authRecord = await getPasswordAuthByEmail(email);
+  if (!authRecord) {
+    return null;
+  }
+  
+  // Only regenerate for unverified accounts
+  if (authRecord.emailverified) {
+    throw new Error('Email is already verified');
+  }
+  
+  // Generate new verification token
+  const verificationToken = randomBytes(32).toString('base64url');
+  const verificationTokenExpires = new Date(Date.now() + 24 * 60 * 60 * 1000); // 24 hours
+  
+  await db_query(client,
+    `UPDATE passwordauth 
+     SET verificationtoken = ?, 
+         verificationtokenexpires = ?,
+         updatedat = CURRENT_TIMESTAMP
+     WHERE id = ?`,
+    [verificationToken, verificationTokenExpires.toISOString(), authRecord.id]
+  );
+  
+  const updatedAuth = await getPasswordAuthByEmail(email);
+  if (!updatedAuth) {
+    throw new Error('Failed to update verification token');
+  }
+  
+  return { passwordAuth: updatedAuth, verificationToken };
+}
+
+/**
+ * Check if an email is already registered
+ */
+export async function isEmailRegistered(email: string): Promise<boolean> {
+  const authRecord = await getPasswordAuthByEmail(email);
+  return authRecord !== null;
+}
+
+/**
+ * Get statistics about password auth users
+ */
+export async function getPasswordAuthStats(): Promise<{
+  totalUsers: number;
+  verifiedUsers: number;
+  unverifiedUsers: number;
+}> {
+  const client = await db_init();
+  
+  const stats = await db_query(client, `
+    SELECT 
+      COUNT(*) as totalUsers,
+      SUM(CASE WHEN emailverified = true THEN 1 ELSE 0 END) as verifiedUsers,
+      SUM(CASE WHEN emailverified = false THEN 1 ELSE 0 END) as unverifiedUsers
+    FROM passwordauth
+  `);
+  
+  return stats[0];
+}

package/dist/defaultapp/db-users.ts

@@ -10,7 +10,7 @@ import * as crypto from 'node:crypto';
 export interface User {
   userid: string;
   OAuthID: string;
-  Source: 'google' | 'facebook' | 'apple' | 'github';
+  Source: 'google' | 'facebook' | 'apple' | 'github' | 'userpass';
   UserName: string;
   Email?: string;
   AvatarURL?: string;
@@ -48,7 +48,7 @@ export async function getAllUsers(): Promise<User[]> {
     `SELECT * FROM users 
      WHERE IsActive = ? 
      ORDER BY UserLevel DESC, UserName ASC`,
-    [true]
+    [1]  // Use 1 instead of true for PostgreSQL compatibility
   );
   
   return users as User[];
@@ -62,7 +62,7 @@ export async function getUserByOAuthID(oauthId: string): Promise<User | null> {
 
   const users = await db_query(client, 
     "SELECT * FROM users WHERE OAuthID = ? AND IsActive = ?",
-    [oauthId, true]
+    [oauthId, 1]  // Use 1 instead of true for PostgreSQL compatibility
   );
   
   return users.length > 0 ? users[0] as User : null;
@@ -76,7 +76,7 @@ export async function getUserByID(userId: string): Promise<User | null> {
   
   const users = await db_query(client, 
     "SELECT * FROM users WHERE userid = ? AND IsActive = ?",
-    [userId, true]
+    [userId, 1]  // Use 1 instead of true for PostgreSQL compatibility
   );
   
   return users.length > 0 ? users[0] as User : null;
@@ -87,7 +87,7 @@ export async function getUserByID(userId: string): Promise<User | null> {
  */
 export async function upsertUser(
   oauthId: string,
-  source: 'google' | 'facebook' | 'apple' | 'github',
+  source: 'google' | 'facebook' | 'apple' | 'github' | 'userpass',
   userName: string,
   email?: string,
   avatarUrl?: string
@@ -122,7 +122,7 @@ export async function upsertUser(
        (userid, OAuthID, Source, UserName, Email, AvatarURL, UserLevel, UserTier,
         LastLoginDate, CreatedDate, IsActive)
        VALUES (?, ?, ?, ?, ?, ?, ?, 0, CURRENT_TIMESTAMP, CURRENT_TIMESTAMP, ?)`,
-      [userId, oauthId, source, userName, email || null, avatarUrl || '', permissionLevel, true]
+      [userId, oauthId, source, userName, email || null, avatarUrl || '', permissionLevel, 1]  // Use 1 instead of true for PostgreSQL compatibility
     );
     
     return (await getUserByOAuthID(oauthId))!;
@@ -142,7 +142,7 @@ export async function updateUserPermission(
   if (permissionLevel < 2) {
     const admins = await db_query(client,
       "SELECT COUNT(*) as count FROM users WHERE UserLevel = ? AND userid != ? AND IsActive = ?",
-      [2, userId, true]
+      [2, userId, 1]  // Use 1 instead of true for PostgreSQL compatibility
     );
     
     if (admins[0].count === 0) {
@@ -169,7 +169,7 @@ export async function deleteUser(userId: string): Promise<boolean> {
   if (user && user.UserLevel === 2) {
     const admins = await db_query(client,
       "SELECT COUNT(*) as count FROM users WHERE UserLevel = ? AND userid != ? AND IsActive = ?",
-      [2, userId, true]
+      [2, userId, 1]  // Use 1 instead of true for PostgreSQL compatibility
     );
     
     if (admins[0].count === 0) {
@@ -180,7 +180,7 @@ export async function deleteUser(userId: string): Promise<boolean> {
   // Soft delete the user
   const result = await db_query(client,
     "UPDATE users SET IsActive = ? WHERE userid = ?",
-    [false, userId]
+    [0, userId]  // Use 0 instead of false for PostgreSQL compatibility
   );
   
   return result[0].changes > 0;
@@ -205,7 +205,7 @@ export async function getUserStats(): Promise<{
       SUM(CASE WHEN UserLevel = 0 THEN 1 ELSE 0 END) as guestUsers
     FROM users
     WHERE IsActive = ?
-  `, [true]);
+  `, [1]);  // Use 1 instead of true for PostgreSQL compatibility
   
   return stats[0];
 }
@@ -286,7 +286,7 @@ export async function validateSession(sessionToken: string): Promise<{
     `SELECT s.*, u.* FROM usersession s 
      JOIN users u ON s.userid = u.userid 
      WHERE s.SessionToken = ? AND s.ExpirationDate > CURRENT_TIMESTAMP AND u.IsActive = ?`,
-    [sessionToken, true]
+    [sessionToken, 1]  // Use 1 instead of true for PostgreSQL compatibility
   );
   
   if (!sessions || sessions.length === 0) {

package/dist/defaultapp/middleware.ts

@@ -89,23 +89,21 @@ export function middleware(request: NextRequest) {
   // Using Report-Only mode to monitor CSP violations without breaking functionality
   response.headers.set('Content-Security-Policy-Report-Only', csp)
     
-  // Add CSRF token generation for state-changing requests
-  if (request.method !== 'GET' && request.method !== 'HEAD') {
-    const csrfToken = request.cookies.get('csrf-token')?.value;
-    
-    // If no CSRF token exists, generate one
-    if (!csrfToken) {
-      const newCsrfToken = crypto.randomUUID();
-      response.cookies.set({
-        name: 'csrf-token',
-        value: newCsrfToken,
-        httpOnly: true,
-        secure: process.env.NODE_ENV === 'production',
-        sameSite: 'strict',
-        maxAge: 60 * 60 * 24, // 24 hours
-        path: '/'
-      });
-    }
+  // Add CSRF token generation for all requests
+  const csrfToken = request.cookies.get('csrf-token')?.value;
+  
+  // If no CSRF token exists, generate one
+  if (!csrfToken) {
+    const newCsrfToken = crypto.randomUUID();
+    response.cookies.set({
+      name: 'csrf-token',
+      value: newCsrfToken,
+      httpOnly: true,
+      secure: process.env.NODE_ENV === 'production',
+      sameSite: 'strict',
+      maxAge: 60 * 60 * 24, // 24 hours
+      path: '/'
+    });
   }
     
   

package/dist/defaultapp/storage/email.ts

@@ -0,0 +1,162 @@
+import { randomBytes } from 'crypto';
+
+// Simple in-memory storage for email tracking (in production, use a database)
+const emailHistory: Map<string, any> = new Map();
+
+export interface EmailOptions {
+  to: string | string[];
+  from: string;
+  subject: string;
+  html?: string;
+  text?: string;
+  cc?: string | string[];
+  bcc?: string | string[];
+  replyTo?: string | string[];
+  attachments?: Array<{
+    filename: string;
+    content: string; // base64 encoded content
+    contentType?: string;
+  }>;
+  headers?: Record<string, string>;
+  tags?: Array<{
+    name: string;
+    value: string;
+  }>;
+}
+
+/**
+ * Send email function that sends emails via the Resend API
+ * @param options Email options including to, from, subject, message content, etc.
+ * @returns Promise that resolves to the email ID from Resend
+ */
+export async function send_email(options: EmailOptions): Promise<string> {
+  console.log(`📧 Sending email to: ${Array.isArray(options.to) ? options.to.join(', ') : options.to}`);
+  console.log(`📧 Subject: ${options.subject}`);
+  
+  try {
+    // Get API key from environment
+    const apiKey = process.env.RESEND_API_KEY;
+    if (!apiKey) {
+      throw new Error('RESEND_API_KEY environment variable is not set');
+    }
+    
+    // Prepare request body for Resend API
+    const requestBody: any = {
+      to: options.to,
+      from: options.from,
+      subject: options.subject,
+    };
+    
+    // Add optional fields
+    if (options.html) requestBody.html = options.html;
+    if (options.text) requestBody.text = options.text;
+    if (options.cc) requestBody.cc = options.cc;
+    if (options.bcc) requestBody.bcc = options.bcc;
+    if (options.replyTo) requestBody.reply_to = options.replyTo;
+    if (options.headers) requestBody.headers = options.headers;
+    if (options.tags) requestBody.tags = options.tags;
+    
+    // Handle attachments
+    if (options.attachments && options.attachments.length > 0) {
+      requestBody.attachments = options.attachments.map(att => ({
+        filename: att.filename,
+        content: att.content,
+        content_type: att.contentType,
+      }));
+    }
+    
+    // Make API request to Resend
+    const response = await fetch('https://api.resend.com/emails', {
+      method: 'POST',
+      headers: {
+        'Authorization': `Bearer ${apiKey}`,
+        'Content-Type': 'application/json',
+      },
+      body: JSON.stringify(requestBody),
+    });
+    
+    if (!response.ok) {
+      const errorData = await response.json().catch(() => ({ message: 'Unknown error' }));
+      throw new Error(`Resend API error: ${response.status} - ${errorData.message || response.statusText}`);
+    }
+    
+    const result = await response.json();
+    const emailId = result.id;
+    
+    // Store email metadata
+    const emailKey = `${Date.now()}_${randomBytes(6).toString('hex')}`;
+    emailHistory.set(emailKey, {
+      id: emailId,
+      to: options.to,
+      from: options.from,
+      subject: options.subject,
+      sentAt: new Date().toISOString(),
+      status: 'sent',
+    });
+    
+    console.log(`✅ Email sent successfully. ID: ${emailId}`);
+    
+    return emailId;
+  } catch (error) {
+    console.error('❌ Error sending email:', error);
+    throw new Error(`Failed to send email: ${error}`);
+  }
+}
+
+/**
+ * Get email status by ID
+ * @param emailId The email ID returned from send_email
+ * @returns Email metadata or undefined if not found
+ */
+export async function getEmailStatus(emailId: string): Promise<any> {
+  // Find email in history by Resend ID
+  for (const [key, data] of emailHistory.entries()) {
+    if (data.id === emailId) {
+      return data;
+    }
+  }
+  
+  // If not found locally, could query Resend API for status
+  const apiKey = process.env.RESEND_API_KEY;
+  if (!apiKey) {
+    throw new Error('RESEND_API_KEY environment variable is not set');
+  }
+  
+  try {
+    const response = await fetch(`https://api.resend.com/emails/${emailId}`, {
+      headers: {
+        'Authorization': `Bearer ${apiKey}`,
+      },
+    });
+    
+    if (!response.ok) {
+      return undefined;
+    }
+    
+    return await response.json();
+  } catch (error) {
+    console.error('Error fetching email status:', error);
+    return undefined;
+  }
+}
+
+/**
+ * List sent emails from local history
+ * @returns Array of email metadata
+ */
+export function listSentEmails(): Array<any> {
+  return Array.from(emailHistory.values());
+}
+
+/**
+ * Initialize global send_email function for generated API code
+ * This makes send_email available in the same way as the preview environment
+ */
+export function initializeGlobalEmailAPI(): void {
+  // Make send_email available globally for API code execution
+  (global as any).send_email = send_email;
+  (global as any).getEmailStatus = getEmailStatus;
+  (global as any).listSentEmails = listSentEmails;
+  
+  console.log('✅ Global email API initialized');
+}

package/dist/generators/apis.js

@@ -245,6 +245,7 @@ This file is generated by Sitepaige.
 import { NextRequest, NextResponse } from 'next/server';
 import { check_auth } from '${relativePathToRoot}auth/auth';
 import { store_file } from '${relativePathToRoot}storage/files';
+import { send_email } from '${relativePathToRoot}storage/email';
 import { db_init, db_query } from '${relativePathToRoot}db';
 `;
         const routeCode = header + "\n" + processedApiCode + "\n";