sitepaige-mcp-server 1.0.2 → 1.1.0

package/defaultapp/api/Auth/route.ts

@@ -10,7 +10,6 @@ import * as crypto from 'node:crypto';
 
 import { db_init, db_query } from '../../db';
 import { upsertUser, storeOAuthToken, validateSession, rotateSession } from '../../db-users';
-import { validateCsrfToken } from '../../csrf';
 
 type OAuthProvider = 'google' | 'facebook' | 'apple'  | 'github';
 
@@ -42,7 +41,7 @@ export async function POST(request: Request) {
     }
 
     // Handle username/password authentication
-    if (provider === 'username') {
+    if (provider === 'userpass') {
       if (!email || !password) {
         return NextResponse.json(
           { error: 'Email and password are required' },
@@ -70,7 +69,7 @@ export async function POST(request: Request) {
         // Create or update user in the main Users table
         const user = await upsertUser(
           `password_${authRecord.id}`, // Unique OAuth ID for password users
-          'username' as any, // Source type
+          'userpass' as any, // Source type
           email.split('@')[0], // Username from email
           email,
           undefined // No avatar for password auth
@@ -78,14 +77,14 @@ export async function POST(request: Request) {
 
         // Delete existing sessions for this user
         const existingSessions = await db_query(db, 
-          "SELECT ID FROM usersession WHERE userid = ?", 
+          "SELECT id FROM usersession WHERE userid = ?", 
           [user.userid]
         );
         
         if (existingSessions && existingSessions.length > 0) {
-          const sessionIds = existingSessions.map(session => session.ID);
+          const sessionIds = existingSessions.map(session => session.id);
           const placeholders = sessionIds.map(() => '?').join(',');
-          await db_query(db, `DELETE FROM usersession WHERE ID IN (${placeholders})`, sessionIds);
+          await db_query(db, `DELETE FROM usersession WHERE id IN (${placeholders})`, sessionIds);
         }
 
         // Generate secure session token and ID
@@ -94,7 +93,7 @@ export async function POST(request: Request) {
 
         // Create new session with secure token
         await db_query(db, 
-          "INSERT INTO usersession (ID, SessionToken, userid, ExpirationDate) VALUES (?, ?, ?, ?)",
+          "INSERT INTO usersession (id, sessiontoken, userid, expirationdate) VALUES (?, ?, ?, ?)",
           [sessionId, sessionToken, user.userid, new Date(Date.now() + 30 * 24 * 60 * 60 * 1000).toISOString()]
         );
 
@@ -113,10 +112,10 @@ export async function POST(request: Request) {
         // Create a completely clean object to avoid any database result object issues
         const cleanUserData = {
           userid: String(user.userid),
-          userName: String(user.UserName),
-          avatarURL: String(user.AvatarURL || ''),
-          userLevel: Number(user.UserLevel),
-          isAdmin: Number(user.UserLevel) === 2
+          userName: String(user.username),
+          avatarURL: String(user.avatarurl || ''),
+          userLevel: Number(user.userlevel),
+          isAdmin: Number(user.userlevel) === 2
         };
         
         return NextResponse.json({ 
@@ -153,7 +152,7 @@ export async function POST(request: Request) {
     }
 
     let userData = {
-        ID: '',
+        id: '',
         name: '',
         email: '',
         avatar_url: '',
@@ -204,28 +203,28 @@ export async function POST(request: Request) {
     switch (validProvider) {
    
         case 'google':
-            userData.ID = fetchedUserData.id;
+            userData.id = fetchedUserData.id;
             userData.name = fetchedUserData.name;
             userData.email = fetchedUserData.email;
             userData.avatar_url = fetchedUserData.picture;
             break;
 
         case 'facebook':
-            userData.ID = fetchedUserData.id;
+            userData.id = fetchedUserData.id;
             userData.name = fetchedUserData.name;
             userData.email = fetchedUserData.email;
             userData.avatar_url = fetchedUserData.picture?.data?.url;
             break;
 
         case 'apple':
-            userData.ID = fetchedUserData.sub;
+            userData.id = fetchedUserData.sub;
             userData.name = `${fetchedUserData.given_name || ''} ${fetchedUserData.family_name || ''}`.trim();
             userData.email = fetchedUserData.email;
             // Apple doesn't provide avatar URL
             break;
 
         case 'github':
-            userData.ID = fetchedUserData.id?.toString();
+            userData.id = fetchedUserData.id?.toString();
             userData.name = fetchedUserData.name || fetchedUserData.login;
             userData.email = fetchedUserData.email;
             userData.avatar_url = fetchedUserData.avatar_url;
@@ -240,7 +239,7 @@ export async function POST(request: Request) {
     
     // Create or update user using the new user management system
     const user = await upsertUser(
-      userData.ID,
+      userData.id,
       validProvider,
       userData.name,
       userData.email,
@@ -258,14 +257,14 @@ export async function POST(request: Request) {
     
     // Delete existing sessions for this user
     const existingSessions = await db_query(db, 
-      "SELECT ID FROM usersession WHERE userid = ?", 
+      "SELECT id FROM usersession WHERE userid = ?", 
       [user.userid]
     );
     
     if (existingSessions && existingSessions.length > 0) {
-        const sessionIds = existingSessions.map(session => session.ID);
+        const sessionIds = existingSessions.map(session => session.id);
         const placeholders = sessionIds.map(() => '?').join(',');
-        await db_query(db, `DELETE FROM usersession WHERE ID IN (${placeholders})`, sessionIds);
+        await db_query(db, `DELETE FROM usersession WHERE id IN (${placeholders})`, sessionIds);
     }
 
     // Generate secure session token and ID
@@ -274,7 +273,7 @@ export async function POST(request: Request) {
 
     // Create new session with secure token
     await db_query(db, 
-      "INSERT INTO usersession (ID, SessionToken, userid, ExpirationDate) VALUES (?, ?, ?, ?)",
+      "INSERT INTO usersession (id, sessiontoken, userid, expirationdate) VALUES (?, ?, ?, ?)",
       [sessionId, sessionToken, user.userid, new Date(Date.now() + 30 * 24 * 60 * 60 * 1000).toISOString()]
     );
 
@@ -293,10 +292,10 @@ export async function POST(request: Request) {
     // Create a completely clean object to avoid any database result object issues
     const cleanUserData = {
       userid: String(user.userid),
-      userName: String(user.UserName),
-      avatarURL: String(user.AvatarURL || ''),
-      userLevel: Number(user.UserLevel),
-      isAdmin: Number(user.UserLevel) === 2
+      userName: String(user.username),
+      avatarURL: String(user.avatarurl || ''),
+      userLevel: Number(user.userlevel),
+      isAdmin: Number(user.userlevel) === 2
     };
     
     return NextResponse.json({ 
@@ -347,13 +346,13 @@ export async function GET() {
         const response = NextResponse.json({
           user: {
             userid: sessionData.user.userid,
-            UserName: sessionData.user.UserName,
-            AvatarURL: sessionData.user.AvatarURL,
-            Email: sessionData.user.Email,
-            UserLevel: sessionData.user.UserLevel,
-            IsAdmin: sessionData.user.UserLevel === 2,
-            Source: sessionData.user.Source,
-            LastLoginDate: sessionData.user.LastLoginDate
+            username: sessionData.user.username,
+            avatarurl: sessionData.user.avatarurl,
+            email: sessionData.user.email,
+            userlevel: sessionData.user.userlevel,
+            isadmin: sessionData.user.userlevel === 2,
+            source: sessionData.user.source,
+            lastlogindate: sessionData.user.lastlogindate
           }
         });
         
@@ -376,13 +375,13 @@ export async function GET() {
     return NextResponse.json({
       user: {
         userid: sessionData.user.userid,
-        UserName: sessionData.user.UserName,
-        AvatarURL: sessionData.user.AvatarURL,
-        Email: sessionData.user.Email,
-        UserLevel: sessionData.user.UserLevel,
-        IsAdmin: sessionData.user.UserLevel === 2,
-        Source: sessionData.user.Source,
-        LastLoginDate: sessionData.user.LastLoginDate
+        username: sessionData.user.username,
+        avatarurl: sessionData.user.avatarurl,
+        email: sessionData.user.email,
+        userlevel: sessionData.user.userlevel,
+        isadmin: sessionData.user.userlevel === 2,
+        source: sessionData.user.source,
+        lastlogindate: sessionData.user.lastlogindate
       }
     });
 
@@ -395,15 +394,6 @@ export async function GET() {
 }
 
 export async function DELETE(request: Request) {
-  // Validate CSRF token for logout
-  const isValidCsrf = await validateCsrfToken(request);
-  if (!isValidCsrf) {
-    return NextResponse.json(
-      { error: 'Invalid CSRF token' },
-      { status: 403 }
-    );
-  }
-  
   const db = await db_init();
   
   try {
@@ -420,7 +410,7 @@ export async function DELETE(request: Request) {
 
     // Delete session from database using the actual session token
     await db_query(db, 
-      "DELETE FROM usersession WHERE SessionToken = ?", 
+      "DELETE FROM usersession WHERE sessiontoken = ?", 
       [sessionToken]
     );
 

package/defaultapp/api/Auth/signup/route.ts

@@ -4,7 +4,6 @@
  */
 
 import { NextResponse } from 'next/server';
-import { validateCsrfToken } from '../../../csrf';
 import { createPasswordAuth } from '../../../db-password-auth';
 import { send_email } from '../../../storage/email';
 
@@ -15,15 +14,6 @@ const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
 const passwordRegex = /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d).{8,}$/;
 
 export async function POST(request: Request) {
-  // Validate CSRF token
-  const isValidCsrf = await validateCsrfToken(request);
-  if (!isValidCsrf) {
-    return NextResponse.json(
-      { error: 'Invalid CSRF token' },
-      { status: 403 }
-    );
-  }
-
   try {
     const { email, password } = await request.json();
 
@@ -62,11 +52,11 @@ export async function POST(request: Request) {
               .button { 
                 display: inline-block; 
                 padding: 12px 24px; 
-                background-color: #4F46E5; 
-                color: white; 
+                background-color: #f0f0f0; 
+                color: #000000; 
                 text-decoration: none; 
-                border-radius: 6px;
-                font-weight: bold;
+                border: 1px solid #cccccc;
+                border-radius: 4px;
               }
               .footer { margin-top: 30px; font-size: 12px; color: #666; }
             </style>
@@ -79,7 +69,7 @@ export async function POST(request: Request) {
                 <a href="${verificationUrl}" class="button">Verify Email Address</a>
               </p>
               <p>Or copy and paste this link into your browser:</p>
-              <p style="word-break: break-all; color: #4F46E5;">${verificationUrl}</p>
+              <p style="word-break: break-all; color: #0066cc;">${verificationUrl}</p>
               <p>This link will expire in 24 hours.</p>
               <div class="footer">
                 <p>If you didn't create an account, you can safely ignore this email.</p>

package/defaultapp/api/Auth/verify-email/route.ts

@@ -35,25 +35,32 @@ export async function GET(request: Request) {
     // Create or update user in the main Users table
     const user = await upsertUser(
       `password_${authRecord.id}`, // Unique OAuth ID for password users
-      'username' as any, // Source type
+      'userpass' as any, // Source type
       authRecord.email.split('@')[0], // Username from email
       authRecord.email,
       undefined // No avatar for password auth
     );
 
+    if (!user) {
+      return NextResponse.json(
+        { error: 'Failed to create user account' },
+        { status: 500 }
+      );
+    }
+
     // Auto-login the user after verification
     const db = await db_init();
     
     // Delete existing sessions for this user
     const existingSessions = await db_query(db, 
-      "SELECT ID FROM usersession WHERE userid = ?", 
+      "SELECT id FROM usersession WHERE userid = ?", 
       [user.userid]
     );
     
     if (existingSessions && existingSessions.length > 0) {
-      const sessionIds = existingSessions.map(session => session.ID);
+      const sessionIds = existingSessions.map(session => session.id);
       const placeholders = sessionIds.map(() => '?').join(',');
-      await db_query(db, `DELETE FROM usersession WHERE ID IN (${placeholders})`, sessionIds);
+      await db_query(db, `DELETE FROM usersession WHERE id IN (${placeholders})`, sessionIds);
     }
 
     // Generate secure session token and ID
@@ -62,7 +69,7 @@ export async function GET(request: Request) {
 
     // Create new session with secure token
     await db_query(db, 
-      "INSERT INTO usersession (ID, SessionToken, userid, ExpirationDate) VALUES (?, ?, ?, ?)",
+      "INSERT INTO usersession (id, sessiontoken, userid, expirationdate) VALUES (?, ?, ?, ?)",
       [sessionId, sessionToken, user.userid, new Date(Date.now() + 30 * 24 * 60 * 60 * 1000).toISOString()]
     );
 

package/defaultapp/api/admin/users/route.ts

@@ -28,9 +28,11 @@ async function checkAdminAuth(): Promise<{ isAdmin: boolean; userId?: string }>
   
   // Get session
   const sessions = await db_query(db,
-    "SELECT userid FROM UserSession WHERE SessionToken = ?",
+    "SELECT userid FROM usersession WHERE sessiontoken = ?",
     [sessionId]
   );
+
+  console.log(sessions);
   
   if (sessions.length === 0) {
     return { isAdmin: false };
@@ -38,8 +40,8 @@ async function checkAdminAuth(): Promise<{ isAdmin: boolean; userId?: string }>
   
   // Check if user is admin
   const user = await getUserByID(sessions[0].userid);
-  
-  if (!user || user.UserLevel !== 2) {
+
+  if (!user || user.userlevel !== 2) {
     return { isAdmin: false };
   }
   

package/defaultapp/auth/auth.ts

@@ -1,14 +1,14 @@
 import { cookies } from 'next/headers';
 
-export async function check_auth(db: any, db_query: any): Promise<{ userid: string, UserLevel: number, UserTier: number, IsAdmin: boolean }> {
+export async function check_auth(db: any, db_query: any): Promise<{ userid: string, userlevel: number, usertier: number, isadmin: boolean }> {
   const cookieStore = await cookies();
   const sessionId = cookieStore.get('session_id')?.value;
 
   const sessionInfo = {
     userid: '',
-    UserLevel: 0,
-    UserTier: 0,
-    IsAdmin: false
+    userlevel: 0,
+    usertier: 0,
+    isadmin: false
   };
 
   if (!sessionId) {
@@ -16,16 +16,16 @@ export async function check_auth(db: any, db_query: any): Promise<{ userid: stri
   }
 
   // SQLite is case-insensitive for identifiers, but use standard column names (no quotes, correct names)
-  const session = await db_query(db, 'SELECT userid FROM UserSession WHERE SessionToken = ?', [sessionId]);
+  const session = await db_query(db, 'SELECT userid FROM usersession WHERE sessiontoken = ?', [sessionId]);
   if (session.length > 0) {
     sessionInfo.userid = session[0].userid;
 
     // In your Users table, the primary key is userid, and there is no IsAdmin column, but UserLevel (2 = admin)
-    const user = await db_query(db, 'SELECT UserLevel, UserTier FROM Users WHERE userid = ?', [session[0].userid]);
+    const user = await db_query(db, 'SELECT userlevel, usertier FROM users WHERE userid = ?', [session[0].userid]);
     if (user.length > 0) {
-      sessionInfo.UserLevel = user[0].UserLevel;
-      sessionInfo.IsAdmin = user[0].UserLevel === 2;
-      sessionInfo.UserTier = user[0].UserTier;
+      sessionInfo.userlevel = user[0].userlevel;
+      sessionInfo.isadmin = user[0].userlevel === 2;
+      sessionInfo.usertier = user[0].usertier;
     }
   }
   return sessionInfo;

package/defaultapp/db-mysql.ts

@@ -95,7 +95,7 @@ export async function db_query(
  */
 export function db_migrate(model: Model, dbType: string): string {
  
-  const sanitizedTableName = model.name;
+  const sanitizedTableName = model.name.toLowerCase().replace(/\s+/g, '_');
   
   // Start with the model's fields
   let fields = [...model.fields];

package/defaultapp/db-password-auth.ts

@@ -295,6 +295,43 @@ export async function updatePassword(email: string, currentPassword: string, new
   return true;
 }
 
+/**
+ * Regenerate email verification token for unverified accounts
+ */
+export async function regenerateVerificationToken(email: string): Promise<{ passwordAuth: PasswordAuth; verificationToken: string } | null> {
+  const client = await db_init();
+  
+  const authRecord = await getPasswordAuthByEmail(email);
+  if (!authRecord) {
+    return null;
+  }
+  
+  // Only regenerate for unverified accounts
+  if (authRecord.emailverified) {
+    throw new Error('Email is already verified');
+  }
+  
+  // Generate new verification token
+  const verificationToken = randomBytes(32).toString('base64url');
+  const verificationTokenExpires = new Date(Date.now() + 24 * 60 * 60 * 1000); // 24 hours
+  
+  await db_query(client,
+    `UPDATE passwordauth 
+     SET verificationtoken = ?, 
+         verificationtokenexpires = ?,
+         updatedat = CURRENT_TIMESTAMP
+     WHERE id = ?`,
+    [verificationToken, verificationTokenExpires.toISOString(), authRecord.id]
+  );
+  
+  const updatedAuth = await getPasswordAuthByEmail(email);
+  if (!updatedAuth) {
+    throw new Error('Failed to update verification token');
+  }
+  
+  return { passwordAuth: updatedAuth, verificationToken };
+}
+
 /**
  * Check if an email is already registered
  */

package/defaultapp/db-postgres.ts

@@ -101,7 +101,7 @@ export async function db_query(
  */
 export function db_migrate(model: Model, dbType: string): string {
 
-  const sanitizedTableName = model.name;
+  const sanitizedTableName = model.name.toLowerCase().replace(/\s+/g, '_');
   
   // Start with the model's fields
   let fields = [...model.fields];

package/defaultapp/db-sqlite.ts

@@ -175,7 +175,7 @@ export async function db_query(
 export function db_migrate(model: Model, dbType: string): string {
   // Special handling for auth tables - create them first
 
-  const sanitizedTableName = model.name;
+  const sanitizedTableName = model.name.toLowerCase().replace(/\s+/g, '_');
   
   // Start with the model's fields
   let fields = [...model.fields];