upfynai-code 0.1.0 → 2.2.0

package/server/database/db.js

@@ -0,0 +1,606 @@
+import { createClient } from '@libsql/client';
+import path from 'path';
+import fs from 'fs';
+import crypto from 'crypto';
+import { fileURLToPath } from 'url';
+import { dirname } from 'path';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = dirname(__filename);
+
+// ANSI color codes
+const colors = { reset: '\x1b[0m', bright: '\x1b[1m', cyan: '\x1b[36m', dim: '\x1b[2m' };
+const c = {
+  info: (t) => `${colors.cyan}${t}${colors.reset}`,
+  bright: (t) => `${colors.bright}${t}${colors.reset}`,
+  dim: (t) => `${colors.dim}${t}${colors.reset}`,
+};
+
+// Database URL resolution (lazy — resolved on first access)
+let _db = null;
+let _dbUrl = null;
+let _dbAuthToken = null;
+
+function resolveDbConfig() {
+  if (_dbUrl) return;
+
+  if (process.env.TURSO_DATABASE_URL) {
+    _dbUrl = process.env.TURSO_DATABASE_URL.trim();
+    _dbAuthToken = process.env.TURSO_AUTH_TOKEN?.trim();
+    console.log(`${c.info('[DB]')} Using Turso: ${_dbUrl}`);
+  } else if (process.env.DATABASE_PATH) {
+    const dbPath = process.env.DATABASE_PATH.trim();
+    try { if (!fs.existsSync(path.dirname(dbPath))) fs.mkdirSync(path.dirname(dbPath), { recursive: true }); } catch { /* Vercel read-only */ }
+    _dbUrl = `file:${dbPath}`;
+    console.log(`${c.info('[DB]')} Using custom path: ${dbPath}`);
+  } else if (process.env.VERCEL) {
+    _dbUrl = 'file:/tmp/auth.db';
+    console.warn(`${c.info('[DB]')} WARNING: Ephemeral /tmp on Vercel. Set TURSO_DATABASE_URL for persistent data.`);
+  } else {
+    _dbUrl = `file:${path.join(__dirname, 'auth.db')}`;
+    console.log(`${c.info('[DB]')} Using local: ${_dbUrl}`);
+  }
+}
+
+function getDb() {
+  if (!_db) {
+    resolveDbConfig();
+    _db = createClient({ url: _dbUrl, ...(_dbAuthToken ? { authToken: _dbAuthToken } : {}) });
+  }
+  return _db;
+}
+
+// Lazy Proxy — defers createClient() until first DB call
+const db = new Proxy({}, {
+  get(_, prop) {
+    const client = getDb();
+    const val = client[prop];
+    return typeof val === 'function' ? val.bind(client) : val;
+  }
+});
+
+// ─── Schema ─────────────────────────────────────────────────────────────────────
+
+const INIT_SQL = `
+CREATE TABLE IF NOT EXISTS users (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    username TEXT UNIQUE NOT NULL,
+    password_hash TEXT NOT NULL,
+    first_name TEXT,
+    last_name TEXT,
+    created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+    last_login DATETIME,
+    is_active BOOLEAN DEFAULT 1,
+    email TEXT,
+    phone TEXT,
+    git_name TEXT,
+    git_email TEXT,
+    has_completed_onboarding BOOLEAN DEFAULT 0,
+    access_override TEXT DEFAULT NULL,
+    user_code TEXT UNIQUE
+);
+
+CREATE INDEX IF NOT EXISTS idx_users_username ON users(username);
+CREATE INDEX IF NOT EXISTS idx_users_active ON users(is_active);
+CREATE INDEX IF NOT EXISTS idx_users_user_code ON users(user_code);
+
+CREATE TABLE IF NOT EXISTS api_keys (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    user_id INTEGER NOT NULL,
+    key_name TEXT NOT NULL,
+    api_key TEXT UNIQUE NOT NULL,
+    created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+    last_used DATETIME,
+    is_active BOOLEAN DEFAULT 1,
+    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
+);
+
+CREATE INDEX IF NOT EXISTS idx_api_keys_key ON api_keys(api_key);
+CREATE INDEX IF NOT EXISTS idx_api_keys_user_id ON api_keys(user_id);
+CREATE INDEX IF NOT EXISTS idx_api_keys_active ON api_keys(is_active);
+
+CREATE TABLE IF NOT EXISTS user_credentials (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    user_id INTEGER NOT NULL,
+    credential_name TEXT NOT NULL,
+    credential_type TEXT NOT NULL,
+    credential_value TEXT NOT NULL,
+    description TEXT,
+    created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+    is_active BOOLEAN DEFAULT 1,
+    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
+);
+
+CREATE INDEX IF NOT EXISTS idx_user_credentials_user_id ON user_credentials(user_id);
+CREATE INDEX IF NOT EXISTS idx_user_credentials_type ON user_credentials(credential_type);
+CREATE INDEX IF NOT EXISTS idx_user_credentials_active ON user_credentials(is_active);
+
+CREATE TABLE IF NOT EXISTS relay_tokens (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    user_id INTEGER NOT NULL,
+    token TEXT UNIQUE NOT NULL,
+    name TEXT NOT NULL DEFAULT 'default',
+    created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+    last_connected DATETIME,
+    is_active BOOLEAN DEFAULT 1,
+    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
+);
+
+CREATE INDEX IF NOT EXISTS idx_relay_tokens_token ON relay_tokens(token);
+CREATE INDEX IF NOT EXISTS idx_relay_tokens_user_id ON relay_tokens(user_id);
+CREATE INDEX IF NOT EXISTS idx_relay_tokens_active ON relay_tokens(is_active);
+
+CREATE TABLE IF NOT EXISTS subscriptions (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    user_id INTEGER NOT NULL,
+    plan_id TEXT NOT NULL,
+    status TEXT NOT NULL DEFAULT 'active',
+    amount INTEGER NOT NULL,
+    currency TEXT NOT NULL DEFAULT 'INR',
+    starts_at DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    expires_at DATETIME NOT NULL,
+    razorpay_order_id TEXT,
+    razorpay_payment_id TEXT,
+    razorpay_signature TEXT,
+    created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+    updated_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
+);
+
+CREATE INDEX IF NOT EXISTS idx_subscriptions_user_id ON subscriptions(user_id);
+CREATE INDEX IF NOT EXISTS idx_subscriptions_status ON subscriptions(status);
+CREATE INDEX IF NOT EXISTS idx_subscriptions_expires ON subscriptions(expires_at);
+
+CREATE TABLE IF NOT EXISTS payments (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    user_id INTEGER NOT NULL,
+    subscription_id INTEGER,
+    plan_id TEXT NOT NULL,
+    amount INTEGER NOT NULL,
+    currency TEXT NOT NULL DEFAULT 'INR',
+    status TEXT NOT NULL DEFAULT 'pending',
+    razorpay_order_id TEXT UNIQUE,
+    razorpay_payment_id TEXT,
+    razorpay_signature TEXT,
+    created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE,
+    FOREIGN KEY (subscription_id) REFERENCES subscriptions(id) ON DELETE SET NULL
+);
+
+CREATE INDEX IF NOT EXISTS idx_payments_user_id ON payments(user_id);
+CREATE INDEX IF NOT EXISTS idx_payments_order_id ON payments(razorpay_order_id);
+CREATE INDEX IF NOT EXISTS idx_payments_status ON payments(status);
+`;
+
+// ─── Migrations ─────────────────────────────────────────────────────────────────
+
+const runMigrations = async () => {
+  try {
+    const result = await db.execute("PRAGMA table_info(users)");
+    const cols = result.rows.map(r => r.name);
+
+    const addCol = async (col, def) => {
+      if (!cols.includes(col)) {
+        await db.execute(`ALTER TABLE users ADD COLUMN ${col} ${def}`);
+      }
+    };
+
+    await addCol('git_name', 'TEXT');
+    await addCol('git_email', 'TEXT');
+    await addCol('has_completed_onboarding', 'BOOLEAN DEFAULT 0');
+    await addCol('email', 'TEXT');
+    await addCol('phone', 'TEXT');
+    await addCol('first_name', 'TEXT');
+    await addCol('last_name', 'TEXT');
+    await addCol('access_override', 'TEXT DEFAULT NULL');
+    await addCol('user_code', 'TEXT');
+    try { await db.execute('CREATE UNIQUE INDEX IF NOT EXISTS idx_users_user_code ON users(user_code)'); } catch { /* ignore */ }
+
+    // Backfill user_code (upc-001, upc-002, ...) for users missing it
+    try {
+      const noCode = await db.execute("SELECT id FROM users WHERE user_code IS NULL ORDER BY id ASC");
+      for (const row of noCode.rows) {
+        const code = `upc-${String(row.id).padStart(3, '0')}`;
+        await db.execute({ sql: 'UPDATE users SET user_code = ? WHERE id = ?', args: [code, row.id] });
+      }
+      if (noCode.rows.length > 0) console.log(`${c.info('[DB]')} Assigned user_code to ${noCode.rows.length} users`);
+    } catch (e) { console.warn('[DB] user_code backfill:', e.message); }
+
+    // Migrate old ck_ API keys → up-cli- prefix
+    try {
+      const migrated = await db.execute("UPDATE api_keys SET api_key = 'up-cli-' || SUBSTR(api_key, 4) WHERE api_key LIKE 'ck_%'");
+      if (migrated.rowsAffected > 0) console.log(`${c.info('[DB]')} Migrated ${migrated.rowsAffected} API keys: ck_ → up-cli-`);
+    } catch { /* empty table or already migrated */ }
+
+    // Backfill: ensure every user has records in all tables (relay_tokens, api_keys, subscriptions, payments, access_override)
+    try {
+      const allUsers = await db.execute('SELECT id, username, access_override FROM users WHERE is_active = 1');
+      let backfilled = 0;
+      for (const user of allUsers.rows) {
+        // Relay token
+        const tokens = await db.execute({ sql: 'SELECT id FROM relay_tokens WHERE user_id = ? LIMIT 1', args: [user.id] });
+        if (tokens.rows.length === 0) {
+          const token = 'upfyn_' + crypto.randomBytes(32).toString('hex');
+          await db.execute({ sql: 'INSERT INTO relay_tokens (user_id, token, name) VALUES (?, ?, ?)', args: [user.id, token, 'default'] });
+          backfilled++;
+        }
+        // API key
+        const keys = await db.execute({ sql: 'SELECT id FROM api_keys WHERE user_id = ? LIMIT 1', args: [user.id] });
+        if (keys.rows.length === 0) {
+          const apiKey = 'up-cli-' + crypto.randomBytes(32).toString('hex');
+          await db.execute({ sql: 'INSERT INTO api_keys (user_id, key_name, api_key) VALUES (?, ?, ?)', args: [user.id, 'default', apiKey] });
+          backfilled++;
+        }
+        // Yearly subscription (if none exists)
+        const subs = await db.execute({ sql: 'SELECT id FROM subscriptions WHERE user_id = ? LIMIT 1', args: [user.id] });
+        if (subs.rows.length === 0) {
+          const now = new Date();
+          const expiresAt = new Date(now.getTime() + 365 * 24 * 60 * 60 * 1000).toISOString();
+          const subResult = await db.execute({
+            sql: `INSERT INTO subscriptions (user_id, plan_id, status, amount, currency, starts_at, expires_at) VALUES (?, 'yearly', 'active', 49900, 'INR', ?, ?)`,
+            args: [user.id, now.toISOString(), expiresAt]
+          });
+          // Payment record for the subscription
+          const subId = Number(subResult.lastInsertRowid);
+          await db.execute({
+            sql: `INSERT INTO payments (user_id, subscription_id, plan_id, amount, currency, status, razorpay_order_id) VALUES (?, ?, 'yearly', 49900, 'INR', 'paid', ?)`,
+            args: [user.id, subId, `seed_order_${user.id}_${Date.now()}`]
+          });
+          backfilled++;
+        }
+        // Set access_override = 'paid' if not already set
+        if (!user.access_override || user.access_override !== 'paid') {
+          await db.execute({ sql: "UPDATE users SET access_override = 'paid' WHERE id = ?", args: [user.id] });
+          backfilled++;
+        }
+      }
+      if (backfilled > 0) console.log(`${c.info('[DB]')} Backfilled ${backfilled} records for existing users`);
+    } catch (e) { console.warn('[DB] Backfill warning:', e.message); }
+
+    console.log(`${c.info('[DB]')} Migrations complete`);
+  } catch (error) {
+    console.error('Migration error:', error.message);
+    throw error;
+  }
+};
+
+// ─── Initialize ─────────────────────────────────────────────────────────────────
+
+const initializeDatabase = async () => {
+  try {
+    try { await db.execute('PRAGMA foreign_keys = ON'); } catch (e) { console.warn('[DB] PRAGMA foreign_keys not supported:', e.message); }
+
+    const stmts = INIT_SQL.split(';').map(s => s.trim()).filter(s => s.length > 0 && !s.startsWith('--'));
+    for (const stmt of stmts) {
+      try { await db.execute(stmt); } catch (e) { console.error('[DB] Statement failed:', stmt.substring(0, 80), e.message); throw e; }
+    }
+
+    console.log(`${c.info('[DB]')} Initialized`);
+    await runMigrations();
+  } catch (error) {
+    console.error('DB init error:', error.message);
+    throw error;
+  }
+};
+
+// ─── Helpers ────────────────────────────────────────────────────────────────────
+
+const getRow = (result) => result.rows.length > 0 ? result.rows[0] : null;
+const ensureForeignKeys = async () => { try { await db.execute('PRAGMA foreign_keys = ON'); } catch { /* Turso */ } };
+
+// ─── User DB ────────────────────────────────────────────────────────────────────
+
+const userDb = {
+  hasUsers: async () => {
+    const result = await db.execute('SELECT COUNT(*) as count FROM users');
+    return Number(getRow(result).count) > 0;
+  },
+
+  createUser: async (username, passwordHash, email = null, phone = null, firstName = null, lastName = null) => {
+    const result = await db.execute({
+      sql: 'INSERT INTO users (username, password_hash, email, phone, first_name, last_name) VALUES (?, ?, ?, ?, ?, ?)',
+      args: [username, passwordHash, email, phone, firstName, lastName]
+    });
+    const userId = Number(result.lastInsertRowid);
+    // Auto-assign user_code (upc-001, upc-002, ...)
+    const userCode = `upc-${String(userId).padStart(3, '0')}`;
+    try { await db.execute({ sql: 'UPDATE users SET user_code = ? WHERE id = ?', args: [userCode, userId] }); } catch { /* non-critical */ }
+    return { id: userId, username, first_name: firstName, last_name: lastName, user_code: userCode };
+  },
+
+  getUserByUsername: async (username) => {
+    const lower = (username || '').toLowerCase();
+    const result = await db.execute({
+      sql: 'SELECT * FROM users WHERE (LOWER(username) = ? OR LOWER(email) = ? OR phone = ?) AND is_active = 1',
+      args: [lower, lower, username]
+    });
+    return getRow(result);
+  },
+
+  updateLastLogin: async (userId) => {
+    await db.execute({ sql: 'UPDATE users SET last_login = CURRENT_TIMESTAMP WHERE id = ?', args: [userId] });
+  },
+
+  getUserById: async (userId) => {
+    const result = await db.execute({
+      sql: 'SELECT id, username, first_name, last_name, email, phone, created_at, last_login, access_override, user_code FROM users WHERE id = ? AND is_active = 1',
+      args: [userId]
+    });
+    return getRow(result);
+  },
+
+  getFirstUser: async () => {
+    const result = await db.execute('SELECT id, username, first_name, last_name, email, phone, created_at, last_login, access_override, user_code FROM users WHERE is_active = 1 LIMIT 1');
+    return getRow(result);
+  },
+
+  updateGitConfig: async (userId, gitName, gitEmail) => {
+    await db.execute({ sql: 'UPDATE users SET git_name = ?, git_email = ? WHERE id = ?', args: [gitName, gitEmail, userId] });
+  },
+
+  getGitConfig: async (userId) => {
+    const result = await db.execute({ sql: 'SELECT git_name, git_email FROM users WHERE id = ?', args: [userId] });
+    return getRow(result);
+  },
+
+  completeOnboarding: async (userId) => {
+    await db.execute({ sql: 'UPDATE users SET has_completed_onboarding = 1 WHERE id = ?', args: [userId] });
+  },
+
+  hasCompletedOnboarding: async (userId) => {
+    const result = await db.execute({ sql: 'SELECT has_completed_onboarding FROM users WHERE id = ?', args: [userId] });
+    const row = getRow(result);
+    return row?.has_completed_onboarding === 1;
+  },
+
+  setAccessOverride: async (userId, value) => {
+    await db.execute({
+      sql: 'UPDATE users SET access_override = ? WHERE id = ?',
+      args: [value, userId]
+    });
+  }
+};
+
+// ─── API Keys DB ────────────────────────────────────────────────────────────────
+
+const apiKeysDb = {
+  generateApiKey: () => 'up-cli-' + crypto.randomBytes(32).toString('hex'),
+
+  createApiKey: async (userId, keyName) => {
+    const apiKey = apiKeysDb.generateApiKey();
+    const result = await db.execute({
+      sql: 'INSERT INTO api_keys (user_id, key_name, api_key) VALUES (?, ?, ?)',
+      args: [userId, keyName, apiKey]
+    });
+    return { id: Number(result.lastInsertRowid), keyName, apiKey };
+  },
+
+  getApiKeys: async (userId) => {
+    const result = await db.execute({
+      sql: 'SELECT id, key_name, api_key, created_at, last_used, is_active FROM api_keys WHERE user_id = ? ORDER BY created_at DESC',
+      args: [userId]
+    });
+    return result.rows;
+  },
+
+  validateApiKey: async (apiKey) => {
+    const result = await db.execute({
+      sql: `SELECT u.id, u.username, ak.id as api_key_id
+            FROM api_keys ak JOIN users u ON ak.user_id = u.id
+            WHERE ak.api_key = ? AND ak.is_active = 1 AND u.is_active = 1`,
+      args: [apiKey]
+    });
+    const row = getRow(result);
+    if (row) {
+      await db.execute({ sql: 'UPDATE api_keys SET last_used = CURRENT_TIMESTAMP WHERE id = ?', args: [row.api_key_id] });
+    }
+    return row;
+  },
+
+  deleteApiKey: async (userId, apiKeyId) => {
+    await ensureForeignKeys();
+    const result = await db.execute({ sql: 'DELETE FROM api_keys WHERE id = ? AND user_id = ?', args: [apiKeyId, userId] });
+    return result.rowsAffected > 0;
+  },
+
+  toggleApiKey: async (userId, apiKeyId, isActive) => {
+    const result = await db.execute({
+      sql: 'UPDATE api_keys SET is_active = ? WHERE id = ? AND user_id = ?',
+      args: [isActive ? 1 : 0, apiKeyId, userId]
+    });
+    return result.rowsAffected > 0;
+  }
+};
+
+// ─── Credentials DB ─────────────────────────────────────────────────────────────
+
+const credentialsDb = {
+  createCredential: async (userId, credentialName, credentialType, credentialValue, description = null) => {
+    const result = await db.execute({
+      sql: 'INSERT INTO user_credentials (user_id, credential_name, credential_type, credential_value, description) VALUES (?, ?, ?, ?, ?)',
+      args: [userId, credentialName, credentialType, credentialValue, description]
+    });
+    return { id: Number(result.lastInsertRowid), credentialName, credentialType };
+  },
+
+  getCredentials: async (userId, credentialType = null) => {
+    let sql = 'SELECT id, credential_name, credential_type, description, created_at, is_active FROM user_credentials WHERE user_id = ?';
+    const args = [userId];
+    if (credentialType) { sql += ' AND credential_type = ?'; args.push(credentialType); }
+    sql += ' ORDER BY created_at DESC';
+    return (await db.execute({ sql, args })).rows;
+  },
+
+  getActiveCredential: async (userId, credentialType) => {
+    const result = await db.execute({
+      sql: 'SELECT credential_value FROM user_credentials WHERE user_id = ? AND credential_type = ? AND is_active = 1 ORDER BY created_at DESC LIMIT 1',
+      args: [userId, credentialType]
+    });
+    return getRow(result)?.credential_value || null;
+  },
+
+  deleteCredential: async (userId, credentialId) => {
+    await ensureForeignKeys();
+    const result = await db.execute({ sql: 'DELETE FROM user_credentials WHERE id = ? AND user_id = ?', args: [credentialId, userId] });
+    return result.rowsAffected > 0;
+  },
+
+  toggleCredential: async (userId, credentialId, isActive) => {
+    const result = await db.execute({
+      sql: 'UPDATE user_credentials SET is_active = ? WHERE id = ? AND user_id = ?',
+      args: [isActive ? 1 : 0, credentialId, userId]
+    });
+    return result.rowsAffected > 0;
+  }
+};
+
+// Backward compat
+const githubTokensDb = {
+  createGithubToken: (userId, tokenName, githubToken, description = null) => credentialsDb.createCredential(userId, tokenName, 'github_token', githubToken, description),
+  getGithubTokens: (userId) => credentialsDb.getCredentials(userId, 'github_token'),
+  getActiveGithubToken: (userId) => credentialsDb.getActiveCredential(userId, 'github_token'),
+  deleteGithubToken: (userId, tokenId) => credentialsDb.deleteCredential(userId, tokenId),
+  toggleGithubToken: (userId, tokenId, isActive) => credentialsDb.toggleCredential(userId, tokenId, isActive)
+};
+
+// ─── Plan Durations ─────────────────────────────────────────────────────────────
+
+const PLAN_DURATIONS = {
+  monthly: 30,
+  'half-yearly': 180,
+  yearly: 365,
+};
+
+// ─── Subscription DB ────────────────────────────────────────────────────────────
+
+const subscriptionDb = {
+  getActiveSub: async (userId) => {
+    const result = await db.execute({
+      sql: `SELECT * FROM subscriptions WHERE user_id = ? AND status = 'active' AND expires_at > CURRENT_TIMESTAMP ORDER BY expires_at DESC LIMIT 1`,
+      args: [userId]
+    });
+    return getRow(result);
+  },
+
+  getAllSubs: async (userId) => {
+    const result = await db.execute({
+      sql: 'SELECT * FROM subscriptions WHERE user_id = ? ORDER BY created_at DESC',
+      args: [userId]
+    });
+    return result.rows;
+  },
+
+  createSub: async (userId, planId, amount, currency, razorpayOrderId, razorpayPaymentId, razorpaySignature) => {
+    const days = PLAN_DURATIONS[planId] || 30;
+
+    // Check if user has an active sub — extend from its expiry, otherwise start now
+    const existing = await subscriptionDb.getActiveSub(userId);
+    const startsAt = existing ? existing.expires_at : new Date().toISOString();
+    const startsDate = new Date(startsAt);
+    const expiresAt = new Date(startsDate.getTime() + days * 24 * 60 * 60 * 1000).toISOString();
+
+    const result = await db.execute({
+      sql: `INSERT INTO subscriptions (user_id, plan_id, status, amount, currency, starts_at, expires_at, razorpay_order_id, razorpay_payment_id, razorpay_signature) VALUES (?, ?, 'active', ?, ?, ?, ?, ?, ?, ?)`,
+      args: [userId, planId, amount, currency, startsAt, expiresAt, razorpayOrderId, razorpayPaymentId, razorpaySignature]
+    });
+    return { id: Number(result.lastInsertRowid), planId, status: 'active', startsAt, expiresAt };
+  },
+
+  cancelSub: async (userId, subId) => {
+    const result = await db.execute({
+      sql: `UPDATE subscriptions SET status = 'cancelled', updated_at = CURRENT_TIMESTAMP WHERE id = ? AND user_id = ?`,
+      args: [subId, userId]
+    });
+    return result.rowsAffected > 0;
+  },
+
+  expireOverdue: async () => {
+    const result = await db.execute(
+      `UPDATE subscriptions SET status = 'expired', updated_at = CURRENT_TIMESTAMP WHERE status = 'active' AND expires_at <= CURRENT_TIMESTAMP`
+    );
+    return result.rowsAffected;
+  },
+};
+
+// ─── Payment DB ─────────────────────────────────────────────────────────────────
+
+const paymentDb = {
+  createPayment: async (userId, planId, amount, currency, razorpayOrderId) => {
+    const result = await db.execute({
+      sql: `INSERT INTO payments (user_id, plan_id, amount, currency, razorpay_order_id, status) VALUES (?, ?, ?, ?, ?, 'pending')`,
+      args: [userId, planId, amount, currency, razorpayOrderId]
+    });
+    return { id: Number(result.lastInsertRowid), razorpayOrderId };
+  },
+
+  getByOrderId: async (razorpayOrderId) => {
+    const result = await db.execute({
+      sql: 'SELECT * FROM payments WHERE razorpay_order_id = ?',
+      args: [razorpayOrderId]
+    });
+    return getRow(result);
+  },
+
+  markPaid: async (razorpayOrderId, razorpayPaymentId, razorpaySignature, subscriptionId) => {
+    await db.execute({
+      sql: `UPDATE payments SET status = 'paid', razorpay_payment_id = ?, razorpay_signature = ?, subscription_id = ? WHERE razorpay_order_id = ?`,
+      args: [razorpayPaymentId, razorpaySignature, subscriptionId, razorpayOrderId]
+    });
+  },
+
+  markFailed: async (razorpayOrderId) => {
+    await db.execute({
+      sql: `UPDATE payments SET status = 'failed' WHERE razorpay_order_id = ?`,
+      args: [razorpayOrderId]
+    });
+  },
+
+  getUserPayments: async (userId) => {
+    const result = await db.execute({
+      sql: 'SELECT * FROM payments WHERE user_id = ? ORDER BY created_at DESC',
+      args: [userId]
+    });
+    return result.rows;
+  },
+};
+
+// ─── Relay Tokens DB ────────────────────────────────────────────────────────────
+
+const relayTokensDb = {
+  generateToken: () => 'upfyn_' + crypto.randomBytes(32).toString('hex'),
+
+  createToken: async (userId, name = 'default') => {
+    const token = relayTokensDb.generateToken();
+    await db.execute({ sql: 'INSERT INTO relay_tokens (user_id, token, name) VALUES (?, ?, ?)', args: [userId, token, name] });
+    return { token, name };
+  },
+
+  validateToken: async (token) => {
+    try {
+      const result = await db.execute({
+        sql: `SELECT rt.id, rt.user_id, rt.name, u.id as uid, u.username
+              FROM relay_tokens rt JOIN users u ON rt.user_id = u.id
+              WHERE rt.token = ? AND rt.is_active = 1 AND u.is_active = 1`,
+        args: [token]
+      });
+      const row = getRow(result);
+      if (row) await db.execute({ sql: 'UPDATE relay_tokens SET last_connected = CURRENT_TIMESTAMP WHERE id = ?', args: [row.id] });
+      return row;
+    } catch { return null; }
+  },
+
+  getTokens: async (userId) => {
+    return (await db.execute({ sql: 'SELECT id, name, token, created_at, last_connected, is_active FROM relay_tokens WHERE user_id = ? ORDER BY created_at DESC', args: [userId] })).rows;
+  },
+
+  deleteToken: async (userId, tokenId) => {
+    await ensureForeignKeys();
+    return (await db.execute({ sql: 'DELETE FROM relay_tokens WHERE id = ? AND user_id = ?', args: [tokenId, userId] })).rowsAffected > 0;
+  },
+
+  toggleToken: async (userId, tokenId, isActive) => {
+    return (await db.execute({ sql: 'UPDATE relay_tokens SET is_active = ? WHERE id = ? AND user_id = ?', args: [isActive ? 1 : 0, tokenId, userId] })).rowsAffected > 0;
+  }
+};
+
+export { db, initializeDatabase, userDb, apiKeysDb, credentialsDb, relayTokensDb, githubTokensDb, subscriptionDb, paymentDb, PLAN_DURATIONS };

package/server/database/init.sql

@@ -0,0 +1,70 @@
+-- Initialize authentication database
+PRAGMA foreign_keys = ON;
+
+-- Users table (single user system)
+CREATE TABLE IF NOT EXISTS users (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    username TEXT UNIQUE NOT NULL,
+    password_hash TEXT NOT NULL,
+    created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+    last_login DATETIME,
+    is_active BOOLEAN DEFAULT 1,
+    email TEXT,
+    phone TEXT,
+    git_name TEXT,
+    git_email TEXT,
+    has_completed_onboarding BOOLEAN DEFAULT 0
+);
+
+-- Indexes for performance
+CREATE INDEX IF NOT EXISTS idx_users_username ON users(username);
+CREATE INDEX IF NOT EXISTS idx_users_active ON users(is_active);
+
+-- API Keys table for external API access
+CREATE TABLE IF NOT EXISTS api_keys (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    user_id INTEGER NOT NULL,
+    key_name TEXT NOT NULL,
+    api_key TEXT UNIQUE NOT NULL,
+    created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+    last_used DATETIME,
+    is_active BOOLEAN DEFAULT 1,
+    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
+);
+
+CREATE INDEX IF NOT EXISTS idx_api_keys_key ON api_keys(api_key);
+CREATE INDEX IF NOT EXISTS idx_api_keys_user_id ON api_keys(user_id);
+CREATE INDEX IF NOT EXISTS idx_api_keys_active ON api_keys(is_active);
+
+-- User credentials table for storing various tokens/credentials (GitHub, GitLab, etc.)
+CREATE TABLE IF NOT EXISTS user_credentials (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    user_id INTEGER NOT NULL,
+    credential_name TEXT NOT NULL,
+    credential_type TEXT NOT NULL, -- 'github_token', 'gitlab_token', 'bitbucket_token', etc.
+    credential_value TEXT NOT NULL,
+    description TEXT,
+    created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+    is_active BOOLEAN DEFAULT 1,
+    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
+);
+
+CREATE INDEX IF NOT EXISTS idx_user_credentials_user_id ON user_credentials(user_id);
+CREATE INDEX IF NOT EXISTS idx_user_credentials_type ON user_credentials(credential_type);
+CREATE INDEX IF NOT EXISTS idx_user_credentials_active ON user_credentials(is_active);
+
+-- Relay tokens for local machine ↔ server connections
+CREATE TABLE IF NOT EXISTS relay_tokens (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    user_id INTEGER NOT NULL,
+    token TEXT UNIQUE NOT NULL,
+    name TEXT NOT NULL DEFAULT 'default',
+    created_at DATETIME DEFAULT CURRENT_TIMESTAMP,
+    last_connected DATETIME,
+    is_active BOOLEAN DEFAULT 1,
+    FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE
+);
+
+CREATE INDEX IF NOT EXISTS idx_relay_tokens_token ON relay_tokens(token);
+CREATE INDEX IF NOT EXISTS idx_relay_tokens_user_id ON relay_tokens(user_id);
+CREATE INDEX IF NOT EXISTS idx_relay_tokens_active ON relay_tokens(is_active);