upfynai-code 2.9.0 → 2.9.2

package/server/routes/sessions.js

@@ -0,0 +1,146 @@
+/**
+ * Session Management REST API
+ * Provides unified session listing, abort, delete, and stats endpoints.
+ * All endpoints filter by userId for user isolation.
+ */
+
+import { Router } from 'express';
+import {
+  getAllActiveSessions,
+  checkSessionStatus,
+  abortSession,
+  abortAllSessions,
+  getSessionStats,
+} from '../services/sessionRegistry.js';
+
+const router = Router();
+
+// Helper: get sessions owned by the current user
+function getUserSessions(req) {
+  const userId = req.user?.id || req.user?.userId;
+  const sessionOwners = req.sessionOwners;
+  const all = getAllActiveSessions();
+  if (!userId || !sessionOwners) return all; // local mode, no filtering
+  return all.filter(s => {
+    const owner = sessionOwners.get(s.sessionId);
+    return !owner || owner === userId; // include if no owner (legacy) or owned by user
+  });
+}
+
+/**
+ * GET /api/sessions — List active sessions for this user
+ */
+router.get('/', (req, res) => {
+  try {
+    const sessions = getUserSessions(req);
+    res.json({ sessions });
+  } catch (error) {
+    res.status(500).json({ error: 'Failed to fetch sessions' });
+  }
+});
+
+/**
+ * GET /api/sessions/stats — Session counts for this user
+ */
+router.get('/stats', (req, res) => {
+  try {
+    const sessions = getUserSessions(req);
+    const byProvider = { claude: 0, cursor: 0, codex: 0 };
+    for (const s of sessions) {
+      byProvider[s.provider] = (byProvider[s.provider] || 0) + 1;
+    }
+    res.json({
+      total: sessions.length,
+      active: sessions.filter(s => s.status === 'active').length,
+      byProvider,
+    });
+  } catch (error) {
+    res.status(500).json({ error: 'Failed to fetch session stats' });
+  }
+});
+
+/**
+ * GET /api/sessions/:sessionId — Get session details (only if owned)
+ */
+router.get('/:sessionId', (req, res) => {
+  try {
+    const { sessionId } = req.params;
+    const userId = req.user?.id || req.user?.userId;
+    const sessionOwners = req.sessionOwners;
+
+    // Check ownership
+    if (userId && sessionOwners) {
+      const owner = sessionOwners.get(sessionId);
+      if (owner && owner !== userId) {
+        return res.status(403).json({ error: 'Access denied' });
+      }
+    }
+
+    const status = checkSessionStatus(sessionId);
+    if (!status.active) {
+      return res.status(404).json({ error: 'Session not found or inactive' });
+    }
+
+    res.json({
+      sessionId,
+      provider: status.provider,
+      active: status.active,
+    });
+  } catch (error) {
+    res.status(500).json({ error: 'Failed to fetch session details' });
+  }
+});
+
+/**
+ * POST /api/sessions/:sessionId/abort — Abort an active session (only if owned)
+ */
+router.post('/:sessionId/abort', async (req, res) => {
+  try {
+    const { sessionId } = req.params;
+    const { provider } = req.body || {};
+    const userId = req.user?.id || req.user?.userId;
+    const sessionOwners = req.sessionOwners;
+
+    // Check ownership before aborting
+    if (userId && sessionOwners) {
+      const owner = sessionOwners.get(sessionId);
+      if (owner && owner !== userId) {
+        return res.status(403).json({ error: 'Access denied — cannot abort another user\'s session' });
+      }
+    }
+
+    const result = await abortSession(sessionId, provider);
+    if (!result.aborted) {
+      return res.status(404).json({ error: 'Session not found or already terminated' });
+    }
+
+    res.json({ success: true, sessionId, provider: result.provider });
+  } catch (error) {
+    res.status(500).json({ error: 'Failed to abort session' });
+  }
+});
+
+/**
+ * POST /api/sessions/abort-all — Abort all active sessions owned by this user
+ */
+router.post('/abort-all', async (req, res) => {
+  try {
+    const userSessions = getUserSessions(req);
+    const results = [];
+
+    for (const s of userSessions) {
+      const { aborted } = await abortSession(s.sessionId, s.provider);
+      results.push({ sessionId: s.sessionId, provider: s.provider, aborted });
+    }
+
+    res.json({
+      success: true,
+      aborted: results.filter(r => r.aborted).length,
+      results,
+    });
+  } catch (error) {
+    res.status(500).json({ error: 'Failed to abort sessions' });
+  }
+});
+
+export default router;

package/server/routes/settings.js

@@ -0,0 +1,261 @@
+import express from 'express';
+import { apiKeysDb, credentialsDb } from '../database/db.js';
+
+const router = express.Router();
+
+// ===============================
+// API Keys Management
+// ===============================
+
+// Get all API keys for the authenticated user
+router.get('/api-keys', async (req, res) => {
+  try {
+    const apiKeys = await apiKeysDb.getApiKeys(req.user.id);
+    // Don't send the full API key in the list for security
+    const sanitizedKeys = apiKeys.map(key => ({
+      ...key,
+      api_key: key.api_key.substring(0, 10) + '...'
+    }));
+    res.json({ apiKeys: sanitizedKeys });
+  } catch (error) {
+    res.status(500).json({ error: 'Failed to fetch API keys' });
+  }
+});
+
+// Create a new API key
+router.post('/api-keys', async (req, res) => {
+  try {
+    const { keyName } = req.body;
+
+    if (!keyName || !keyName.trim()) {
+      return res.status(400).json({ error: 'Key name is required' });
+    }
+
+    const result = await apiKeysDb.createApiKey(req.user.id, keyName.trim());
+    res.json({
+      success: true,
+      apiKey: result
+    });
+  } catch (error) {
+    res.status(500).json({ error: 'Failed to create API key' });
+  }
+});
+
+// Delete an API key
+router.delete('/api-keys/:keyId', async (req, res) => {
+  try {
+    const { keyId } = req.params;
+    const success = await apiKeysDb.deleteApiKey(req.user.id, parseInt(keyId));
+
+    if (success) {
+      res.json({ success: true });
+    } else {
+      res.status(404).json({ error: 'API key not found' });
+    }
+  } catch (error) {
+    res.status(500).json({ error: 'Failed to delete API key' });
+  }
+});
+
+// Toggle API key active status
+router.patch('/api-keys/:keyId/toggle', async (req, res) => {
+  try {
+    const { keyId } = req.params;
+    const { isActive } = req.body;
+
+    if (typeof isActive !== 'boolean') {
+      return res.status(400).json({ error: 'isActive must be a boolean' });
+    }
+
+    const success = await apiKeysDb.toggleApiKey(req.user.id, parseInt(keyId), isActive);
+
+    if (success) {
+      res.json({ success: true });
+    } else {
+      res.status(404).json({ error: 'API key not found' });
+    }
+  } catch (error) {
+    res.status(500).json({ error: 'Failed to toggle API key' });
+  }
+});
+
+// ===============================
+// Generic Credentials Management
+// ===============================
+
+// Get all credentials for the authenticated user (optionally filtered by type)
+router.get('/credentials', async (req, res) => {
+  try {
+    const { type } = req.query;
+    const credentials = await credentialsDb.getCredentials(req.user.id, type || null);
+    // Don't send the actual credential values for security
+    res.json({ credentials });
+  } catch (error) {
+    res.status(500).json({ error: 'Failed to fetch credentials' });
+  }
+});
+
+// Create a new credential
+router.post('/credentials', async (req, res) => {
+  try {
+    const { credentialName, credentialType, credentialValue, description } = req.body;
+
+    if (!credentialName || !credentialName.trim()) {
+      return res.status(400).json({ error: 'Credential name is required' });
+    }
+
+    if (!credentialType || !credentialType.trim()) {
+      return res.status(400).json({ error: 'Credential type is required' });
+    }
+
+    if (!credentialValue || !credentialValue.trim()) {
+      return res.status(400).json({ error: 'Credential value is required' });
+    }
+
+    const result = await credentialsDb.createCredential(
+      req.user.id,
+      credentialName.trim(),
+      credentialType.trim(),
+      credentialValue.trim(),
+      description?.trim() || null
+    );
+
+    res.json({
+      success: true,
+      credential: result
+    });
+  } catch (error) {
+    res.status(500).json({ error: 'Failed to create credential' });
+  }
+});
+
+// Delete a credential
+router.delete('/credentials/:credentialId', async (req, res) => {
+  try {
+    const { credentialId } = req.params;
+    const success = await credentialsDb.deleteCredential(req.user.id, parseInt(credentialId));
+
+    if (success) {
+      res.json({ success: true });
+    } else {
+      res.status(404).json({ error: 'Credential not found' });
+    }
+  } catch (error) {
+    res.status(500).json({ error: 'Failed to delete credential' });
+  }
+});
+
+// Toggle credential active status
+router.patch('/credentials/:credentialId/toggle', async (req, res) => {
+  try {
+    const { credentialId } = req.params;
+    const { isActive } = req.body;
+
+    if (typeof isActive !== 'boolean') {
+      return res.status(400).json({ error: 'isActive must be a boolean' });
+    }
+
+    const success = await credentialsDb.toggleCredential(req.user.id, parseInt(credentialId), isActive);
+
+    if (success) {
+      res.json({ success: true });
+    } else {
+      res.status(404).json({ error: 'Credential not found' });
+    }
+  } catch (error) {
+    res.status(500).json({ error: 'Failed to toggle credential' });
+  }
+});
+
+// ===============================
+// AI Provider Keys (BYOK)
+// ===============================
+
+const AI_PROVIDER_TYPES = [
+  'anthropic_key',
+  'openai_key',
+  'openrouter_key',
+  'google_key',
+];
+
+// Get all AI provider keys for the authenticated user (masked values)
+router.get('/ai-providers', async (req, res) => {
+  try {
+    const allCreds = [];
+    for (const type of AI_PROVIDER_TYPES) {
+      const creds = await credentialsDb.getCredentials(req.user.id, type);
+      allCreds.push(...creds.map(c => ({
+        id: c.id,
+        credential_name: c.credential_name,
+        credential_type: c.credential_type,
+        description: c.description,
+        is_active: c.is_active,
+        created_at: c.created_at,
+        // Mask the key — show first 8 and last 4 chars
+        masked_value: c.credential_value
+          ? c.credential_value.slice(0, 8) + '...' + c.credential_value.slice(-4)
+          : '***',
+      })));
+    }
+    res.json({ providers: allCreds });
+  } catch (error) {
+    res.status(500).json({ error: 'Failed to fetch AI provider keys' });
+  }
+});
+
+// Save an AI provider key
+router.post('/ai-providers', async (req, res) => {
+  try {
+    const { providerType, apiKey, name } = req.body;
+
+    if (!providerType || !AI_PROVIDER_TYPES.includes(providerType)) {
+      return res.status(400).json({ error: `Invalid provider type. Supported: ${AI_PROVIDER_TYPES.join(', ')}` });
+    }
+    if (!apiKey || !apiKey.trim()) {
+      return res.status(400).json({ error: 'API key is required' });
+    }
+    if (apiKey.trim().length < 10 || apiKey.trim().length > 256) {
+      return res.status(400).json({ error: 'Invalid API key length' });
+    }
+
+    const label = providerType.replace('_key', '').replace('_', ' ');
+    const credName = name?.trim() || `${label} API key`;
+
+    // Deactivate existing keys of same type (user should only have one active per provider)
+    const existing = await credentialsDb.getCredentials(req.user.id, providerType);
+    for (const cred of existing) {
+      if (cred.is_active) {
+        await credentialsDb.toggleCredential(req.user.id, cred.id, false);
+      }
+    }
+
+    const result = await credentialsDb.createCredential(
+      req.user.id,
+      credName,
+      providerType,
+      apiKey.trim(),
+      `User-provided ${label} API key`
+    );
+
+    res.json({ success: true, credential: { id: result.id, credential_type: providerType, credential_name: credName } });
+  } catch (error) {
+    res.status(500).json({ error: 'Failed to save AI provider key' });
+  }
+});
+
+// Delete an AI provider key
+router.delete('/ai-providers/:credentialId', async (req, res) => {
+  try {
+    const { credentialId } = req.params;
+    const success = await credentialsDb.deleteCredential(req.user.id, parseInt(credentialId));
+    if (success) {
+      res.json({ success: true });
+    } else {
+      res.status(404).json({ error: 'Provider key not found' });
+    }
+  } catch (error) {
+    res.status(500).json({ error: 'Failed to delete provider key' });
+  }
+});
+
+export default router;