visionos-monorepo 0.1.0

package/server/src/features/auth/sessionStore.ts

@@ -0,0 +1,79 @@
+import { randomUUID } from "node:crypto";
+import {
+  CLI_AUTH_POLL_INTERVAL_MS,
+  CLI_AUTH_SESSION_TTL_MS,
+  type CliAuthSession,
+  type CreateCliAuthSessionResponse,
+  type LearnerIdentity,
+  type LearningTrackId
+} from "../../../../shared/src/index.js";
+
+export class InMemoryCliAuthSessionStore {
+  private readonly sessions = new Map<string, CliAuthSession>();
+
+  constructor(private readonly clientOrigin: string) {}
+
+  createSession(trackId: LearningTrackId): CreateCliAuthSessionResponse {
+    const createdAt = new Date();
+    const session: CliAuthSession = {
+      sessionId: randomUUID(),
+      trackId,
+      status: "pending",
+      createdAt: createdAt.toISOString(),
+      expiresAt: new Date(createdAt.getTime() + CLI_AUTH_SESSION_TTL_MS).toISOString()
+    };
+
+    this.sessions.set(session.sessionId, session);
+
+    return {
+      session,
+      browserUrl: new URL(`/?cliAuthSession=${session.sessionId}`, this.clientOrigin).toString(),
+      pollIntervalMs: CLI_AUTH_POLL_INTERVAL_MS
+    };
+  }
+
+  getSession(sessionId: string): CliAuthSession | undefined {
+    const session = this.sessions.get(sessionId);
+
+    if (!session) {
+      return undefined;
+    }
+
+    if (session.status === "pending" && Date.now() >= Date.parse(session.expiresAt)) {
+      const expiredSession: CliAuthSession = {
+        ...session,
+        status: "expired"
+      };
+
+      this.sessions.set(sessionId, expiredSession);
+
+      return expiredSession;
+    }
+
+    return session;
+  }
+
+  completeSession(
+    sessionId: string,
+    learner: LearnerIdentity,
+    accountToken?: string
+  ): CliAuthSession | undefined {
+    const session = this.getSession(sessionId);
+
+    if (!session || session.status !== "pending") {
+      return session;
+    }
+
+    const authenticatedSession: CliAuthSession = {
+      ...session,
+      status: "authenticated",
+      authenticatedAt: new Date().toISOString(),
+      accountToken,
+      learner
+    };
+
+    this.sessions.set(sessionId, authenticatedSession);
+
+    return authenticatedSession;
+  }
+}

package/server/src/index.ts

@@ -0,0 +1,8 @@
+import { createApp } from "./app.js";
+import { env } from "./config/env.js";
+
+const app = createApp();
+
+app.listen(env.port, env.host, () => {
+  console.log(`VisionOS server listening on http://${env.host}:${env.port}`);
+});

package/server/src/routes/auth.ts

@@ -0,0 +1,328 @@
+import { Router } from "express";
+import {
+  type AccountAuthRequest,
+  type CliAuthSession,
+  type CompleteCliAuthSessionRequest,
+  type CreateCliAuthSessionRequest,
+  type GoogleAuthRequest,
+  LEARNING_TRACKS,
+  type LearnerIdentity,
+  type LearningTrackId
+} from "../../../shared/src/index.js";
+import { env } from "../config/env.js";
+import {
+  AccountStoreError,
+  bearerTokenFromHeader,
+  type AccountStore
+} from "../features/accounts/accountStore.js";
+import { InMemoryCliAuthSessionStore } from "../features/auth/sessionStore.js";
+
+const emailPattern = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+
+function isLearningTrackId(value: unknown): value is LearningTrackId {
+  return typeof value === "string" && LEARNING_TRACKS.some((track) => track.id === value);
+}
+
+export interface CreateAuthRouterOptions {
+  accountStore?: AccountStore | null;
+  clientOrigin?: string;
+  googleClientId?: string;
+  getCurrentUser?: () => Promise<LearnerIdentity | null> | LearnerIdentity | null;
+  onAuthenticated?: (session: CliAuthSession) => Promise<void> | void;
+}
+
+export function createAuthRouter(options: CreateAuthRouterOptions = {}) {
+  const router = Router();
+  const cliAuthSessionStore = new InMemoryCliAuthSessionStore(options.clientOrigin ?? env.clientOrigin);
+
+  router.get("/me", async (req, res, next) => {
+    try {
+      const bearerToken = bearerTokenFromHeader(req.header("authorization"));
+      const accountUser = bearerToken && options.accountStore
+        ? await options.accountStore.getUserFromToken(bearerToken)
+        : null;
+      const user = accountUser ?? (await options.getCurrentUser?.()) ?? null;
+
+      return res.status(200).json({ user });
+    } catch (error) {
+      return next(error);
+    }
+  });
+
+  router.post("/register", async (req, res, next) => {
+    try {
+      const accountStore = requireAccountStore(options.accountStore);
+      const body = req.body as Partial<AccountAuthRequest>;
+      const auth = await accountStore.register({
+        email: body.email ?? "",
+        name: body.name ?? "",
+        password: body.password ?? ""
+      });
+
+      return res.status(201).json(auth);
+    } catch (error) {
+      return next(error);
+    }
+  });
+
+  router.post("/login", async (req, res, next) => {
+    try {
+      const accountStore = requireAccountStore(options.accountStore);
+      const body = req.body as Partial<AccountAuthRequest>;
+      const auth = await accountStore.login({
+        email: body.email ?? "",
+        password: body.password ?? ""
+      });
+
+      return res.status(200).json(auth);
+    } catch (error) {
+      return next(error);
+    }
+  });
+
+  router.post("/google", async (req, res, next) => {
+    try {
+      const accountStore = requireAccountStore(options.accountStore);
+      const body = req.body as Partial<GoogleAuthRequest>;
+
+      if (!body.credential) {
+        return res.status(400).json({
+          message: "Google credential is required."
+        });
+      }
+
+      const profile = await verifyGoogleCredential(body.credential, options.googleClientId ?? env.googleClientId);
+      const auth = await accountStore.loginWithGoogle(profile);
+
+      return res.status(200).json(auth);
+    } catch (error) {
+      return next(error);
+    }
+  });
+
+  router.post("/cli/sessions", (req, res) => {
+    const body = req.body as Partial<CreateCliAuthSessionRequest>;
+
+    if (!isLearningTrackId(body.trackId)) {
+      return res.status(400).json({
+        message: "A valid learning track is required to start browser authentication."
+      });
+    }
+
+    return res.status(201).json(cliAuthSessionStore.createSession(body.trackId));
+  });
+
+  router.get("/cli/sessions/:sessionId", (req, res) => {
+    const session = cliAuthSessionStore.getSession(req.params.sessionId);
+
+    if (!session) {
+      return res.status(404).json({
+        message: "Auth session not found."
+      });
+    }
+
+    return res.status(200).json({ session });
+  });
+
+  router.post("/cli/sessions/:sessionId/complete", async (req, res, next) => {
+    try {
+      const session = cliAuthSessionStore.getSession(req.params.sessionId);
+
+      if (!session) {
+        return res.status(404).json({
+          message: "Auth session not found."
+        });
+      }
+
+      if (session.status === "expired") {
+        return res.status(410).json({
+          message: "Auth session expired.",
+          session
+        });
+      }
+
+      if (session.status === "authenticated") {
+        return res.status(200).json({ session });
+      }
+
+      const body = req.body as Partial<CompleteCliAuthSessionRequest>;
+      const learnerEmail = body.learnerEmail?.trim().toLowerCase();
+      const password = body.password?.trim() ?? "";
+
+      if (!body.mode || !["login", "register"].includes(body.mode)) {
+        return res.status(400).json({
+          message: "Choose whether to create a new account or log in."
+        });
+      }
+
+      if (!learnerEmail || !emailPattern.test(learnerEmail) || !password) {
+        return res.status(400).json({
+          message: "A valid email address and password are required to complete sign-in."
+        });
+      }
+
+      const accountStore = requireAccountStore(options.accountStore);
+      const auth = body.mode === "register"
+        ? await accountStore.register({
+            email: learnerEmail,
+            name: body.learnerName ?? "",
+            password
+          })
+        : await accountStore.login({
+            email: learnerEmail,
+            password
+          });
+      const authenticatedSession = cliAuthSessionStore.completeSession(req.params.sessionId, {
+        userId: auth.user.userId,
+        name: auth.user.name,
+        email: auth.user.email
+      }, auth.token);
+
+      if (authenticatedSession) {
+        await options.onAuthenticated?.(authenticatedSession);
+      }
+
+      return res.status(200).json({ session: authenticatedSession, auth });
+    } catch (error) {
+      return next(error);
+    }
+  });
+
+  router.post("/cli/sessions/:sessionId/confirm", async (req, res, next) => {
+    try {
+      const session = cliAuthSessionStore.getSession(req.params.sessionId);
+
+      if (!session) {
+        return res.status(404).json({
+          message: "Auth session not found."
+        });
+      }
+
+      if (session.status === "expired") {
+        return res.status(410).json({
+          message: "Auth session expired.",
+          session
+        });
+      }
+
+      if (session.status === "authenticated") {
+        return res.status(200).json({ session });
+      }
+
+      const bearerToken = bearerTokenFromHeader(req.header("authorization"));
+      if (!bearerToken || !options.accountStore) {
+        return res.status(401).json({
+          message: "Authentication required to confirm CLI sign-in."
+        });
+      }
+
+      const accountUser = await options.accountStore.getUserFromToken(bearerToken);
+      if (!accountUser) {
+        return res.status(401).json({
+          message: "Invalid token or user not found."
+        });
+      }
+
+      const authenticatedSession = cliAuthSessionStore.completeSession(req.params.sessionId, {
+        userId: accountUser.userId,
+        name: accountUser.name,
+        email: accountUser.email
+      }, bearerToken);
+
+      if (authenticatedSession) {
+        await options.onAuthenticated?.(authenticatedSession);
+      }
+
+      return res.status(200).json({ session: authenticatedSession });
+    } catch (error) {
+      return next(error);
+    }
+  });
+
+  router.post("/cli/sessions/:sessionId/google", async (req, res, next) => {
+    try {
+      const session = cliAuthSessionStore.getSession(req.params.sessionId);
+
+      if (!session) {
+        return res.status(404).json({
+          message: "Auth session not found."
+        });
+      }
+
+      if (session.status === "expired") {
+        return res.status(410).json({
+          message: "Auth session expired.",
+          session
+        });
+      }
+
+      if (session.status === "authenticated") {
+        return res.status(200).json({ session });
+      }
+
+      const accountStore = requireAccountStore(options.accountStore);
+      const body = req.body as Partial<GoogleAuthRequest>;
+
+      if (!body.credential) {
+        return res.status(400).json({
+          message: "Google credential is required."
+        });
+      }
+
+      const profile = await verifyGoogleCredential(body.credential, options.googleClientId ?? env.googleClientId);
+      const auth = await accountStore.loginWithGoogle(profile);
+      const authenticatedSession = cliAuthSessionStore.completeSession(req.params.sessionId, {
+        userId: auth.user.userId,
+        name: auth.user.name,
+        email: auth.user.email
+      }, auth.token);
+
+      if (authenticatedSession) {
+        await options.onAuthenticated?.(authenticatedSession);
+      }
+
+      return res.status(200).json({ session: authenticatedSession, auth });
+    } catch (error) {
+      return next(error);
+    }
+  });
+
+  return router;
+}
+
+export const authRouter = createAuthRouter();
+
+function requireAccountStore(accountStore: AccountStore | null | undefined) {
+  if (!accountStore) {
+    throw new AccountStoreError("MongoDB account storage is not configured. Set MONGODB_URI first.", 503);
+  }
+
+  return accountStore;
+}
+
+async function verifyGoogleCredential(credential: string, googleClientId?: string) {
+  if (!googleClientId) {
+    throw new AccountStoreError("Google login is not configured. Set GOOGLE_CLIENT_ID first.", 503);
+  }
+
+  const url = new URL("https://oauth2.googleapis.com/tokeninfo");
+  url.searchParams.set("id_token", credential);
+
+  const response = await fetch(url);
+  const payload = (await response.json().catch(() => null)) as {
+    aud?: string;
+    email?: string;
+    name?: string;
+    sub?: string;
+  } | null;
+
+  if (!response.ok || !payload?.email || !payload.sub || payload.aud !== googleClientId) {
+    throw new AccountStoreError("Google sign-in could not be verified.", 401);
+  }
+
+  return {
+    email: payload.email,
+    name: payload.name ?? payload.email,
+    subject: payload.sub
+  };
+}

package/server/src/routes/content.ts

@@ -0,0 +1,174 @@
+import { Router } from "express";
+import {
+  type LearningTrack,
+  type LearningLesson
+} from "../../../shared/src/index.js";
+import {
+  AccountStoreError,
+  bearerTokenFromHeader,
+  type AccountStore
+} from "../features/accounts/accountStore.js";
+import { type ContentStore } from "../features/accounts/contentStore.js";
+
+export function createContentRouter(
+  accountStore: AccountStore | null,
+  contentStore: ContentStore | null
+) {
+  const router = Router();
+
+  function requireContentStore() {
+    if (!contentStore) {
+      throw new Error("MongoDB content storage is not configured.");
+    }
+    return contentStore;
+  }
+
+  async function resolveUser(authorization: string | undefined) {
+    const token = bearerTokenFromHeader(authorization);
+
+    if (token && accountStore) {
+      const user = await accountStore.getUserFromToken(token);
+      if (user) {
+        return user;
+      }
+      throw new AccountStoreError("Your session is invalid or expired. Sign in again.", 401);
+    }
+
+    throw new AccountStoreError("Sign in to modify content.", 401);
+  }
+
+  // 1. GET /tracks - Retrieve all tracks (public)
+  router.get("/tracks", async (req, res, next) => {
+    try {
+      const store = requireContentStore();
+      const tracks = await store.listTracks();
+      return res.status(200).json({ tracks });
+    } catch (error) {
+      return next(error);
+    }
+  });
+
+  // 2. GET /tracks/:trackId/lessons - Retrieve lessons in track (public)
+  router.get("/tracks/:trackId/lessons", async (req, res, next) => {
+    try {
+      const store = requireContentStore();
+      const lessons = await store.listLessons(req.params.trackId);
+      return res.status(200).json({ lessons });
+    } catch (error) {
+      return next(error);
+    }
+  });
+
+  // 3. POST /tracks - Create track (authenticated)
+  router.post("/tracks", async (req, res, next) => {
+    try {
+      const user = await resolveUser(req.header("authorization"));
+      const store = requireContentStore();
+      const body = req.body as { id: string; label: string; description: string };
+
+      if (!body.id || !body.label || !body.description) {
+        return res.status(400).json({ message: "Track ID, Label, and Description are required." });
+      }
+
+      const track = await store.createTrack(user.userId, {
+        id: body.id.trim().toLowerCase().replace(/[^a-z0-9_-]/g, ""),
+        label: body.label.trim(),
+        description: body.description.trim()
+      });
+
+      return res.status(201).json({ track });
+    } catch (error) {
+      return next(error);
+    }
+  });
+
+  // 4. PUT /tracks/:trackId - Update track (authenticated, creator-only)
+  router.put("/tracks/:trackId", async (req, res, next) => {
+    try {
+      const user = await resolveUser(req.header("authorization"));
+      const store = requireContentStore();
+      const body = req.body as { label: string; description: string };
+
+      if (!body.label || !body.description) {
+        return res.status(400).json({ message: "Label and Description are required." });
+      }
+
+      const track = await store.updateTrack(user.userId, req.params.trackId, {
+        label: body.label.trim(),
+        description: body.description.trim()
+      });
+
+      return res.status(200).json({ track });
+    } catch (error: any) {
+      return res.status(error.status ?? 400).json({ message: error.message });
+    }
+  });
+
+  // 5. POST /tracks/:trackId/lessons - Create lesson (authenticated, creator-only)
+  router.post("/tracks/:trackId/lessons", async (req, res, next) => {
+    try {
+      const user = await resolveUser(req.header("authorization"));
+      const store = requireContentStore();
+      const body = req.body as Omit<LearningLesson, "creatorId" | "createdAt">;
+
+      if (!body.id || !body.title || !body.summary || !body.steps || body.steps.length === 0) {
+        return res.status(400).json({ message: "Lesson ID, Title, Summary, and at least one step are required." });
+      }
+
+      const lesson = await store.createLesson(user.userId, {
+        id: body.id.trim().toLowerCase().replace(/[^a-z0-9_-]/g, ""),
+        trackId: req.params.trackId,
+        title: body.title.trim(),
+        difficulty: body.difficulty || "beginner",
+        summary: body.summary.trim(),
+        estimatedMinutes: body.estimatedMinutes || 10,
+        steps: body.steps.map(s => ({
+          id: s.id.trim().toLowerCase().replace(/[^a-z0-9_-]/g, ""),
+          title: s.title.trim(),
+          objective: s.objective.trim(),
+          command: s.command.trim(),
+          explanation: s.explanation.trim(),
+          validationType: s.validationType || "syntax",
+          validationPath: s.validationPath ? s.validationPath.trim() : undefined,
+          validationContent: s.validationContent ? s.validationContent.trim() : undefined
+        }))
+      });
+
+      return res.status(201).json({ lesson });
+    } catch (error: any) {
+      return res.status(error.status ?? 400).json({ message: error.message });
+    }
+  });
+
+  // 6. PUT /lessons/:lessonId - Update lesson (authenticated, creator-only)
+  router.put("/lessons/:lessonId", async (req, res, next) => {
+    try {
+      const user = await resolveUser(req.header("authorization"));
+      const store = requireContentStore();
+      const body = req.body as Partial<Omit<LearningLesson, "creatorId" | "createdAt">>;
+
+      const lesson = await store.updateLesson(user.userId, req.params.lessonId, {
+        title: body.title ? body.title.trim() : undefined,
+        difficulty: body.difficulty,
+        summary: body.summary ? body.summary.trim() : undefined,
+        estimatedMinutes: body.estimatedMinutes,
+        steps: body.steps ? body.steps.map(s => ({
+          id: s.id.trim().toLowerCase().replace(/[^a-z0-9_-]/g, ""),
+          title: s.title.trim(),
+          objective: s.objective.trim(),
+          command: s.command.trim(),
+          explanation: s.explanation.trim(),
+          validationType: s.validationType || "syntax",
+          validationPath: s.validationPath ? s.validationPath.trim() : undefined,
+          validationContent: s.validationContent ? s.validationContent.trim() : undefined
+        })) : undefined
+      });
+
+      return res.status(200).json({ lesson });
+    } catch (error: any) {
+      return res.status(error.status ?? 400).json({ message: error.message });
+    }
+  });
+
+  return router;
+}

package/server/src/routes/health.ts

@@ -0,0 +1,14 @@
+import { Router } from "express";
+import { APP_NAME, APP_VERSION } from "../../../shared/src/index.js";
+
+export const healthRouter = Router();
+
+healthRouter.get("/", (_req, res) => {
+  res.status(200).json({
+    status: "ok",
+    service: APP_NAME,
+    version: APP_VERSION,
+    timestamp: new Date().toISOString()
+  });
+});
+