web-agent-bridge 1.2.0 → 2.1.0

package/server/routes/api.js

@@ -1,138 +1,131 @@
-const express = require('express');
-const router = express.Router();
-const { authenticateToken } = require('../middleware/auth');
-const {
-  addSite, findSitesByUser, findSiteById,
-  updateSiteConfig, updateSiteTier, deleteSite,
-  getAnalyticsBySite, getAnalyticsTimeline
-} = require('../models/db');
-
-// ─── Sites ──────────────────────────────────────────────────────────────
-
-router.get('/sites', authenticateToken, (req, res) => {
-  const sites = findSitesByUser.all(req.user.id);
-  res.json({
-    sites: sites.filter(s => s.active).map(s => ({
-      ...s,
-      config: JSON.parse(s.config || '{}')
-    }))
-  });
-});
-
-router.post('/sites', authenticateToken, (req, res) => {
-  const { domain, name, description, tier } = req.body;
-
-  if (!domain || !name) {
-    return res.status(400).json({ error: 'Domain and name are required' });
-  }
-
-  try {
-    const site = addSite({ userId: req.user.id, domain, name, description, tier });
-    res.status(201).json({ site });
-  } catch (err) {
-    res.status(500).json({ error: 'Failed to create site' });
-  }
-});
-
-router.get('/sites/:id', authenticateToken, (req, res) => {
-  const site = findSiteById.get(req.params.id);
-  if (!site || site.user_id !== req.user.id) {
-    return res.status(404).json({ error: 'Site not found' });
-  }
-  res.json({ site: { ...site, config: JSON.parse(site.config || '{}') } });
-});
-
-router.put('/sites/:id/config', authenticateToken, (req, res) => {
-  const { config } = req.body;
-  if (!config) return res.status(400).json({ error: 'Config is required' });
-
-  try {
-    const r = updateSiteConfig.run(JSON.stringify(config), req.params.id, req.user.id);
-    if (r.changes === 0) {
-      return res.status(404).json({ error: 'Site not found' });
-    }
-    res.json({ success: true });
-  } catch (err) {
-    res.status(500).json({ error: 'Failed to update config' });
-  }
-});
-
-router.put('/sites/:id/tier', authenticateToken, (req, res) => {
-  const { tier } = req.body;
-  if (!['free', 'starter', 'pro', 'enterprise'].includes(tier)) {
-    return res.status(400).json({ error: 'Invalid tier' });
-  }
-
-  try {
-    const r = updateSiteTier.run(tier, req.params.id, req.user.id);
-    if (r.changes === 0) {
-      return res.status(404).json({ error: 'Site not found' });
-    }
-    res.json({ success: true, tier });
-  } catch (err) {
-    res.status(500).json({ error: 'Failed to update tier' });
-  }
-});
-
-router.delete('/sites/:id', authenticateToken, (req, res) => {
-  try {
-    const r = deleteSite.run(req.params.id, req.user.id);
-    if (r.changes === 0) {
-      return res.status(404).json({ error: 'Site not found' });
-    }
-    res.json({ success: true });
-  } catch (err) {
-    res.status(500).json({ error: 'Failed to delete site' });
-  }
-});
-
-// ─── Analytics ──────────────────────────────────────────────────────────
-
-router.get('/sites/:id/analytics', authenticateToken, (req, res) => {
-  const site = findSiteById.get(req.params.id);
-  if (!site || site.user_id !== req.user.id) {
-    return res.status(404).json({ error: 'Site not found' });
-  }
-
-  const days = parseInt(req.query.days) || 30;
-  const since = new Date(Date.now() - days * 86400000).toISOString();
-
-  const summary = getAnalyticsBySite.all(site.id, since);
-  const timeline = getAnalyticsTimeline.all(site.id, since);
-
-  res.json({ summary, timeline, period: `${days} days` });
-});
-
-// ─── Script Generation ──────────────────────────────────────────────────
-
-router.get('/sites/:id/snippet', authenticateToken, (req, res) => {
-  const site = findSiteById.get(req.params.id);
-  if (!site || site.user_id !== req.user.id) {
-    return res.status(404).json({ error: 'Site not found' });
-  }
-
-  const config = JSON.parse(site.config || '{}');
-  const snippet = `<!-- Web Agent Bridge (Secure Mode + NoJS Fallback) -->
-<script>
-window.AIBridgeConfig = {
-  siteId: "${site.id}",
-  configEndpoint: "/api/license/token",
-  agentPermissions: ${JSON.stringify(config.agentPermissions || {}, null, 4)},
-  restrictions: ${JSON.stringify(config.restrictions || {}, null, 4)},
-  logging: ${JSON.stringify(config.logging || {}, null, 4)}
-};
-</script>
-<script src="/script/ai-agent-bridge.js"></script>
-<noscript>
-  <!-- Automatic NoJS Fallback: tracking + CSS analytics + SSR bridge -->
-  <link rel="stylesheet" href="/api/noscript/css/${site.id}">
-  <img src="/api/noscript/pixel/${site.id}?action=pageview&t=noscript" width="1" height="1" alt="" style="position:absolute;opacity:0;">
-  <meta name="wab:site-id" content="${site.id}">
-  <meta name="wab:noscript" content="true">
-  <meta name="wab:bridge" content="/api/noscript/bridge/${site.id}">
-</noscript>`;
-
-  res.json({ snippet, siteId: site.id });
-});
-
-module.exports = router;
+const express = require('express');
+const router = express.Router();
+const { authenticateToken } = require('../middleware/auth');
+const {
+  addSite, findSitesByUser, findSiteById,
+  updateSiteConfig, updateSiteTier, deleteSite,
+  getAnalyticsBySite, getAnalyticsTimeline
+} = require('../models/db');
+
+// ─── Sites ──────────────────────────────────────────────────────────────
+
+router.get('/sites', authenticateToken, (req, res) => {
+  const sites = findSitesByUser.all(req.user.id);
+  res.json({
+    sites: sites.filter(s => s.active).map(s => ({
+      ...s,
+      config: JSON.parse(s.config || '{}')
+    }))
+  });
+});
+
+router.post('/sites', authenticateToken, (req, res) => {
+  const { domain, name, description, tier } = req.body;
+
+  if (!domain || !name) {
+    return res.status(400).json({ error: 'Domain and name are required' });
+  }
+
+  try {
+    const site = addSite({ userId: req.user.id, domain, name, description, tier });
+    res.status(201).json({ site });
+  } catch (err) {
+    res.status(500).json({ error: 'Failed to create site' });
+  }
+});
+
+router.get('/sites/:id', authenticateToken, (req, res) => {
+  const site = findSiteById.get(req.params.id);
+  if (!site || site.user_id !== req.user.id) {
+    return res.status(404).json({ error: 'Site not found' });
+  }
+  res.json({ site: { ...site, config: JSON.parse(site.config || '{}') } });
+});
+
+router.put('/sites/:id/config', authenticateToken, (req, res) => {
+  const { config } = req.body;
+  if (!config) return res.status(400).json({ error: 'Config is required' });
+
+  try {
+    const r = updateSiteConfig.run(JSON.stringify(config), req.params.id, req.user.id);
+    if (r.changes === 0) {
+      return res.status(404).json({ error: 'Site not found' });
+    }
+    res.json({ success: true });
+  } catch (err) {
+    res.status(500).json({ error: 'Failed to update config' });
+  }
+});
+
+router.put('/sites/:id/tier', authenticateToken, (req, res) => {
+  const { tier } = req.body;
+  if (!['free', 'starter', 'pro', 'enterprise'].includes(tier)) {
+    return res.status(400).json({ error: 'Invalid tier' });
+  }
+
+  try {
+    const r = updateSiteTier.run(tier, req.params.id, req.user.id);
+    if (r.changes === 0) {
+      return res.status(404).json({ error: 'Site not found' });
+    }
+    res.json({ success: true, tier });
+  } catch (err) {
+    res.status(500).json({ error: 'Failed to update tier' });
+  }
+});
+
+router.delete('/sites/:id', authenticateToken, (req, res) => {
+  try {
+    const r = deleteSite.run(req.params.id, req.user.id);
+    if (r.changes === 0) {
+      return res.status(404).json({ error: 'Site not found' });
+    }
+    res.json({ success: true });
+  } catch (err) {
+    res.status(500).json({ error: 'Failed to delete site' });
+  }
+});
+
+// ─── Analytics ──────────────────────────────────────────────────────────
+
+router.get('/sites/:id/analytics', authenticateToken, (req, res) => {
+  const site = findSiteById.get(req.params.id);
+  if (!site || site.user_id !== req.user.id) {
+    return res.status(404).json({ error: 'Site not found' });
+  }
+
+  const days = parseInt(req.query.days) || 30;
+  const since = new Date(Date.now() - days * 86400000).toISOString();
+
+  const summary = getAnalyticsBySite.all(site.id, since);
+  const timeline = getAnalyticsTimeline.all(site.id, since);
+
+  res.json({ summary, timeline, period: `${days} days` });
+});
+
+// ─── Script Generation ──────────────────────────────────────────────────
+
+router.get('/sites/:id/snippet', authenticateToken, (req, res) => {
+  const site = findSiteById.get(req.params.id);
+  if (!site || site.user_id !== req.user.id) {
+    return res.status(404).json({ error: 'Site not found' });
+  }
+
+  const config = JSON.parse(site.config || '{}');
+  // Public site id + token endpoint only — long-lived license key stays in dashboard, not in embed
+  const snippet = `<!-- Web Agent Bridge (Secure Mode) -->
+<script>
+window.AIBridgeConfig = {
+  siteId: "${site.id}",
+  configEndpoint: "/api/license/token",
+  agentPermissions: ${JSON.stringify(config.agentPermissions || {}, null, 4)},
+  restrictions: ${JSON.stringify(config.restrictions || {}, null, 4)},
+  logging: ${JSON.stringify(config.logging || {}, null, 4)}
+};
+</script>
+<script src="/script/ai-agent-bridge.js"></script>`;
+
+  res.json({ snippet, siteId: site.id });
+});
+
+module.exports = router;

package/server/routes/auth.js

@@ -1,51 +1,51 @@
-const express = require('express');
-const router = express.Router();
-const { registerUser, loginUser, findUserById } = require('../models/db');
-const { generateToken, authenticateToken } = require('../middleware/auth');
-
-router.post('/register', (req, res) => {
-  const { email, password, name, company } = req.body;
-
-  if (!email || !password || !name) {
-    return res.status(400).json({ error: 'Email, password, and name are required' });
-  }
-
-  if (password.length < 8) {
-    return res.status(400).json({ error: 'Password must be at least 8 characters' });
-  }
-
-  try {
-    const user = registerUser({ email, password, name, company });
-    const token = generateToken(user);
-    res.status(201).json({ user, token });
-  } catch (err) {
-    if (err.message.includes('UNIQUE constraint')) {
-      return res.status(409).json({ error: 'Email already registered' });
-    }
-    res.status(500).json({ error: 'Registration failed' });
-  }
-});
-
-router.post('/login', (req, res) => {
-  const { email, password } = req.body;
-
-  if (!email || !password) {
-    return res.status(400).json({ error: 'Email and password are required' });
-  }
-
-  const user = loginUser({ email, password });
-  if (!user) {
-    return res.status(401).json({ error: 'Invalid email or password' });
-  }
-
-  const token = generateToken(user);
-  res.json({ user, token });
-});
-
-router.get('/me', authenticateToken, (req, res) => {
-  const user = findUserById.get(req.user.id);
-  if (!user) return res.status(404).json({ error: 'User not found' });
-  res.json({ user });
-});
-
-module.exports = router;
+const express = require('express');
+const router = express.Router();
+const { registerUser, loginUser, findUserById } = require('../models/db');
+const { generateToken, authenticateToken } = require('../middleware/auth');
+
+router.post('/register', (req, res) => {
+  const { email, password, name, company } = req.body;
+
+  if (!email || !password || !name) {
+    return res.status(400).json({ error: 'Email, password, and name are required' });
+  }
+
+  if (password.length < 8) {
+    return res.status(400).json({ error: 'Password must be at least 8 characters' });
+  }
+
+  try {
+    const user = registerUser({ email, password, name, company });
+    const token = generateToken(user);
+    res.status(201).json({ user, token });
+  } catch (err) {
+    if (err.message.includes('UNIQUE constraint')) {
+      return res.status(409).json({ error: 'Email already registered' });
+    }
+    res.status(500).json({ error: 'Registration failed' });
+  }
+});
+
+router.post('/login', (req, res) => {
+  const { email, password } = req.body;
+
+  if (!email || !password) {
+    return res.status(400).json({ error: 'Email and password are required' });
+  }
+
+  const user = loginUser({ email, password });
+  if (!user) {
+    return res.status(401).json({ error: 'Invalid email or password' });
+  }
+
+  const token = generateToken(user);
+  res.json({ user, token });
+});
+
+router.get('/me', authenticateToken, (req, res) => {
+  const user = findUserById.get(req.user.id);
+  if (!user) return res.status(404).json({ error: 'User not found' });
+  res.json({ user });
+});
+
+module.exports = router;

package/server/routes/billing.js

@@ -1,45 +1,45 @@
-/**
- * Billing Routes (Customer-facing Stripe integration)
- */
-
-const express = require('express');
-const router = express.Router();
-const { authenticateToken } = require('../middleware/auth');
-const { getPlatformSetting } = require('../models/db');
-const { createCheckoutSession, createPortalSession, isStripeConfigured } = require('../services/stripe');
-
-// ─── Create Checkout Session ──────────────────────────────────────────
-router.post('/checkout', authenticateToken, async (req, res) => {
-  const { siteId, tier } = req.body;
-  if (!siteId || !tier) return res.status(400).json({ error: 'siteId and tier required' });
-  if (!['starter', 'pro', 'enterprise'].includes(tier)) return res.status(400).json({ error: 'Invalid tier' });
-
-  if (!isStripeConfigured()) {
-    return res.status(503).json({ error: 'Payment system not configured' });
-  }
-
-  try {
-    const session = await createCheckoutSession({ userId: req.user.id, userEmail: req.user.email, siteId, tier });
-    res.json(session);
-  } catch (err) {
-    res.status(500).json({ error: err.message });
-  }
-});
-
-// ─── Customer Portal ──────────────────────────────────────────────────
-router.post('/portal', authenticateToken, async (req, res) => {
-  try {
-    const session = await createPortalSession(req.user.id);
-    res.json(session);
-  } catch (err) {
-    res.status(500).json({ error: err.message });
-  }
-});
-
-// ─── Stripe Config (public key for frontend) ─────────────────────────
-router.get('/config', (req, res) => {
-  const publishableKey = getPlatformSetting('stripe_publishable_key');
-  res.json({ configured: isStripeConfigured(), publishableKey: publishableKey || null });
-});
-
-module.exports = router;
+/**
+ * Billing Routes (Customer-facing Stripe integration)
+ */
+
+const express = require('express');
+const router = express.Router();
+const { authenticateToken } = require('../middleware/auth');
+const { getPlatformSetting } = require('../models/db');
+const { createCheckoutSession, createPortalSession, isStripeConfigured } = require('../services/stripe');
+
+// ─── Create Checkout Session ──────────────────────────────────────────
+router.post('/checkout', authenticateToken, async (req, res) => {
+  const { siteId, tier } = req.body;
+  if (!siteId || !tier) return res.status(400).json({ error: 'siteId and tier required' });
+  if (!['starter', 'pro', 'enterprise'].includes(tier)) return res.status(400).json({ error: 'Invalid tier' });
+
+  if (!isStripeConfigured()) {
+    return res.status(503).json({ error: 'Payment system not configured' });
+  }
+
+  try {
+    const session = await createCheckoutSession({ userId: req.user.id, userEmail: req.user.email, siteId, tier });
+    res.json(session);
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+// ─── Customer Portal ──────────────────────────────────────────────────
+router.post('/portal', authenticateToken, async (req, res) => {
+  try {
+    const session = await createPortalSession(req.user.id);
+    res.json(session);
+  } catch (err) {
+    res.status(500).json({ error: err.message });
+  }
+});
+
+// ─── Stripe Config (public key for frontend) ─────────────────────────
+router.get('/config', (req, res) => {
+  const publishableKey = getPlatformSetting('stripe_publishable_key');
+  res.json({ configured: isStripeConfigured(), publishableKey: publishableKey || null });
+});
+
+module.exports = router;