webpeel 0.20.2 → 0.20.3

package/dist/server/routes/session.js

@@ -0,0 +1,397 @@
+/**
+ * Browser Session API — stateful Playwright sessions
+ *
+ * POST   /v1/session                → create session, returns { sessionId, expiresAt }
+ * GET    /v1/session/:id            → get current page content (Readability text)
+ * POST   /v1/session/:id/navigate   → navigate to URL { url }
+ * POST   /v1/session/:id/act        → execute PageActions array
+ * GET    /v1/session/:id/screenshot → take screenshot (image/png)
+ * DELETE /v1/session/:id            → close session
+ *
+ * Use cases: login flows, multi-step automation, UI testing.
+ * This is what Browserbase charges $500/mo for — built into WebPeel.
+ */
+import { Router } from 'express';
+import { randomUUID } from 'crypto';
+import { normalizeActions, executeActions } from '../../core/actions.js';
+import { ANTI_DETECTION_ARGS, getRandomViewport, getRandomUserAgent, applyStealthScripts, } from '../../core/browser-pool.js';
+import { extractReadableContent } from '../../core/readability.js';
+const sessions = new Map();
+const SESSION_TTL_MS = 5 * 60 * 1000; // 5 minutes idle TTL
+const MAX_SESSIONS_PER_USER = 3; // prevent abuse
+// Cleanup expired sessions every minute
+const _cleanupInterval = setInterval(() => {
+    const now = Date.now();
+    for (const [id, session] of sessions) {
+        if (now - session.lastUsedAt > SESSION_TTL_MS) {
+            session.browser.close().catch(() => { });
+            sessions.delete(id);
+        }
+    }
+}, 60_000);
+// Don't keep the Node process alive just for the cleanup timer
+if (_cleanupInterval.unref)
+    _cleanupInterval.unref();
+// ── Helpers ───────────────────────────────────────────────────────────────────
+/** Extract the owner ID from the request — supports both API key and JWT auth. */
+function getOwnerId(req) {
+    return req.auth?.keyInfo?.accountId
+        || req.user?.userId
+        || null;
+}
+/**
+ * Look up a session by id and verify it belongs to the requesting owner.
+ * Returns null if not found, expired, or owned by someone else.
+ */
+function getSession(id, ownerId) {
+    const session = sessions.get(id);
+    if (!session)
+        return null;
+    if (ownerId && session.ownerId !== ownerId)
+        return null; // ownership check
+    return session;
+}
+/** Launch a fresh Chromium browser for a session (separate instance per session). */
+async function launchBrowser() {
+    const { chromium } = await import('playwright');
+    const vp = getRandomViewport();
+    return chromium.launch({
+        headless: true,
+        args: [...ANTI_DETECTION_ARGS, `--window-size=${vp.width},${vp.height}`],
+    });
+}
+/** Extract readable text from an HTML string using WebPeel's built-in Readability engine. */
+function extractReadableText(html, url) {
+    try {
+        const result = extractReadableContent(html, url);
+        return result.content?.trim() || result.excerpt?.trim() || '';
+    }
+    catch {
+        return '';
+    }
+}
+// ── Router ────────────────────────────────────────────────────────────────────
+export function createSessionRouter() {
+    const router = Router();
+    // ── POST /v1/session — create session ────────────────────────────────────────
+    router.post('/v1/session', async (req, res) => {
+        const ownerId = getOwnerId(req);
+        if (!ownerId) {
+            res.status(401).json({ success: false, error: { type: 'auth_required', message: 'Valid API key or session required.', docs: 'https://webpeel.dev/docs/authentication' }, requestId: req.requestId });
+            return;
+        }
+        // Enforce per-user session cap
+        const userSessions = [...sessions.values()].filter(s => s.ownerId === ownerId);
+        if (userSessions.length >= MAX_SESSIONS_PER_USER) {
+            res.status(429).json({
+                success: false,
+                error: {
+                    type: 'session_limit',
+                    message: `Maximum ${MAX_SESSIONS_PER_USER} concurrent sessions per user. Delete an existing session first.`,
+                    hint: 'Delete an existing session via DELETE /v1/session/:id before creating a new one.',
+                    docs: 'https://webpeel.dev/docs/errors#session-limit',
+                },
+                requestId: req.requestId || randomUUID(),
+            });
+            return;
+        }
+        const { url } = req.body;
+        let browser = null;
+        try {
+            browser = await launchBrowser();
+            const context = await browser.newContext({
+                userAgent: getRandomUserAgent(),
+                viewport: { width: 1280, height: 800 },
+            });
+            const page = await context.newPage();
+            await applyStealthScripts(page);
+            if (url) {
+                try {
+                    await page.goto(url, { waitUntil: 'domcontentloaded', timeout: 30_000 });
+                }
+                catch (navErr) {
+                    // Navigation failed — still return the session, caller can retry
+                    const errMsg = navErr instanceof Error ? navErr.message : String(navErr);
+                    await browser.close().catch(() => { });
+                    res.status(502).json({
+                        success: false,
+                        error: {
+                            type: 'navigation_failed',
+                            message: errMsg,
+                            hint: 'Check that the URL is accessible and try again.',
+                            docs: 'https://webpeel.dev/docs/errors#navigation-failed',
+                        },
+                        requestId: req.requestId || randomUUID(),
+                    });
+                    return;
+                }
+            }
+            const id = randomUUID();
+            const now = Date.now();
+            sessions.set(id, {
+                id,
+                browser,
+                context,
+                page,
+                ownerId,
+                createdAt: now,
+                lastUsedAt: now,
+                currentUrl: page.url(),
+            });
+            res.status(201).json({
+                sessionId: id,
+                currentUrl: page.url(),
+                expiresAt: new Date(now + SESSION_TTL_MS).toISOString(),
+            });
+        }
+        catch (err) {
+            if (browser)
+                await browser.close().catch(() => { });
+            const msg = err instanceof Error ? err.message : String(err);
+            res.status(500).json({
+                success: false,
+                error: {
+                    type: 'session_create_failed',
+                    message: msg,
+                    docs: 'https://webpeel.dev/docs/errors#session-create-failed',
+                },
+                requestId: req.requestId || randomUUID(),
+            });
+        }
+    });
+    // ── GET /v1/session/:id — get page content ───────────────────────────────────
+    router.get('/v1/session/:id', async (req, res) => {
+        const ownerId = getOwnerId(req);
+        const session = getSession(req.params['id'], ownerId);
+        if (!session) {
+            res.status(404).json({
+                success: false,
+                error: {
+                    type: 'session_not_found',
+                    message: 'Session not found or has expired.',
+                    hint: 'Create a new session via POST /v1/session.',
+                    docs: 'https://webpeel.dev/docs/errors#session-not-found',
+                },
+                requestId: req.requestId || randomUUID(),
+            });
+            return;
+        }
+        try {
+            const [html, title] = await Promise.all([
+                session.page.content(),
+                session.page.title(),
+            ]);
+            const content = await extractReadableText(html, session.page.url());
+            session.lastUsedAt = Date.now();
+            res.json({
+                sessionId: session.id,
+                currentUrl: session.page.url(),
+                title,
+                content,
+                expiresAt: new Date(session.lastUsedAt + SESSION_TTL_MS).toISOString(),
+            });
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            res.status(500).json({
+                success: false,
+                error: {
+                    type: 'session_error',
+                    message: msg,
+                    docs: 'https://webpeel.dev/docs/errors#session-error',
+                },
+                requestId: req.requestId || randomUUID(),
+            });
+        }
+    });
+    // ── POST /v1/session/:id/navigate ────────────────────────────────────────────
+    router.post('/v1/session/:id/navigate', async (req, res) => {
+        const ownerId = getOwnerId(req);
+        const session = getSession(req.params["id"], ownerId);
+        if (!session) {
+            res.status(404).json({
+                success: false,
+                error: {
+                    type: 'session_not_found',
+                    message: 'Session not found or has expired.',
+                    hint: 'Create a new session via POST /v1/session.',
+                    docs: 'https://webpeel.dev/docs/errors#session-not-found',
+                },
+                requestId: req.requestId || randomUUID(),
+            });
+            return;
+        }
+        const { url } = req.body;
+        if (!url) {
+            res.status(400).json({
+                success: false,
+                error: {
+                    type: 'bad_request',
+                    message: '`url` is required.',
+                    hint: 'Pass a URL in the request body: { "url": "https://example.com" }',
+                    docs: 'https://webpeel.dev/docs/errors#bad-request',
+                },
+                requestId: req.requestId || randomUUID(),
+            });
+            return;
+        }
+        try {
+            await session.page.goto(url, { waitUntil: 'domcontentloaded', timeout: 30_000 });
+            session.lastUsedAt = Date.now();
+            session.currentUrl = session.page.url();
+            res.json({
+                currentUrl: session.page.url(),
+                title: await session.page.title(),
+                expiresAt: new Date(session.lastUsedAt + SESSION_TTL_MS).toISOString(),
+            });
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            res.status(502).json({
+                success: false,
+                error: {
+                    type: 'navigation_failed',
+                    message: msg,
+                    hint: 'Check that the URL is accessible and try again.',
+                    docs: 'https://webpeel.dev/docs/errors#navigation-failed',
+                },
+                requestId: req.requestId || randomUUID(),
+            });
+        }
+    });
+    // ── POST /v1/session/:id/act — execute actions ───────────────────────────────
+    router.post('/v1/session/:id/act', async (req, res) => {
+        const ownerId = getOwnerId(req);
+        const session = getSession(req.params["id"], ownerId);
+        if (!session) {
+            res.status(404).json({
+                success: false,
+                error: {
+                    type: 'session_not_found',
+                    message: 'Session not found or has expired.',
+                    hint: 'Create a new session via POST /v1/session.',
+                    docs: 'https://webpeel.dev/docs/errors#session-not-found',
+                },
+                requestId: req.requestId || randomUUID(),
+            });
+            return;
+        }
+        const { actions, screenshot: takeScreenshot } = req.body;
+        let normalized;
+        try {
+            normalized = normalizeActions(actions);
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            res.status(400).json({
+                success: false,
+                error: {
+                    type: 'invalid_actions',
+                    message: msg,
+                    hint: 'Pass a valid actions array: [{ "type": "click", "selector": "#btn" }]',
+                    docs: 'https://webpeel.dev/docs/errors#invalid-actions',
+                },
+                requestId: req.requestId || randomUUID(),
+            });
+            return;
+        }
+        if (!normalized?.length) {
+            res.status(400).json({
+                success: false,
+                error: {
+                    type: 'bad_request',
+                    message: '`actions` must be a non-empty array.',
+                    hint: 'Pass a valid actions array: [{ "type": "click", "selector": "#btn" }]',
+                    docs: 'https://webpeel.dev/docs/errors#bad-request',
+                },
+                requestId: req.requestId || randomUUID(),
+            });
+            return;
+        }
+        const normalizedActions = normalized;
+        try {
+            await executeActions(session.page, normalizedActions);
+            session.lastUsedAt = Date.now();
+            session.currentUrl = session.page.url();
+            let screenshot;
+            if (takeScreenshot) {
+                const buf = await session.page.screenshot({ type: 'png' });
+                screenshot = buf.toString('base64');
+            }
+            const [title, currentUrl] = await Promise.all([
+                session.page.title(),
+                Promise.resolve(session.page.url()),
+            ]);
+            res.json({
+                currentUrl,
+                title,
+                screenshot,
+                actionsExecuted: normalizedActions.length,
+                expiresAt: new Date(session.lastUsedAt + SESSION_TTL_MS).toISOString(),
+            });
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            res.status(502).json({
+                success: false,
+                error: {
+                    type: 'action_failed',
+                    message: msg,
+                    hint: 'Check your action selectors and ensure the page is loaded.',
+                    docs: 'https://webpeel.dev/docs/errors#action-failed',
+                },
+                requestId: req.requestId || randomUUID(),
+            });
+        }
+    });
+    // ── GET /v1/session/:id/screenshot ───────────────────────────────────────────
+    router.get('/v1/session/:id/screenshot', async (req, res) => {
+        const ownerId = getOwnerId(req);
+        const session = getSession(req.params["id"], ownerId);
+        if (!session) {
+            res.status(404).json({
+                success: false,
+                error: {
+                    type: 'session_not_found',
+                    message: 'Session not found or has expired.',
+                    hint: 'Create a new session via POST /v1/session.',
+                    docs: 'https://webpeel.dev/docs/errors#session-not-found',
+                },
+                requestId: req.requestId || randomUUID(),
+            });
+            return;
+        }
+        try {
+            const fullPage = req.query.fullPage === 'true';
+            const buf = await session.page.screenshot({ type: 'png', fullPage });
+            session.lastUsedAt = Date.now();
+            res.setHeader('Content-Type', 'image/png');
+            res.setHeader('Cache-Control', 'no-store');
+            res.send(buf);
+        }
+        catch (err) {
+            const msg = err instanceof Error ? err.message : String(err);
+            res.status(500).json({
+                success: false,
+                error: {
+                    type: 'screenshot_failed',
+                    message: msg,
+                    docs: 'https://webpeel.dev/docs/errors#screenshot-failed',
+                },
+                requestId: req.requestId || randomUUID(),
+            });
+        }
+    });
+    // ── DELETE /v1/session/:id ───────────────────────────────────────────────────
+    router.delete('/v1/session/:id', async (req, res) => {
+        const ownerId = getOwnerId(req);
+        const session = getSession(req.params["id"], ownerId);
+        if (session) {
+            sessions.delete(req.params["id"]);
+            await session.browser.close().catch(() => { });
+        }
+        // Always return 200 (idempotent delete)
+        res.json({ closed: true });
+    });
+    return router;
+}

package/dist/server/routes/stats.d.ts

@@ -0,0 +1,6 @@
+/**
+ * Stats endpoint - provides dashboard statistics
+ */
+import { Router } from 'express';
+import { AuthStore } from '../auth-store.js';
+export declare function createStatsRouter(authStore: AuthStore): Router;

package/dist/server/routes/stats.js

@@ -0,0 +1,71 @@
+/**
+ * Stats endpoint - provides dashboard statistics
+ */
+import { Router } from 'express';
+import { PostgresAuthStore } from '../pg-auth-store.js';
+export function createStatsRouter(authStore) {
+    const router = Router();
+    router.get('/v1/stats', async (req, res) => {
+        try {
+            // Require authentication (API key or JWT session token)
+            const userId = req.auth?.keyInfo?.accountId || req.user?.userId;
+            if (!userId) {
+                res.status(401).json({ success: false, error: { type: 'unauthorized', message: 'Authentication required.', docs: 'https://webpeel.dev/docs/authentication' }, requestId: req.requestId });
+                return;
+            }
+            // Only works with PostgreSQL backend
+            if (!(authStore instanceof PostgresAuthStore)) {
+                res.status(501).json({
+                    success: false,
+                    error: {
+                        type: 'not_implemented',
+                        message: 'Stats endpoint requires PostgreSQL backend',
+                        docs: 'https://webpeel.dev/docs/errors#not_implemented',
+                    },
+                    requestId: req.requestId,
+                });
+                return;
+            }
+            // Access pool via any cast (pool is private but we need direct DB access)
+            const pgStore = authStore;
+            // Get stats from usage_logs table
+            const statsQuery = `
+        SELECT 
+          COUNT(*) as total_requests,
+          AVG(CASE WHEN status_code >= 200 AND status_code < 300 THEN 1.0 ELSE 0.0 END) * 100 as success_rate,
+          AVG(processing_time_ms) as avg_response_time
+        FROM usage_logs
+        WHERE user_id = $1
+      `;
+            const result = await pgStore.pool.query(statsQuery, [userId]);
+            if (result.rows.length === 0) {
+                // No data yet - return defaults
+                res.json({
+                    totalRequests: 0,
+                    successRate: 100,
+                    avgResponseTime: 0,
+                });
+                return;
+            }
+            const row = result.rows[0];
+            res.json({
+                totalRequests: parseInt(row.total_requests) || 0,
+                successRate: parseFloat(row.success_rate) || 100,
+                avgResponseTime: Math.round(parseFloat(row.avg_response_time)) || 0,
+            });
+        }
+        catch (error) {
+            console.error('Stats error:', error);
+            res.status(500).json({
+                success: false,
+                error: {
+                    type: 'internal_error',
+                    message: 'Failed to retrieve stats',
+                    docs: 'https://webpeel.dev/docs/errors#internal_error',
+                },
+                requestId: req.requestId,
+            });
+        }
+    });
+    return router;
+}

package/dist/server/routes/stripe.d.ts

@@ -0,0 +1,15 @@
+/**
+ * Stripe webhook handler for subscription management
+ */
+import { Router } from 'express';
+import pg from 'pg';
+/**
+ * Create Stripe Billing Portal router
+ * POST /v1/billing/portal — create a Stripe Customer Portal session
+ * Requires global auth middleware to already have run (req.user or req.auth set).
+ */
+export declare function createBillingPortalRouter(pool: pg.Pool | null): Router;
+/**
+ * Create Stripe webhook router
+ */
+export declare function createStripeRouter(): Router;