webpeel 0.20.2 → 0.20.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (86) hide show
  1. package/dist/server/app.d.ts +14 -0
  2. package/dist/server/app.js +384 -0
  3. package/dist/server/auth-store.d.ts +27 -0
  4. package/dist/server/auth-store.js +88 -0
  5. package/dist/server/email-service.d.ts +21 -0
  6. package/dist/server/email-service.js +79 -0
  7. package/dist/server/job-queue.d.ts +100 -0
  8. package/dist/server/job-queue.js +145 -0
  9. package/dist/server/logger.d.ts +10 -0
  10. package/dist/server/logger.js +37 -0
  11. package/dist/server/middleware/auth.d.ts +28 -0
  12. package/dist/server/middleware/auth.js +221 -0
  13. package/dist/server/middleware/rate-limit.d.ts +24 -0
  14. package/dist/server/middleware/rate-limit.js +167 -0
  15. package/dist/server/middleware/url-validator.d.ts +15 -0
  16. package/dist/server/middleware/url-validator.js +186 -0
  17. package/dist/server/openapi.yaml +6418 -0
  18. package/dist/server/pg-auth-store.d.ts +132 -0
  19. package/dist/server/pg-auth-store.js +472 -0
  20. package/dist/server/pg-job-queue.d.ts +59 -0
  21. package/dist/server/pg-job-queue.js +375 -0
  22. package/dist/server/premium/domain-intel.d.ts +16 -0
  23. package/dist/server/premium/domain-intel.js +133 -0
  24. package/dist/server/premium/index.d.ts +17 -0
  25. package/dist/server/premium/index.js +35 -0
  26. package/dist/server/premium/swr-cache.d.ts +14 -0
  27. package/dist/server/premium/swr-cache.js +34 -0
  28. package/dist/server/routes/activity.d.ts +6 -0
  29. package/dist/server/routes/activity.js +74 -0
  30. package/dist/server/routes/answer.d.ts +5 -0
  31. package/dist/server/routes/answer.js +125 -0
  32. package/dist/server/routes/ask.d.ts +28 -0
  33. package/dist/server/routes/ask.js +229 -0
  34. package/dist/server/routes/batch.d.ts +6 -0
  35. package/dist/server/routes/batch.js +493 -0
  36. package/dist/server/routes/cli-usage.d.ts +6 -0
  37. package/dist/server/routes/cli-usage.js +127 -0
  38. package/dist/server/routes/compat.d.ts +23 -0
  39. package/dist/server/routes/compat.js +652 -0
  40. package/dist/server/routes/deep-fetch.d.ts +8 -0
  41. package/dist/server/routes/deep-fetch.js +57 -0
  42. package/dist/server/routes/demo.d.ts +24 -0
  43. package/dist/server/routes/demo.js +517 -0
  44. package/dist/server/routes/do.d.ts +8 -0
  45. package/dist/server/routes/do.js +72 -0
  46. package/dist/server/routes/extract.d.ts +8 -0
  47. package/dist/server/routes/extract.js +235 -0
  48. package/dist/server/routes/fetch.d.ts +7 -0
  49. package/dist/server/routes/fetch.js +999 -0
  50. package/dist/server/routes/health.d.ts +7 -0
  51. package/dist/server/routes/health.js +19 -0
  52. package/dist/server/routes/jobs.d.ts +7 -0
  53. package/dist/server/routes/jobs.js +573 -0
  54. package/dist/server/routes/mcp.d.ts +14 -0
  55. package/dist/server/routes/mcp.js +141 -0
  56. package/dist/server/routes/oauth.d.ts +9 -0
  57. package/dist/server/routes/oauth.js +396 -0
  58. package/dist/server/routes/playground.d.ts +17 -0
  59. package/dist/server/routes/playground.js +283 -0
  60. package/dist/server/routes/screenshot.d.ts +22 -0
  61. package/dist/server/routes/screenshot.js +816 -0
  62. package/dist/server/routes/search.d.ts +6 -0
  63. package/dist/server/routes/search.js +303 -0
  64. package/dist/server/routes/session.d.ts +15 -0
  65. package/dist/server/routes/session.js +397 -0
  66. package/dist/server/routes/stats.d.ts +6 -0
  67. package/dist/server/routes/stats.js +71 -0
  68. package/dist/server/routes/stripe.d.ts +15 -0
  69. package/dist/server/routes/stripe.js +294 -0
  70. package/dist/server/routes/users.d.ts +8 -0
  71. package/dist/server/routes/users.js +1671 -0
  72. package/dist/server/routes/watch.d.ts +15 -0
  73. package/dist/server/routes/watch.js +309 -0
  74. package/dist/server/routes/webhooks.d.ts +26 -0
  75. package/dist/server/routes/webhooks.js +170 -0
  76. package/dist/server/routes/youtube.d.ts +6 -0
  77. package/dist/server/routes/youtube.js +130 -0
  78. package/dist/server/sentry.d.ts +13 -0
  79. package/dist/server/sentry.js +38 -0
  80. package/dist/server/types.d.ts +15 -0
  81. package/dist/server/types.js +7 -0
  82. package/dist/server/utils/response.d.ts +44 -0
  83. package/dist/server/utils/response.js +69 -0
  84. package/dist/server/utils/sse.d.ts +22 -0
  85. package/dist/server/utils/sse.js +38 -0
  86. package/package.json +2 -1
package/dist/server/pg-auth-store.d.ts ADDED
@@ -0,0 +1,132 @@
1
+ /**
2
+ * PostgreSQL-backed auth store for production deployments
3
+ * Uses SHA-256 hashing for API keys and tracks WEEKLY usage with burst limits
4
+ */
5
+ import { AuthStore, ApiKeyInfo } from './auth-store.js';
6
+ export interface WeeklyUsageInfo {
7
+ week: string;
8
+ basicCount: number;
9
+ stealthCount: number;
10
+ captchaCount: number;
11
+ searchCount: number;
12
+ totalUsed: number;
13
+ weeklyLimit: number;
14
+ rolloverCredits: number;
15
+ totalAvailable: number;
16
+ remaining: number;
17
+ percentUsed: number;
18
+ resetsAt: string;
19
+ }
20
+ export interface BurstInfo {
21
+ hourBucket: string;
22
+ count: number;
23
+ limit: number;
24
+ remaining: number;
25
+ resetsIn: string;
26
+ }
27
+ export interface ExtraUsageInfo {
28
+ enabled: boolean;
29
+ balance: number;
30
+ spent: number;
31
+ spendingLimit: number;
32
+ autoReload: boolean;
33
+ percentUsed: number;
34
+ resetsAt: string;
35
+ }
36
+ /**
37
+ * PostgreSQL auth store for production
38
+ */
39
+ export declare class PostgresAuthStore implements AuthStore {
40
+ private pool;
41
+ constructor(connectionString?: string);
42
+ /**
43
+ * Hash API key with SHA-256
44
+ * SECURITY: Never store raw API keys
45
+ */
46
+ private hashKey;
47
+ /**
48
+ * Get current ISO week in YYYY-WXX format (e.g., "2026-W07")
49
+ */
50
+ private getCurrentWeek;
51
+ /**
52
+ * Get previous ISO week in YYYY-WXX format
53
+ */
54
+ private getPreviousWeek;
55
+ /**
56
+ * Get next Monday 00:00 UTC (week reset time)
57
+ */
58
+ private getWeekResetTime;
59
+ /**
60
+ * Get current hour bucket in YYYY-MM-DDTHH format (UTC)
61
+ */
62
+ private getCurrentHour;
63
+ /**
64
+ * Get human-readable time until next hour
65
+ */
66
+ private getTimeUntilNextHour;
67
+ /**
68
+ * Validate API key and return user info
69
+ * SECURITY: Uses SHA-256 hash comparison, updates last_used_at
70
+ */
71
+ validateKey(key: string): Promise<ApiKeyInfo | null>;
72
+ /**
73
+ * Check if a key exists but is expired (used to return specific 401 error)
74
+ */
75
+ isKeyExpired(key: string): Promise<boolean>;
76
+ /**
77
+ * Track weekly usage for an API key
78
+ * SECURITY: Uses UPSERT to prevent race conditions
79
+ */
80
+ trackUsage(key: string, fetchType: 'basic' | 'stealth' | 'captcha' | 'search'): Promise<void>;
81
+ /**
82
+ * Track burst usage (hourly limit)
83
+ */
84
+ trackBurstUsage(key: string): Promise<void>;
85
+ /**
86
+ * Check burst limit (hourly)
87
+ */
88
+ checkBurstLimit(key: string): Promise<{
89
+ allowed: boolean;
90
+ burst: BurstInfo;
91
+ }>;
92
+ /**
93
+ * Get weekly usage info for an API key with rollover calculation
94
+ */
95
+ getUsage(key: string): Promise<WeeklyUsageInfo | null>;
96
+ /**
97
+ * Check if API key has exceeded weekly limit
98
+ */
99
+ checkLimit(key: string): Promise<{
100
+ allowed: boolean;
101
+ usage?: WeeklyUsageInfo;
102
+ }>;
103
+ /**
104
+ * Get extra usage info for a user
105
+ */
106
+ getExtraUsageInfo(key: string): Promise<ExtraUsageInfo | null>;
107
+ /**
108
+ * Check if extra usage can be used
109
+ */
110
+ canUseExtraUsage(key: string): Promise<boolean>;
111
+ /**
112
+ * Track extra usage and deduct from balance
113
+ */
114
+ trackExtraUsage(key: string, fetchType: 'basic' | 'stealth' | 'captcha' | 'search', url?: string, processingTimeMs?: number, statusCode?: number): Promise<{
115
+ success: boolean;
116
+ cost: number;
117
+ newBalance: number;
118
+ }>;
119
+ /**
120
+ * Generate a cryptographically secure API key
121
+ * Format: wp_live_ + 32 random hex chars (total 40 chars)
122
+ */
123
+ static generateApiKey(): string;
124
+ /**
125
+ * Get key prefix (first 12 characters for display)
126
+ */
127
+ static getKeyPrefix(key: string): string;
128
+ /**
129
+ * Close the database pool
130
+ */
131
+ close(): Promise<void>;
132
+ }
package/dist/server/pg-auth-store.js ADDED
@@ -0,0 +1,472 @@
1
+ /**
2
+ * PostgreSQL-backed auth store for production deployments
3
+ * Uses SHA-256 hashing for API keys and tracks WEEKLY usage with burst limits
4
+ */
5
+ import pg from 'pg';
6
+ import crypto from 'crypto';
7
+ const { Pool } = pg;
8
+ // Extra usage cost constants
9
+ const EXTRA_USAGE_RATES = {
10
+ basic: 0.002, // $0.002 per basic fetch
11
+ stealth: 0.01, // $0.01 per stealth fetch
12
+ captcha: 0.02, // $0.02 per CAPTCHA solve
13
+ search: 0.001, // $0.001 per search
14
+ };
15
+ /**
16
+ * PostgreSQL auth store for production
17
+ */
18
+ export class PostgresAuthStore {
19
+ pool;
20
+ constructor(connectionString) {
21
+ const dbUrl = connectionString || process.env.DATABASE_URL;
22
+ if (!dbUrl) {
23
+ throw new Error('DATABASE_URL environment variable is required for PostgresAuthStore');
24
+ }
25
+ this.pool = new Pool({
26
+ connectionString: dbUrl,
27
+ // TLS: enabled when DATABASE_URL contains sslmode=require.
28
+ // Secure by default (rejectUnauthorized: true); set PG_REJECT_UNAUTHORIZED=false
29
+ // only for managed DBs (Render/Neon/Supabase) that use self-signed certs.
30
+ ssl: process.env.DATABASE_URL?.includes('sslmode=require')
31
+ ? { rejectUnauthorized: process.env.PG_REJECT_UNAUTHORIZED !== 'false' }
32
+ : undefined,
33
+ max: 20,
34
+ idleTimeoutMillis: 30000,
35
+ connectionTimeoutMillis: 10000,
36
+ });
37
+ }
38
+ /**
39
+ * Hash API key with SHA-256
40
+ * SECURITY: Never store raw API keys
41
+ */
42
+ hashKey(key) {
43
+ return crypto.createHash('sha256').update(key).digest('hex');
44
+ }
45
+ /**
46
+ * Get current ISO week in YYYY-WXX format (e.g., "2026-W07")
47
+ */
48
+ getCurrentWeek() {
49
+ const now = new Date();
50
+ const year = now.getUTCFullYear();
51
+ const jan4 = new Date(Date.UTC(year, 0, 4));
52
+ const weekNum = Math.ceil(((now.getTime() - jan4.getTime()) / 86400000 + jan4.getUTCDay() + 1) / 7);
53
+ return `${year}-W${String(weekNum).padStart(2, '0')}`;
54
+ }
55
+ /**
56
+ * Get previous ISO week in YYYY-WXX format
57
+ */
58
+ getPreviousWeek() {
59
+ const now = new Date();
60
+ const lastWeek = new Date(now.getTime() - 7 * 24 * 60 * 60 * 1000);
61
+ const year = lastWeek.getUTCFullYear();
62
+ const jan4 = new Date(Date.UTC(year, 0, 4));
63
+ const weekNum = Math.ceil(((lastWeek.getTime() - jan4.getTime()) / 86400000 + jan4.getUTCDay() + 1) / 7);
64
+ return `${year}-W${String(weekNum).padStart(2, '0')}`;
65
+ }
66
+ /**
67
+ * Get next Monday 00:00 UTC (week reset time)
68
+ */
69
+ getWeekResetTime() {
70
+ const now = new Date();
71
+ const dayOfWeek = now.getUTCDay();
72
+ const daysUntilMonday = dayOfWeek === 0 ? 1 : 8 - dayOfWeek;
73
+ const nextMonday = new Date(now);
74
+ nextMonday.setUTCDate(now.getUTCDate() + daysUntilMonday);
75
+ nextMonday.setUTCHours(0, 0, 0, 0);
76
+ return nextMonday;
77
+ }
78
+ /**
79
+ * Get current hour bucket in YYYY-MM-DDTHH format (UTC)
80
+ */
81
+ getCurrentHour() {
82
+ const now = new Date();
83
+ return now.toISOString().substring(0, 13); // "2026-02-12T20"
84
+ }
85
+ /**
86
+ * Get human-readable time until next hour
87
+ */
88
+ getTimeUntilNextHour() {
89
+ const now = new Date();
90
+ const minutesRemaining = 59 - now.getUTCMinutes();
91
+ if (minutesRemaining === 0) {
92
+ return '< 1 min';
93
+ }
94
+ return `${minutesRemaining} min`;
95
+ }
96
+ /**
97
+ * Validate API key and return user info
98
+ * SECURITY: Uses SHA-256 hash comparison, updates last_used_at
99
+ */
100
+ async validateKey(key) {
101
+ if (!key || typeof key !== 'string') {
102
+ return null;
103
+ }
104
+ const keyHash = this.hashKey(key);
105
+ try {
106
+ const result = await this.pool.query(`SELECT
107
+ ak.id,
108
+ ak.user_id,
109
+ ak.key_prefix,
110
+ ak.name,
111
+ u.tier,
112
+ u.rate_limit,
113
+ u.weekly_limit,
114
+ u.burst_limit,
115
+ u.email
116
+ FROM api_keys ak
117
+ JOIN users u ON ak.user_id = u.id
118
+ WHERE ak.key_hash = $1 AND ak.is_active = true
119
+ AND (ak.expires_at IS NULL OR ak.expires_at > NOW())`, [keyHash]);
120
+ if (result.rows.length === 0) {
121
+ return null;
122
+ }
123
+ const row = result.rows[0];
124
+ // Update last_used_at (fire and forget, don't wait)
125
+ this.pool.query('UPDATE api_keys SET last_used_at = now() WHERE id = $1', [row.id]).catch(err => console.error('Failed to update last_used_at:', err));
126
+ return {
127
+ key,
128
+ tier: row.tier,
129
+ rateLimit: row.rate_limit,
130
+ accountId: row.user_id,
131
+ createdAt: new Date(),
132
+ };
133
+ }
134
+ catch (error) {
135
+ console.error('Failed to validate API key:', error);
136
+ return null;
137
+ }
138
+ }
139
+ /**
140
+ * Check if a key exists but is expired (used to return specific 401 error)
141
+ */
142
+ async isKeyExpired(key) {
143
+ if (!key || typeof key !== 'string')
144
+ return false;
145
+ const keyHash = this.hashKey(key);
146
+ try {
147
+ const result = await this.pool.query(`SELECT 1 FROM api_keys WHERE key_hash = $1 AND is_active = true AND expires_at IS NOT NULL AND expires_at <= NOW()`, [keyHash]);
148
+ return result.rows.length > 0;
149
+ }
150
+ catch {
151
+ return false;
152
+ }
153
+ }
154
+ /**
155
+ * Track weekly usage for an API key
156
+ * SECURITY: Uses UPSERT to prevent race conditions
157
+ */
158
+ async trackUsage(key, fetchType) {
159
+ const keyHash = this.hashKey(key);
160
+ const week = this.getCurrentWeek();
161
+ try {
162
+ // Get API key ID and user ID
163
+ const keyResult = await this.pool.query('SELECT id, user_id FROM api_keys WHERE key_hash = $1', [keyHash]);
164
+ if (keyResult.rows.length === 0) {
165
+ return;
166
+ }
167
+ const { id: apiKeyId, user_id: userId } = keyResult.rows[0];
168
+ // Determine which counter to increment
169
+ const columnMap = {
170
+ basic: 'basic_count',
171
+ stealth: 'stealth_count',
172
+ captcha: 'captcha_count',
173
+ search: 'search_count',
174
+ };
175
+ const column = columnMap[fetchType];
176
+ // UPSERT usage record (total_count is GENERATED, don't touch it)
177
+ await this.pool.query(`INSERT INTO weekly_usage (user_id, api_key_id, week, ${column})
178
+ VALUES ($1, $2, $3, 1)
179
+ ON CONFLICT (api_key_id, week)
180
+ DO UPDATE SET
181
+ ${column} = weekly_usage.${column} + 1,
182
+ updated_at = now()`, [userId, apiKeyId, week]);
183
+ }
184
+ catch (error) {
185
+ console.error('Failed to track usage:', error);
186
+ throw error;
187
+ }
188
+ }
189
+ /**
190
+ * Track burst usage (hourly limit)
191
+ */
192
+ async trackBurstUsage(key) {
193
+ const keyHash = this.hashKey(key);
194
+ const hourBucket = this.getCurrentHour();
195
+ try {
196
+ const keyResult = await this.pool.query('SELECT id FROM api_keys WHERE key_hash = $1', [keyHash]);
197
+ if (keyResult.rows.length === 0) {
198
+ return;
199
+ }
200
+ const apiKeyId = keyResult.rows[0].id;
201
+ // UPSERT burst usage
202
+ await this.pool.query(`INSERT INTO burst_usage (api_key_id, hour_bucket, count)
203
+ VALUES ($1, $2, 1)
204
+ ON CONFLICT (api_key_id, hour_bucket)
205
+ DO UPDATE SET
206
+ count = burst_usage.count + 1,
207
+ updated_at = now()`, [apiKeyId, hourBucket]);
208
+ }
209
+ catch (error) {
210
+ console.error('Failed to track burst usage:', error);
211
+ throw error;
212
+ }
213
+ }
214
+ /**
215
+ * Check burst limit (hourly)
216
+ */
217
+ async checkBurstLimit(key) {
218
+ const keyHash = this.hashKey(key);
219
+ const hourBucket = this.getCurrentHour();
220
+ try {
221
+ const result = await this.pool.query(`SELECT
222
+ u.burst_limit,
223
+ COALESCE(bu.count, 0) as count
224
+ FROM api_keys ak
225
+ JOIN users u ON ak.user_id = u.id
226
+ LEFT JOIN burst_usage bu ON bu.api_key_id = ak.id AND bu.hour_bucket = $2
227
+ WHERE ak.key_hash = $1`, [keyHash, hourBucket]);
228
+ if (result.rows.length === 0) {
229
+ return {
230
+ allowed: false,
231
+ burst: {
232
+ hourBucket,
233
+ count: 0,
234
+ limit: 0,
235
+ remaining: 0,
236
+ resetsIn: this.getTimeUntilNextHour(),
237
+ },
238
+ };
239
+ }
240
+ const row = result.rows[0];
241
+ const allowed = row.count < row.burst_limit;
242
+ return {
243
+ allowed,
244
+ burst: {
245
+ hourBucket,
246
+ count: row.count,
247
+ limit: row.burst_limit,
248
+ remaining: Math.max(0, row.burst_limit - row.count),
249
+ resetsIn: this.getTimeUntilNextHour(),
250
+ },
251
+ };
252
+ }
253
+ catch (error) {
254
+ console.error('Failed to check burst limit:', error);
255
+ return {
256
+ allowed: false,
257
+ burst: {
258
+ hourBucket,
259
+ count: 0,
260
+ limit: 0,
261
+ remaining: 0,
262
+ resetsIn: this.getTimeUntilNextHour(),
263
+ },
264
+ };
265
+ }
266
+ }
267
+ /**
268
+ * Get weekly usage info for an API key with rollover calculation
269
+ */
270
+ async getUsage(key) {
271
+ const keyHash = this.hashKey(key);
272
+ const currentWeek = this.getCurrentWeek();
273
+ const previousWeek = this.getPreviousWeek();
274
+ try {
275
+ const result = await this.pool.query(`SELECT
276
+ u.weekly_limit,
277
+ COALESCE(curr.basic_count, 0) as basic_count,
278
+ COALESCE(curr.stealth_count, 0) as stealth_count,
279
+ COALESCE(curr.captcha_count, 0) as captcha_count,
280
+ COALESCE(curr.search_count, 0) as search_count,
281
+ COALESCE(curr.total_count, 0) as current_used,
282
+ COALESCE(prev.total_count, 0) as prev_used,
283
+ COALESCE(curr.rollover_credits, 0) as rollover_credits
284
+ FROM api_keys ak
285
+ JOIN users u ON ak.user_id = u.id
286
+ LEFT JOIN weekly_usage curr ON curr.api_key_id = ak.id AND curr.week = $2
287
+ LEFT JOIN weekly_usage prev ON prev.api_key_id = ak.id AND prev.week = $3
288
+ WHERE ak.key_hash = $1`, [keyHash, currentWeek, previousWeek]);
289
+ if (result.rows.length === 0) {
290
+ return null;
291
+ }
292
+ const row = result.rows[0];
293
+ const weeklyLimit = row.weekly_limit;
294
+ const currentUsed = row.current_used;
295
+ const prevUsed = row.prev_used;
296
+ const rolloverCredits = row.rollover_credits;
297
+ // Calculate rollover: MIN(unused_last_week, weekly_limit)
298
+ const prevUnused = Math.max(0, weeklyLimit - prevUsed);
299
+ const calculatedRollover = Math.min(prevUnused, weeklyLimit);
300
+ // Update rollover if it's the first access this week
301
+ if (rolloverCredits === 0 && calculatedRollover > 0) {
302
+ await this.pool.query(`INSERT INTO weekly_usage (user_id, api_key_id, week, rollover_credits, updated_at)
303
+ SELECT user_id, id, $2, $3, now()
304
+ FROM api_keys WHERE key_hash = $1
305
+ ON CONFLICT (api_key_id, week)
306
+ DO UPDATE SET rollover_credits = $3`, [keyHash, currentWeek, calculatedRollover]);
307
+ }
308
+ const effectiveRollover = rolloverCredits > 0 ? rolloverCredits : calculatedRollover;
309
+ const totalAvailable = weeklyLimit + effectiveRollover;
310
+ const remaining = Math.max(0, totalAvailable - currentUsed);
311
+ const percentUsed = totalAvailable > 0 ? Math.round((currentUsed / totalAvailable) * 100) : 0;
312
+ return {
313
+ week: currentWeek,
314
+ basicCount: row.basic_count,
315
+ stealthCount: row.stealth_count,
316
+ captchaCount: row.captcha_count,
317
+ searchCount: row.search_count,
318
+ totalUsed: currentUsed,
319
+ weeklyLimit,
320
+ rolloverCredits: effectiveRollover,
321
+ totalAvailable,
322
+ remaining,
323
+ percentUsed,
324
+ resetsAt: this.getWeekResetTime().toISOString(),
325
+ };
326
+ }
327
+ catch (error) {
328
+ console.error('Failed to get usage:', error);
329
+ return null;
330
+ }
331
+ }
332
+ /**
333
+ * Check if API key has exceeded weekly limit
334
+ */
335
+ async checkLimit(key) {
336
+ const usage = await this.getUsage(key);
337
+ if (!usage) {
338
+ return { allowed: false };
339
+ }
340
+ const allowed = usage.remaining > 0;
341
+ return { allowed, usage };
342
+ }
343
+ /**
344
+ * Get extra usage info for a user
345
+ */
346
+ async getExtraUsageInfo(key) {
347
+ const keyHash = this.hashKey(key);
348
+ try {
349
+ const result = await this.pool.query(`SELECT
350
+ u.extra_usage_enabled,
351
+ u.extra_usage_balance,
352
+ u.extra_usage_spent,
353
+ u.extra_usage_spending_limit,
354
+ u.auto_reload_enabled,
355
+ u.extra_usage_period_start
356
+ FROM api_keys ak
357
+ JOIN users u ON ak.user_id = u.id
358
+ WHERE ak.key_hash = $1`, [keyHash]);
359
+ if (result.rows.length === 0) {
360
+ return null;
361
+ }
362
+ const row = result.rows[0];
363
+ // Calculate next month reset (1st of next month, 00:00 UTC)
364
+ const now = new Date();
365
+ const nextMonth = new Date(Date.UTC(now.getUTCFullYear(), now.getUTCMonth() + 1, 1, 0, 0, 0, 0));
366
+ const percentUsed = row.extra_usage_spending_limit > 0
367
+ ? Math.round((parseFloat(row.extra_usage_spent) / parseFloat(row.extra_usage_spending_limit)) * 100)
368
+ : 0;
369
+ return {
370
+ enabled: row.extra_usage_enabled,
371
+ balance: parseFloat(row.extra_usage_balance),
372
+ spent: parseFloat(row.extra_usage_spent),
373
+ spendingLimit: parseFloat(row.extra_usage_spending_limit),
374
+ autoReload: row.auto_reload_enabled,
375
+ percentUsed,
376
+ resetsAt: nextMonth.toISOString(),
377
+ };
378
+ }
379
+ catch (error) {
380
+ console.error('Failed to get extra usage info:', error);
381
+ return null;
382
+ }
383
+ }
384
+ /**
385
+ * Check if extra usage can be used
386
+ */
387
+ async canUseExtraUsage(key) {
388
+ const info = await this.getExtraUsageInfo(key);
389
+ if (!info || !info.enabled) {
390
+ return false;
391
+ }
392
+ // Check if under spending limit and has balance
393
+ return info.balance > 0 && info.spent < info.spendingLimit;
394
+ }
395
+ /**
396
+ * Track extra usage and deduct from balance
397
+ */
398
+ async trackExtraUsage(key, fetchType, url, processingTimeMs, statusCode) {
399
+ const keyHash = this.hashKey(key);
400
+ const cost = EXTRA_USAGE_RATES[fetchType];
401
+ try {
402
+ // Get API key and user info
403
+ const keyResult = await this.pool.query(`SELECT
404
+ ak.id as api_key_id,
405
+ ak.user_id,
406
+ u.extra_usage_balance,
407
+ u.extra_usage_spent
408
+ FROM api_keys ak
409
+ JOIN users u ON ak.user_id = u.id
410
+ WHERE ak.key_hash = $1`, [keyHash]);
411
+ if (keyResult.rows.length === 0) {
412
+ return { success: false, cost: 0, newBalance: 0 };
413
+ }
414
+ const { api_key_id, user_id, extra_usage_balance } = keyResult.rows[0];
415
+ const currentBalance = parseFloat(extra_usage_balance);
416
+ if (currentBalance < cost) {
417
+ return { success: false, cost, newBalance: currentBalance };
418
+ }
419
+ // Start transaction
420
+ const client = await this.pool.connect();
421
+ try {
422
+ await client.query('BEGIN');
423
+ // Deduct from balance and add to spent
424
+ const updateResult = await client.query(`UPDATE users
425
+ SET
426
+ extra_usage_balance = extra_usage_balance - $1,
427
+ extra_usage_spent = extra_usage_spent + $1,
428
+ updated_at = now()
429
+ WHERE id = $2
430
+ RETURNING extra_usage_balance`, [cost, user_id]);
431
+ const newBalance = parseFloat(updateResult.rows[0].extra_usage_balance);
432
+ // Log to extra_usage_logs
433
+ await client.query(`INSERT INTO extra_usage_logs
434
+ (user_id, api_key_id, fetch_type, url, cost, processing_time_ms, status_code)
435
+ VALUES ($1, $2, $3, $4, $5, $6, $7)`, [user_id, api_key_id, fetchType, url, cost, processingTimeMs, statusCode]);
436
+ await client.query('COMMIT');
437
+ return { success: true, cost, newBalance };
438
+ }
439
+ catch (error) {
440
+ await client.query('ROLLBACK');
441
+ throw error;
442
+ }
443
+ finally {
444
+ client.release();
445
+ }
446
+ }
447
+ catch (error) {
448
+ console.error('Failed to track extra usage:', error);
449
+ return { success: false, cost, newBalance: 0 };
450
+ }
451
+ }
452
+ /**
453
+ * Generate a cryptographically secure API key
454
+ * Format: wp_live_ + 32 random hex chars (total 40 chars)
455
+ */
456
+ static generateApiKey() {
457
+ const randomBytes = crypto.randomBytes(16).toString('hex');
458
+ return `wp_live_${randomBytes}`;
459
+ }
460
+ /**
461
+ * Get key prefix (first 12 characters for display)
462
+ */
463
+ static getKeyPrefix(key) {
464
+ return key.substring(0, 12);
465
+ }
466
+ /**
467
+ * Close the database pool
468
+ */
469
+ async close() {
470
+ await this.pool.end();
471
+ }
472
+ }
package/dist/server/pg-job-queue.d.ts ADDED
@@ -0,0 +1,59 @@
1
+ /**
2
+ * PostgreSQL-backed job queue for production deployments
3
+ * Uses same Pool pattern as pg-auth-store.ts
4
+ */
5
+ import type { Job, WebhookConfig } from './job-queue.js';
6
+ export declare class PostgresJobQueue {
7
+ private pool;
8
+ private cleanupInterval;
9
+ constructor(connectionString?: string);
10
+ /**
11
+ * Create jobs table if it doesn't exist
12
+ */
13
+ private initTable;
14
+ /**
15
+ * Create a new job
16
+ */
17
+ createJob(type: Job['type'], webhook?: WebhookConfig, ownerId?: string): Promise<Job>;
18
+ /**
19
+ * Get a job by ID
20
+ */
21
+ getJob(id: string): Promise<Job | null>;
22
+ /**
23
+ * Update a job
24
+ */
25
+ updateJob(id: string, update: Partial<Job>): Promise<void>;
26
+ /**
27
+ * Cancel a job
28
+ */
29
+ cancelJob(id: string): Promise<boolean>;
30
+ /**
31
+ * List jobs with optional filters
32
+ */
33
+ listJobs(options?: {
34
+ type?: string;
35
+ status?: string;
36
+ limit?: number;
37
+ ownerId?: string;
38
+ }): Promise<Job[]>;
39
+ /**
40
+ * Remove expired jobs (called periodically)
41
+ */
42
+ private cleanExpired;
43
+ /**
44
+ * Remove old completed/failed jobs (>7 days)
45
+ */
46
+ private cleanupOldJobs;
47
+ /**
48
+ * Map database row to Job object
49
+ */
50
+ private mapRowToJob;
51
+ /**
52
+ * Clean up interval on shutdown
53
+ */
54
+ destroy(): void;
55
+ /**
56
+ * Close the database pool
57
+ */
58
+ close(): Promise<void>;
59
+ }