wyxrouter 0.4.71

package/src/sse/services/tokenRefresh.js

@@ -0,0 +1,319 @@
+// Re-export from open-sse with local logger
+import * as log from "../utils/logger.js";
+import { updateProviderConnection } from "../../lib/localDb.js";
+import {
+  getProjectIdForConnection,
+  invalidateProjectId,
+  removeConnection,
+} from "open-sse/services/projectId.js";
+import {
+  TOKEN_EXPIRY_BUFFER_MS as BUFFER_MS,
+  refreshAccessToken as _refreshAccessToken,
+  refreshClaudeOAuthToken as _refreshClaudeOAuthToken,
+  refreshGoogleToken as _refreshGoogleToken,
+  refreshQwenToken as _refreshQwenToken,
+  refreshCodexToken as _refreshCodexToken,
+  refreshIflowToken as _refreshIflowToken,
+  refreshGitHubToken as _refreshGitHubToken,
+  refreshCopilotToken as _refreshCopilotToken,
+  getAccessToken as _getAccessToken,
+  refreshTokenByProvider as _refreshTokenByProvider,
+  formatProviderCredentials as _formatProviderCredentials,
+  getAllAccessTokens as _getAllAccessTokens,
+  refreshKiroToken as _refreshKiroToken,
+  getRefreshLeadMs as _getRefreshLeadMs
+} from "open-sse/services/tokenRefresh.js";
+import {
+  refreshProviderCredentials as _refreshProviderCredentials,
+  shouldRefreshCredentials as _shouldRefreshCredentials,
+} from "open-sse/services/oauthCredentialManager.js";
+
+export const TOKEN_EXPIRY_BUFFER_MS = BUFFER_MS;
+
+// ─── Re-exports wrapped with local logger ─────────────────────────────────────
+
+export const refreshAccessToken = (provider, refreshToken, credentials) =>
+  _refreshAccessToken(provider, refreshToken, credentials, log);
+
+export const refreshClaudeOAuthToken = (refreshToken) =>
+  _refreshClaudeOAuthToken(refreshToken, log);
+
+export const refreshGoogleToken = (refreshToken, clientId, clientSecret) =>
+  _refreshGoogleToken(refreshToken, clientId, clientSecret, log);
+
+export const refreshQwenToken = (refreshToken) =>
+  _refreshQwenToken(refreshToken, log);
+
+export const refreshCodexToken = (refreshToken) =>
+  _refreshCodexToken(refreshToken, log);
+
+export const refreshIflowToken = (refreshToken) =>
+  _refreshIflowToken(refreshToken, log);
+
+export const refreshGitHubToken = (refreshToken) =>
+  _refreshGitHubToken(refreshToken, log);
+
+export const refreshCopilotToken = (githubAccessToken) =>
+  _refreshCopilotToken(githubAccessToken, log);
+
+export const refreshKiroToken = (refreshToken, providerSpecificData) =>
+  _refreshKiroToken(refreshToken, providerSpecificData, log);
+
+export const getAccessToken = (provider, credentials) =>
+  _getAccessToken(provider, credentials, log);
+
+export const refreshTokenByProvider = (provider, credentials) =>
+  _refreshTokenByProvider(provider, credentials, log);
+
+export const formatProviderCredentials = (provider, credentials) =>
+  _formatProviderCredentials(provider, credentials, log);
+
+export const getAllAccessTokens = (userInfo) =>
+  _getAllAccessTokens(userInfo, log);
+
+export const shouldRefreshCredentials = (provider, credentials) =>
+  _shouldRefreshCredentials(provider, credentials);
+
+// ─── Lifecycle hook ───────────────────────────────────────────────────────────
+
+/**
+ * Call this when a connection is fully closed / removed.
+ * Aborts any in-flight projectId fetch and evicts its cache entry,
+ * preventing the module-level Maps from accumulating stale entries.
+ *
+ * @param {string} connectionId
+ */
+export function releaseConnection(connectionId) {
+  if (!connectionId) return;
+  removeConnection(connectionId);
+  log.debug("TOKEN_REFRESH", "Released connection resources", { connectionId });
+}
+
+// ─── Internal helpers ─────────────────────────────────────────────────────────
+
+/**
+ * Compute an ISO expiry timestamp from a relative expiresIn (seconds).
+ * @param {number} expiresIn
+ * @returns {string}
+ */
+function toExpiresAt(expiresIn) {
+  return new Date(Date.now() + expiresIn * 1000).toISOString();
+}
+
+function normalizeExpiresAt(expiresAt) {
+  if (!expiresAt) return null;
+  const date = new Date(expiresAt);
+  if (!Number.isFinite(date.getTime())) return null;
+  return date.toISOString();
+}
+
+/**
+ * Providers that carry a real Google project ID.
+ * @param {string} provider
+ * @returns {boolean}
+ */
+function needsProjectId(provider) {
+  return provider === "antigravity" || provider === "gemini-cli";
+}
+
+/**
+ * Non-blocking: fetch the project ID for a connection after a token refresh and
+ * persist it to localDb.  Invalidates the stale cached value first so the fetch
+ * always retrieves a fresh one.
+ *
+ * @param {string} provider
+ * @param {string} connectionId
+ * @param {string} accessToken
+ */
+function _refreshProjectId(provider, connectionId, accessToken) {
+  if (!needsProjectId(provider) || !connectionId || !accessToken) return;
+
+  // Evict the stale cached entry so getProjectIdForConnection does a real fetch
+  invalidateProjectId(connectionId);
+
+  getProjectIdForConnection(connectionId, accessToken)
+    .then((projectId) => {
+      if (!projectId) return;
+      updateProviderCredentials(connectionId, { projectId }).catch((err) => {
+        log.debug("TOKEN_REFRESH", "Failed to persist refreshed projectId", {
+          connectionId,
+          error: err?.message ?? err,
+        });
+      });
+    })
+    .catch((err) => {
+      log.debug("TOKEN_REFRESH", "Failed to fetch projectId after token refresh", {
+        connectionId,
+        error: err?.message ?? err,
+      });
+    });
+}
+
+// ─── Local-specific: persist credentials to localDb ──────────────────────────
+
+/**
+ * Persist updated credentials for a connection to localDb.
+ * Only fields that are present in `newCredentials` are written.
+ *
+ * @param {string} connectionId
+ * @param {object} newCredentials
+ * @returns {Promise<boolean>}
+ */
+export async function updateProviderCredentials(connectionId, newCredentials) {
+  try {
+    const updates = {};
+
+    if (newCredentials.accessToken)         updates.accessToken  = newCredentials.accessToken;
+    if (newCredentials.refreshToken)        updates.refreshToken = newCredentials.refreshToken;
+    if (newCredentials.idToken)             updates.idToken = newCredentials.idToken;
+    if (newCredentials.lastRefreshAt)       updates.lastRefreshAt = newCredentials.lastRefreshAt;
+    if (newCredentials.expiresAt)           updates.expiresAt = newCredentials.expiresAt;
+    if (newCredentials.expiresIn) {
+      updates.expiresAt = toExpiresAt(newCredentials.expiresIn);
+      updates.expiresIn = newCredentials.expiresIn;
+    } else if (newCredentials.expiresAt) {
+      const expiresAt = normalizeExpiresAt(newCredentials.expiresAt);
+      if (expiresAt) {
+        updates.expiresAt = expiresAt;
+        updates.expiresIn = Math.max(1, Math.floor((new Date(expiresAt).getTime() - Date.now()) / 1000));
+      }
+    }
+    if (newCredentials.providerSpecificData) {
+      updates.providerSpecificData = {
+        ...(newCredentials.existingProviderSpecificData || {}),
+        ...newCredentials.providerSpecificData,
+      };
+    }
+    if (newCredentials.copilotToken || newCredentials.copilotTokenExpiresAt) {
+      updates.providerSpecificData = {
+        ...(updates.providerSpecificData || newCredentials.existingProviderSpecificData || {}),
+        ...(newCredentials.copilotToken ? { copilotToken: newCredentials.copilotToken } : {}),
+        ...(newCredentials.copilotTokenExpiresAt ? { copilotTokenExpiresAt: newCredentials.copilotTokenExpiresAt } : {}),
+      };
+    }
+    if (newCredentials.projectId)            updates.projectId = newCredentials.projectId;
+
+    const result = await updateProviderConnection(connectionId, updates);
+    log.info("TOKEN_REFRESH", "Credentials updated in localDb", {
+      connectionId,
+      success: !!result
+    });
+    return !!result;
+  } catch (error) {
+    log.error("TOKEN_REFRESH", "Error updating credentials in localDb", {
+      connectionId,
+      error: error.message,
+    });
+    return false;
+  }
+}
+
+// ─── Local-specific: proactive token refresh ─────────────────────────────────
+
+/**
+ * Check whether the provider token (and, for GitHub, the Copilot token) is
+ * about to expire and refresh it proactively.
+ *
+ * @param {string} provider
+ * @param {object} credentials
+ * @returns {Promise<object>} updated credentials object
+ */
+export async function checkAndRefreshToken(provider, credentials) {
+  let creds = { ...credentials };
+
+  // ── 1. Regular access-token expiry ────────────────────────────────────────
+  if (_shouldRefreshCredentials(provider, creds)) {
+    const expiresAt = creds.expiresAt ? new Date(creds.expiresAt).getTime() : null;
+    const remaining = expiresAt ? expiresAt - Date.now() : null;
+    const refreshLead = _getRefreshLeadMs(provider);
+
+    log.info("TOKEN_REFRESH", "Refreshing provider credentials proactively", {
+      provider,
+      expiresIn: remaining === null ? null : Math.round(remaining / 1000),
+      refreshLeadMs: refreshLead,
+      lastRefreshAt: creds.lastRefreshAt || null,
+    });
+
+    const newCreds = await _refreshProviderCredentials(provider, creds, log);
+    if (newCreds?.accessToken || newCreds?.apiKey || newCreds?.copilotToken) {
+      const mergedCreds = {
+        ...newCreds,
+        existingProviderSpecificData: creds.providerSpecificData,
+      };
+
+      // Persist to DB (non-blocking path continues below)
+      await updateProviderCredentials(creds.connectionId, mergedCreds);
+
+      creds = {
+        ...creds,
+        ...newCreds,
+        expiresAt: newCreds.expiresIn
+          ? toExpiresAt(newCreds.expiresIn)
+          : normalizeExpiresAt(newCreds.expiresAt) || newCreds.expiresAt || creds.expiresAt,
+        providerSpecificData: newCreds.providerSpecificData
+          ? { ...creds.providerSpecificData, ...newCreds.providerSpecificData }
+          : creds.providerSpecificData,
+      };
+
+      // Non-blocking: refresh projectId with the new access token
+      _refreshProjectId(provider, creds.connectionId, creds.accessToken);
+    }
+  }
+
+  // ── 2. GitHub Copilot token expiry ────────────────────────────────────────
+  if (provider === "github" && creds.providerSpecificData?.copilotTokenExpiresAt) {
+    const copilotExpiresAt = creds.providerSpecificData.copilotTokenExpiresAt * 1000;
+    const now              = Date.now();
+    const remaining        = copilotExpiresAt - now;
+
+    if (remaining < TOKEN_EXPIRY_BUFFER_MS) {
+      log.info("TOKEN_REFRESH", "Copilot token expiring soon, refreshing proactively", {
+        provider,
+        expiresIn: Math.round(remaining / 1000),
+      });
+
+      const copilotToken = await refreshCopilotToken(creds.accessToken);
+      if (copilotToken) {
+        const updatedSpecific = {
+          ...creds.providerSpecificData,
+          copilotToken:          copilotToken.token,
+          copilotTokenExpiresAt: copilotToken.expiresAt,
+        };
+
+        await updateProviderCredentials(creds.connectionId, {
+          providerSpecificData: updatedSpecific,
+        });
+
+        creds.providerSpecificData = updatedSpecific;
+        creds.copilotToken = copilotToken.token;
+      }
+    }
+  }
+
+  return creds;
+}
+
+// ─── Local-specific: combined GitHub + Copilot refresh ───────────────────────
+
+/**
+ * Refresh the GitHub OAuth token and immediately exchange it for a fresh
+ * Copilot token.
+ *
+ * @param {object} credentials  – must contain `refreshToken`
+ * @returns {Promise<object|null>} merged credentials or the raw GitHub credentials on Copilot failure
+ */
+export async function refreshGitHubAndCopilotTokens(credentials) {
+  const newGitHubCreds = await refreshGitHubToken(credentials.refreshToken);
+  if (!newGitHubCreds?.accessToken) return newGitHubCreds;
+
+  const copilotToken = await refreshCopilotToken(newGitHubCreds.accessToken);
+  if (!copilotToken) return newGitHubCreds;
+
+  return {
+    ...newGitHubCreds,
+    providerSpecificData: {
+      copilotToken:          copilotToken.token,
+      copilotTokenExpiresAt: copilotToken.expiresAt,
+    },
+  };
+}

package/src/sse/utils/logger.js

@@ -0,0 +1,75 @@
+// Logger utility for cloud
+
+const LOG_LEVELS = {
+  DEBUG: 0,
+  INFO: 1,
+  WARN: 2,
+  ERROR: 3
+};
+
+const LEVEL = LOG_LEVELS.DEBUG;
+
+function formatTime() {
+  return new Date().toLocaleTimeString("en-US", { hour12: false });
+}
+
+function formatData(data) {
+  if (!data) return "";
+  if (typeof data === "string") return data;
+  try {
+    return JSON.stringify(data);
+  } catch {
+    return String(data);
+  }
+}
+
+export function debug(tag, message, data) {
+  if (LEVEL <= LOG_LEVELS.DEBUG) {
+    const dataStr = data ? ` ${formatData(data)}` : "";
+    console.log(`[${formatTime()}] 🔍 [${tag}] ${message}${dataStr}`);
+  }
+}
+
+export function info(tag, message, data) {
+  if (LEVEL <= LOG_LEVELS.INFO) {
+    const dataStr = data ? ` ${formatData(data)}` : "";
+    console.log(`[${formatTime()}] ℹ️  [${tag}] ${message}${dataStr}`);
+  }
+}
+
+export function warn(tag, message, data) {
+  if (LEVEL <= LOG_LEVELS.WARN) {
+    const dataStr = data ? ` ${formatData(data)}` : "";
+    // console.warn(`[${formatTime()}] ⚠️  [${tag}] ${message}${dataStr}`);
+  }
+}
+
+export function error(tag, message, data) {
+  if (LEVEL <= LOG_LEVELS.ERROR) {
+    const dataStr = data ? ` ${formatData(data)}` : "";
+    console.log(`[${formatTime()}] ❌ [${tag}] ${message}${dataStr}`);
+  }
+}
+
+export function request(method, path, extra) {
+  const dataStr = extra ? ` ${formatData(extra)}` : "";
+  console.log(`\x1b[36m[${formatTime()}] 📥 ${method} ${path}${dataStr}\x1b[0m`);
+}
+
+export function response(status, duration, extra) {
+  const icon = status < 400 ? "📤" : "💥";
+  const dataStr = extra ? ` ${formatData(extra)}` : "";
+  console.log(`[${formatTime()}] ${icon} ${status} (${duration}ms)${dataStr}`);
+}
+
+export function stream(event, data) {
+  const dataStr = data ? ` ${formatData(data)}` : "";
+  console.log(`[${formatTime()}] 🌊 [STREAM] ${event}${dataStr}`);
+}
+
+// Mask sensitive data
+export function maskKey(key) {
+  if (!key || key.length < 8) return "***";
+  return `${key.slice(0, 4)}...${key.slice(-4)}`;
+}
+

package/src/store/headerSearchStore.js

@@ -0,0 +1,19 @@
+/**
+ * Header Search Store — Zustand-based reusable search input in Header.
+ * Pages register placeholder on mount, read query, unregister on unmount.
+ */
+
+import { create } from "zustand";
+
+export const useHeaderSearchStore = create((set) => ({
+  query: "",
+  placeholder: "",
+  visible: false,
+
+  setQuery: (query) => set({ query }),
+
+  register: (placeholder = "Search...") =>
+    set({ visible: true, placeholder, query: "" }),
+
+  unregister: () => set({ visible: false, placeholder: "", query: "" }),
+}));

package/src/store/index.js

@@ -0,0 +1,6 @@
+// Zustand Stores - Export all
+export { default as useThemeStore } from "./themeStore";
+export { default as useUserStore } from "./userStore";
+export { default as useProviderStore } from "./providerStore";
+export { useNotificationStore } from "./notificationStore";
+

package/src/store/notificationStore.js

@@ -0,0 +1,45 @@
+/**
+ * Notification Store — Zustand-based global toast notification system.
+ * Centralized feedback for dashboard actions.
+ */
+
+import { create } from "zustand";
+
+let idCounter = 0;
+
+export const useNotificationStore = create((set, get) => ({
+  notifications: [],
+
+  addNotification: (notification) => {
+    const id = ++idCounter;
+    const entry = {
+      id,
+      type: notification.type || "info",
+      message: notification.message,
+      title: notification.title || null,
+      duration: notification.duration ?? 5000,
+      dismissible: notification.dismissible ?? true,
+      createdAt: Date.now(),
+    };
+
+    set((s) => ({ notifications: [...s.notifications, entry] }));
+
+    // Auto-dismiss
+    if (entry.duration > 0) {
+      setTimeout(() => get().removeNotification(id), entry.duration);
+    }
+
+    return id;
+  },
+
+  removeNotification: (id) => {
+    set((s) => ({ notifications: s.notifications.filter((n) => n.id !== id) }));
+  },
+
+  clearAll: () => set({ notifications: [] }),
+
+  success: (message, title) => get().addNotification({ type: "success", message, title }),
+  error: (message, title) => get().addNotification({ type: "error", message, title, duration: 8000 }),
+  warning: (message, title) => get().addNotification({ type: "warning", message, title }),
+  info: (message, title) => get().addNotification({ type: "info", message, title }),
+}));

package/src/store/providerStore.js

@@ -0,0 +1,55 @@
+"use client";
+
+import { create } from "zustand";
+import { CLIENT_STORE_TTL_MS } from "@/shared/constants/config";
+
+const useProviderStore = create((set, get) => ({
+  providers: [],
+  loading: false,
+  error: null,
+  lastFetched: 0,
+
+  setProviders: (providers) => set({ providers, lastFetched: Date.now() }),
+
+  addProvider: (provider) =>
+    set((state) => ({ providers: [provider, ...state.providers] })),
+
+  updateProvider: (id, updates) =>
+    set((state) => ({
+      providers: state.providers.map((p) =>
+        p._id === id ? { ...p, ...updates } : p
+      ),
+    })),
+
+  removeProvider: (id) =>
+    set((state) => ({
+      providers: state.providers.filter((p) => p._id !== id),
+    })),
+
+  invalidate: () => set({ lastFetched: 0 }),
+
+  setLoading: (loading) => set({ loading }),
+
+  setError: (error) => set({ error }),
+
+  // Skips network when cache is fresh (< CLIENT_STORE_TTL_MS). Pass {force:true} to override.
+  fetchProviders: async ({ force = false } = {}) => {
+    const { lastFetched, providers } = get();
+    if (!force && providers.length > 0 && Date.now() - lastFetched < CLIENT_STORE_TTL_MS) return;
+    set({ loading: true, error: null });
+    try {
+      const response = await fetch("/api/providers");
+      const data = await response.json();
+      if (response.ok) {
+        set({ providers: data.connections || data.providers || [], loading: false, lastFetched: Date.now() });
+      } else {
+        set({ error: data.error, loading: false });
+      }
+    } catch (error) {
+      set({ error: "Failed to fetch providers", loading: false });
+    }
+  },
+}));
+
+export default useProviderStore;
+

package/src/store/settingsStore.js

@@ -0,0 +1,51 @@
+"use client";
+
+import { create } from "zustand";
+import { CLIENT_STORE_TTL_MS } from "@/shared/constants/config";
+
+const useSettingsStore = create((set, get) => ({
+  settings: null,
+  loading: false,
+  error: null,
+  lastFetched: 0,
+
+  invalidate: () => set({ lastFetched: 0 }),
+
+  // Skips network when cache is fresh; pass {force:true} to override
+  fetchSettings: async ({ force = false } = {}) => {
+    const { lastFetched, settings } = get();
+    if (!force && settings && Date.now() - lastFetched < CLIENT_STORE_TTL_MS) return settings;
+    set({ loading: true, error: null });
+    try {
+      const res = await fetch("/api/settings");
+      const data = await res.json();
+      if (res.ok) {
+        set({ settings: data, loading: false, lastFetched: Date.now() });
+        return data;
+      }
+      set({ error: data.error, loading: false });
+    } catch (e) {
+      set({ error: "Failed to fetch settings", loading: false });
+    }
+    return null;
+  },
+
+  // PATCH server + merge into local cache (no extra fetch needed)
+  patchSettings: async (patch) => {
+    try {
+      const res = await fetch("/api/settings", {
+        method: "PATCH",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify(patch),
+      });
+      if (!res.ok) return null;
+      const updated = await res.json();
+      set({ settings: updated, lastFetched: Date.now() });
+      return updated;
+    } catch {
+      return null;
+    }
+  },
+}));
+
+export default useSettingsStore;

package/src/store/themeStore.js

@@ -0,0 +1,54 @@
+"use client";
+
+import { create } from "zustand";
+import { persist } from "zustand/middleware";
+import { THEME_CONFIG } from "@/shared/constants/config";
+
+const useThemeStore = create(
+  persist(
+    (set, get) => ({
+      theme: THEME_CONFIG.defaultTheme,
+
+      setTheme: (theme) => {
+        set({ theme });
+        applyTheme(theme);
+      },
+
+      toggleTheme: () => {
+        const currentTheme = get().theme;
+        const newTheme = currentTheme === "dark" ? "light" : "dark";
+        set({ theme: newTheme });
+        applyTheme(newTheme);
+      },
+
+      initTheme: () => {
+        const theme = get().theme;
+        applyTheme(theme);
+      },
+    }),
+    {
+      name: THEME_CONFIG.storageKey,
+    }
+  )
+);
+
+// Apply theme to document
+function applyTheme(theme) {
+  if (typeof window === "undefined") return;
+
+  const root = document.documentElement;
+  const systemTheme = window.matchMedia("(prefers-color-scheme: dark)").matches
+    ? "dark"
+    : "light";
+
+  const effectiveTheme = theme === "system" ? systemTheme : theme;
+
+  if (effectiveTheme === "dark") {
+    root.classList.add("dark");
+  } else {
+    root.classList.remove("dark");
+  }
+}
+
+export default useThemeStore;
+

package/src/store/userStore.js

@@ -0,0 +1,20 @@
+"use client";
+
+import { create } from "zustand";
+
+const useUserStore = create((set) => ({
+  user: null,
+  loading: false,
+  error: null,
+
+  setUser: (user) => set({ user }),
+
+  clearUser: () => set({ user: null }),
+
+  setLoading: (loading) => set({ loading }),
+
+  setError: (error) => set({ error }),
+}));
+
+export default useUserStore;
+

package/start.sh

@@ -0,0 +1,4 @@
+docker stop 9router
+docker rm 9router
+docker build -t 9router .
+docker run -d --name 9router -p 20128:20128 --env-file .env -v 9router-data:/app/data 9router