cloudcost-cli 0.1.0__py3-none-any.whl

backend/app/database.py

@@ -0,0 +1,470 @@
+import json
+import hmac
+from json import JSONDecodeError
+from datetime import timedelta
+from pathlib import Path
+from typing import Any
+from uuid import uuid4
+
+import psycopg
+from psycopg.rows import dict_row
+
+from backend.app.auth import hash_otp_code, hash_session_token, utc_now
+from backend.app.config import Settings
+from backend.app.storage import append_jsonl, read_jsonl
+
+
+def has_database(settings: Settings) -> bool:
+    return bool(settings.backend_database_url)
+
+
+def _connect(settings: Settings):
+    if not settings.backend_database_url:
+        raise RuntimeError("Set APP_DATABASE_URL or DATABASE_URL.")
+    return psycopg.connect(settings.backend_database_url, row_factory=dict_row)
+
+
+def init_app_database(settings: Settings) -> None:
+    if not has_database(settings):
+        return
+
+    with _connect(settings) as conn:
+        with conn.cursor() as cur:
+            cur.execute(
+                """
+                CREATE TABLE IF NOT EXISTS cloudcost_waitlist (
+                    id BIGSERIAL PRIMARY KEY,
+                    email TEXT NOT NULL,
+                    source TEXT NOT NULL DEFAULT 'landing_page',
+                    plan TEXT NOT NULL DEFAULT 'early_access',
+                    created_at TIMESTAMPTZ NOT NULL DEFAULT now()
+                )
+                """
+            )
+            cur.execute(
+                """
+                CREATE INDEX IF NOT EXISTS cloudcost_waitlist_created_at_idx
+                    ON cloudcost_waitlist (created_at DESC)
+                """
+            )
+            cur.execute(
+                """
+                DELETE FROM cloudcost_waitlist duplicate
+                USING cloudcost_waitlist original
+                WHERE lower(duplicate.email) = lower(original.email)
+                    AND duplicate.id > original.id
+                """
+            )
+            cur.execute(
+                """
+                CREATE UNIQUE INDEX IF NOT EXISTS cloudcost_waitlist_email_unique_idx
+                    ON cloudcost_waitlist (lower(email))
+                """
+            )
+            cur.execute(
+                """
+                CREATE TABLE IF NOT EXISTS cloudcost_usage_events (
+                    id BIGSERIAL PRIMARY KEY,
+                    event_type TEXT NOT NULL DEFAULT 'success',
+                    model TEXT,
+                    user_id TEXT,
+                    key_alias TEXT,
+                    team_id TEXT,
+                    metadata JSONB NOT NULL DEFAULT '{}'::jsonb,
+                    usage JSONB NOT NULL DEFAULT '{}'::jsonb,
+                    cost NUMERIC,
+                    started_at TIMESTAMPTZ,
+                    ended_at TIMESTAMPTZ,
+                    created_at TIMESTAMPTZ NOT NULL DEFAULT now()
+                )
+                """
+            )
+            cur.execute(
+                """
+                CREATE INDEX IF NOT EXISTS cloudcost_usage_events_created_at_idx
+                    ON cloudcost_usage_events (created_at DESC)
+                """
+            )
+            cur.execute(
+                """
+                CREATE INDEX IF NOT EXISTS cloudcost_usage_events_team_idx
+                    ON cloudcost_usage_events (team_id)
+                """
+            )
+            cur.execute(
+                """
+                CREATE TABLE IF NOT EXISTS cloudcost_users (
+                    id TEXT PRIMARY KEY,
+                    email TEXT NOT NULL UNIQUE,
+                    password_hash TEXT NOT NULL,
+                    full_name TEXT,
+                    company TEXT,
+                    email_verified_at TIMESTAMPTZ,
+                    created_at TIMESTAMPTZ NOT NULL DEFAULT now(),
+                    updated_at TIMESTAMPTZ NOT NULL DEFAULT now()
+                )
+                """
+            )
+            cur.execute(
+                """
+                CREATE UNIQUE INDEX IF NOT EXISTS cloudcost_users_email_lower_unique_idx
+                    ON cloudcost_users (lower(email))
+                """
+            )
+            cur.execute(
+                """
+                CREATE TABLE IF NOT EXISTS cloudcost_email_otps (
+                    id BIGSERIAL PRIMARY KEY,
+                    user_id TEXT NOT NULL REFERENCES cloudcost_users(id) ON DELETE CASCADE,
+                    email TEXT NOT NULL,
+                    purpose TEXT NOT NULL DEFAULT 'signup',
+                    otp_hash TEXT NOT NULL,
+                    attempts INTEGER NOT NULL DEFAULT 0,
+                    expires_at TIMESTAMPTZ NOT NULL,
+                    consumed_at TIMESTAMPTZ,
+                    created_at TIMESTAMPTZ NOT NULL DEFAULT now()
+                )
+                """
+            )
+            cur.execute(
+                """
+                CREATE INDEX IF NOT EXISTS cloudcost_email_otps_lookup_idx
+                    ON cloudcost_email_otps (email, purpose, created_at DESC)
+                """
+            )
+            cur.execute(
+                """
+                CREATE TABLE IF NOT EXISTS cloudcost_sessions (
+                    id TEXT PRIMARY KEY,
+                    user_id TEXT NOT NULL REFERENCES cloudcost_users(id) ON DELETE CASCADE,
+                    session_hash TEXT NOT NULL UNIQUE,
+                    expires_at TIMESTAMPTZ NOT NULL,
+                    last_seen_at TIMESTAMPTZ,
+                    created_at TIMESTAMPTZ NOT NULL DEFAULT now()
+                )
+                """
+            )
+            cur.execute(
+                """
+                CREATE INDEX IF NOT EXISTS cloudcost_sessions_user_idx
+                    ON cloudcost_sessions (user_id)
+                """
+            )
+
+
+def _jsonl_has_waitlist_email(path: str, email: str) -> bool:
+    target = Path(path)
+    if not target.exists():
+        return False
+
+    normalized = email.strip().lower()
+    with target.open("r", encoding="utf-8") as handle:
+        for line in handle:
+            line = line.strip()
+            if not line:
+                continue
+            try:
+                row = json.loads(line)
+            except JSONDecodeError:
+                continue
+            if str(row.get("email", "")).strip().lower() == normalized:
+                return True
+    return False
+
+
+def append_waitlist_record(settings: Settings, record: dict[str, Any]) -> bool:
+    if not has_database(settings):
+        if _jsonl_has_waitlist_email(settings.waitlist_path, record["email"]):
+            return False
+        append_jsonl(settings.waitlist_path, record)
+        return True
+
+    with _connect(settings) as conn:
+        with conn.cursor() as cur:
+            cur.execute(
+                """
+                INSERT INTO cloudcost_waitlist (email, source, plan)
+                VALUES (%s, %s, %s)
+                ON CONFLICT DO NOTHING
+                RETURNING id
+                """,
+                (
+                    record["email"],
+                    record.get("source") or "landing_page",
+                    record.get("plan") or "early_access",
+                ),
+            )
+            return cur.fetchone() is not None
+
+
+def append_usage_event(settings: Settings, event: dict[str, Any]) -> None:
+    if not has_database(settings):
+        append_jsonl(settings.usage_events_path, event)
+        return
+
+    with _connect(settings) as conn:
+        with conn.cursor() as cur:
+            cur.execute(
+                """
+                INSERT INTO cloudcost_usage_events (
+                    event_type,
+                    model,
+                    user_id,
+                    key_alias,
+                    team_id,
+                    metadata,
+                    usage,
+                    cost,
+                    started_at,
+                    ended_at
+                )
+                VALUES (%s, %s, %s, %s, %s, %s::jsonb, %s::jsonb, %s, %s, %s)
+                """,
+                (
+                    event.get("event_type") or "success",
+                    event.get("model"),
+                    event.get("user"),
+                    event.get("key_alias"),
+                    event.get("team_id"),
+                    json.dumps(event.get("metadata") or {}),
+                    json.dumps(event.get("usage") or {}),
+                    event.get("cost"),
+                    event.get("started_at"),
+                    event.get("ended_at"),
+                ),
+            )
+
+
+def read_usage_event_records(settings: Settings, limit: int = 1000) -> list[dict[str, Any]]:
+    if not has_database(settings):
+        return read_jsonl(settings.usage_events_path, limit=limit)
+
+    with _connect(settings) as conn:
+        with conn.cursor() as cur:
+            cur.execute(
+                """
+                SELECT
+                    event_type,
+                    model,
+                    user_id AS "user",
+                    key_alias,
+                    team_id,
+                    metadata,
+                    usage,
+                    cost,
+                    started_at,
+                    ended_at,
+                    created_at AS recorded_at
+                FROM cloudcost_usage_events
+                ORDER BY created_at DESC
+                LIMIT %s
+                """,
+                (limit,),
+            )
+            rows = cur.fetchall()
+
+    rows.reverse()
+    return [dict(row) for row in rows]
+
+
+def create_or_update_signup_user(
+    settings: Settings,
+    *,
+    email: str,
+    password_hash: str,
+    full_name: str | None,
+    company: str | None,
+) -> dict[str, Any]:
+    if not has_database(settings):
+        raise RuntimeError("Signup requires Neon/Postgres. Set APP_DATABASE_URL or DATABASE_URL.")
+
+    with _connect(settings) as conn:
+        with conn.cursor() as cur:
+            cur.execute("SELECT * FROM cloudcost_users WHERE email = %s", (email,))
+            existing = cur.fetchone()
+            if existing and existing.get("email_verified_at"):
+                raise ValueError("An account already exists for this email.")
+            if existing:
+                cur.execute(
+                    """
+                    UPDATE cloudcost_users
+                    SET password_hash = %s,
+                        full_name = %s,
+                        company = %s,
+                        updated_at = now()
+                    WHERE id = %s
+                    RETURNING *
+                    """,
+                    (password_hash, full_name, company, existing["id"]),
+                )
+                return dict(cur.fetchone())
+
+            cur.execute(
+                """
+                INSERT INTO cloudcost_users (id, email, password_hash, full_name, company)
+                VALUES (%s, %s, %s, %s, %s)
+                RETURNING *
+                """,
+                (str(uuid4()), email, password_hash, full_name, company),
+            )
+            return dict(cur.fetchone())
+
+
+def get_user_by_email(settings: Settings, email: str) -> dict[str, Any] | None:
+    if not has_database(settings):
+        return None
+
+    with _connect(settings) as conn:
+        with conn.cursor() as cur:
+            cur.execute("SELECT * FROM cloudcost_users WHERE email = %s", (email,))
+            row = cur.fetchone()
+    return dict(row) if row else None
+
+
+def get_user_by_id(settings: Settings, user_id: str) -> dict[str, Any] | None:
+    if not has_database(settings):
+        return None
+
+    with _connect(settings) as conn:
+        with conn.cursor() as cur:
+            cur.execute("SELECT * FROM cloudcost_users WHERE id = %s", (user_id,))
+            row = cur.fetchone()
+    return dict(row) if row else None
+
+
+def create_email_otp(
+    settings: Settings,
+    *,
+    user_id: str,
+    email: str,
+    code: str,
+    purpose: str = "signup",
+) -> None:
+    if not has_database(settings):
+        raise RuntimeError("Email OTP requires Neon/Postgres. Set APP_DATABASE_URL or DATABASE_URL.")
+
+    expires_at = utc_now() + timedelta(minutes=settings.auth_otp_ttl_minutes)
+    otp_hash = hash_otp_code(settings, email, code, purpose)
+    with _connect(settings) as conn:
+        with conn.cursor() as cur:
+            cur.execute(
+                """
+                INSERT INTO cloudcost_email_otps (user_id, email, purpose, otp_hash, expires_at)
+                VALUES (%s, %s, %s, %s, %s)
+                """,
+                (user_id, email, purpose, otp_hash, expires_at),
+            )
+
+
+def verify_email_otp(
+    settings: Settings,
+    *,
+    email: str,
+    code: str,
+    purpose: str = "signup",
+) -> dict[str, Any] | None:
+    if not has_database(settings):
+        raise RuntimeError("Email OTP requires Neon/Postgres. Set APP_DATABASE_URL or DATABASE_URL.")
+
+    now = utc_now()
+    expected_hash = hash_otp_code(settings, email, code, purpose)
+    with _connect(settings) as conn:
+        with conn.cursor() as cur:
+            cur.execute(
+                """
+                SELECT *
+                FROM cloudcost_email_otps
+                WHERE email = %s
+                    AND purpose = %s
+                    AND consumed_at IS NULL
+                    AND expires_at > %s
+                ORDER BY created_at DESC
+                LIMIT 1
+                """,
+                (email, purpose, now),
+            )
+            otp = cur.fetchone()
+            if not otp:
+                return None
+            if int(otp["attempts"]) >= settings.auth_otp_max_attempts:
+                return None
+
+            if not secrets_compare(expected_hash, otp["otp_hash"]):
+                cur.execute(
+                    "UPDATE cloudcost_email_otps SET attempts = attempts + 1 WHERE id = %s",
+                    (otp["id"],),
+                )
+                return None
+
+            cur.execute(
+                "UPDATE cloudcost_email_otps SET consumed_at = now() WHERE id = %s",
+                (otp["id"],),
+            )
+            cur.execute(
+                """
+                UPDATE cloudcost_users
+                SET email_verified_at = COALESCE(email_verified_at, now()),
+                    updated_at = now()
+                WHERE id = %s
+                RETURNING *
+                """,
+                (otp["user_id"],),
+            )
+            return dict(cur.fetchone())
+
+
+def secrets_compare(left: str, right: str) -> bool:
+    return hmac.compare_digest(left, right)
+
+
+def create_session(settings: Settings, *, user_id: str, token: str, expires_at: Any) -> None:
+    if not has_database(settings):
+        raise RuntimeError("Sessions require Neon/Postgres. Set APP_DATABASE_URL or DATABASE_URL.")
+
+    with _connect(settings) as conn:
+        with conn.cursor() as cur:
+            cur.execute(
+                """
+                INSERT INTO cloudcost_sessions (id, user_id, session_hash, expires_at)
+                VALUES (%s, %s, %s, %s)
+                """,
+                (str(uuid4()), user_id, hash_session_token(settings, token), expires_at),
+            )
+
+
+def get_user_for_session(settings: Settings, token: str | None) -> dict[str, Any] | None:
+    if not token or not has_database(settings):
+        return None
+
+    token_hash = hash_session_token(settings, token)
+    with _connect(settings) as conn:
+        with conn.cursor() as cur:
+            cur.execute(
+                """
+                SELECT u.*
+                FROM cloudcost_sessions s
+                JOIN cloudcost_users u ON u.id = s.user_id
+                WHERE s.session_hash = %s
+                    AND s.expires_at > now()
+                """,
+                (token_hash,),
+            )
+            user = cur.fetchone()
+            if user:
+                cur.execute(
+                    "UPDATE cloudcost_sessions SET last_seen_at = now() WHERE session_hash = %s",
+                    (token_hash,),
+                )
+    return dict(user) if user else None
+
+
+def delete_session(settings: Settings, token: str | None) -> None:
+    if not token or not has_database(settings):
+        return
+
+    with _connect(settings) as conn:
+        with conn.cursor() as cur:
+            cur.execute(
+                "DELETE FROM cloudcost_sessions WHERE session_hash = %s",
+                (hash_session_token(settings, token),),
+            )

backend/app/emailer.py

@@ -0,0 +1,157 @@
+import asyncio
+import smtplib
+from email.message import EmailMessage
+from pathlib import Path
+
+import httpx
+
+from backend.app.config import Settings
+
+
+def _smtp_ready(settings: Settings) -> bool:
+    return bool(settings.smtp_host and settings.smtp_from_email)
+
+
+def _resend_ready(settings: Settings) -> bool:
+    return bool(settings.resend_api_key and settings.from_email)
+
+
+def waitlist_confirmation_available(settings: Settings) -> bool:
+    return settings.waitlist_confirmation_enabled and (_resend_ready(settings) or _smtp_ready(settings))
+
+
+def _send_message_sync(settings: Settings, message: EmailMessage) -> dict[str, str]:
+    with smtplib.SMTP(settings.smtp_host, settings.smtp_port, timeout=20) as smtp:
+        if settings.smtp_use_tls:
+            smtp.starttls()
+        if settings.smtp_username:
+            smtp.login(settings.smtp_username, settings.smtp_password or "")
+        smtp.send_message(message)
+
+    return {"mode": "smtp"}
+
+
+def _send_resend_sync(
+    settings: Settings,
+    *,
+    to_email: str,
+    subject: str,
+    text: str,
+    html: str | None = None,
+) -> dict[str, str]:
+    if not settings.resend_api_key or not settings.from_email:
+        return {"mode": "disabled"}
+
+    payload: dict[str, object] = {
+        "from": settings.from_email,
+        "to": [to_email],
+        "subject": subject,
+        "text": text,
+    }
+    if html:
+        payload["html"] = html
+
+    with httpx.Client(timeout=20.0) as client:
+        response = client.post(
+            "https://api.resend.com/emails",
+            headers={
+                "Authorization": f"Bearer {settings.resend_api_key}",
+                "Content-Type": "application/json",
+            },
+            json=payload,
+        )
+    response.raise_for_status()
+    return {"mode": "resend"}
+
+
+def _write_dev_otp(settings: Settings, email: str, code: str) -> dict[str, str]:
+    path = Path(settings.auth_dev_otp_log_path)
+    path.parent.mkdir(parents=True, exist_ok=True)
+    with path.open("a", encoding="utf-8") as handle:
+        handle.write(f"{email} signup OTP: {code}\n")
+    return {"mode": "dev_log", "path": str(path)}
+
+
+def _send_signup_otp_sync(settings: Settings, email: str, code: str) -> dict[str, str]:
+    subject = "Your CloudCost AI verification code"
+    text = "\n".join(
+        [
+            "Your CloudCost AI verification code is:",
+            "",
+            code,
+            "",
+            f"This code expires in {settings.auth_otp_ttl_minutes} minutes.",
+        ]
+    )
+
+    if _resend_ready(settings):
+        html = f"""<!doctype html>
+<html>
+<body style="margin:0;background:#f3ede1;color:#18130f;font-family:Arial,sans-serif;">
+  <table role="presentation" width="100%" cellspacing="0" cellpadding="0" style="padding:32px 16px;">
+    <tr><td align="center">
+      <table role="presentation" width="100%" cellspacing="0" cellpadding="0" style="max-width:560px;background:#fffaf0;border:1px solid #d8cfbf;border-radius:10px;">
+        <tr><td style="padding:28px 32px;border-bottom:1px solid #e2d8c8;">
+          <div style="font-family:Georgia,serif;font-size:24px;font-weight:700;color:#1f5132;">CloudCost AI</div>
+          <div style="margin-top:8px;font-size:12px;letter-spacing:3px;text-transform:uppercase;color:#7b7064;">Account verification</div>
+        </td></tr>
+        <tr><td style="padding:34px 32px;">
+          <h1 style="margin:0;font-family:Georgia,serif;font-size:34px;font-weight:500;">Verify your account.</h1>
+          <p style="margin:16px 0 22px;font-size:16px;line-height:1.7;color:#5f564e;">Use this code to finish creating your CloudCost AI account.</p>
+          <div style="font-size:34px;letter-spacing:8px;font-weight:800;color:#1f5132;background:#f7f0e6;border:1px solid #e2d8c8;border-radius:8px;padding:18px 20px;text-align:center;">{code}</div>
+          <p style="margin:18px 0 0;font-size:14px;color:#7b7064;">This code expires in {settings.auth_otp_ttl_minutes} minutes. Ignore this email if you did not request it.</p>
+        </td></tr>
+      </table>
+    </td></tr>
+  </table>
+</body>
+</html>"""
+        return _send_resend_sync(settings, to_email=email, subject=subject, text=text, html=html)
+
+    if not _smtp_ready(settings):
+        return _write_dev_otp(settings, email, code)
+
+    message = EmailMessage()
+    message["Subject"] = subject
+    message["From"] = settings.smtp_from_email
+    message["To"] = email
+    message.set_content(text)
+
+    return _send_message_sync(settings, message)
+
+
+def _send_waitlist_confirmation_sync(settings: Settings, email: str) -> dict[str, str]:
+    if not waitlist_confirmation_available(settings):
+        return {"mode": "disabled"}
+
+    subject = "CloudCost AI early access request received"
+    text = "\n".join(
+        [
+            "Your CloudCost AI early access request is in.",
+            "",
+            "We will reach out when your slot opens.",
+            "",
+            "If you did not request this, you can ignore this email.",
+            "",
+            "CloudCost AI",
+        ]
+    )
+
+    if _resend_ready(settings):
+        return _send_resend_sync(settings, to_email=email, subject=subject, text=text)
+
+    message = EmailMessage()
+    message["Subject"] = subject
+    message["From"] = settings.smtp_from_email
+    message["To"] = email
+    message.set_content(text)
+
+    return _send_message_sync(settings, message)
+
+
+async def send_signup_otp(settings: Settings, email: str, code: str) -> dict[str, str]:
+    return await asyncio.to_thread(_send_signup_otp_sync, settings, email, code)
+
+
+async def send_waitlist_confirmation(settings: Settings, email: str) -> dict[str, str]:
+    return await asyncio.to_thread(_send_waitlist_confirmation_sync, settings, email)