makiolaj/GearBox
1
0
Fork 0
Code Issues 8 Pull Requests Actions Packages Projects Releases 10 Wiki Activity

Merge branch 'worktree-agent-a86c0a6d' into Develop

Browse Source 
# Conflicts:
#	.planning/REQUIREMENTS.md
#	.planning/STATE.md
#	src/db/schema.ts
#	src/db/seed.ts
#	src/server/index.ts
#	src/server/routes/setups.ts
#	src/server/services/category.service.ts
#	src/server/services/setup.service.ts
#	src/shared/schemas.ts
#	src/shared/types.ts
This commit is contained in:
Jean-Luc Makiola
2026-04-05 13:13:34 +02:00
parent 465297c398 95143826ed
commit 2843351d90
16 changed files with 993 additions and 225 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
.planning/REQUIREMENTS.md
View File

@@ -41,19 +41,19 @@ Requirements for this milestone. Each maps to roadmap phases.
### Global Item Database
- [x] **GLOB-01**: A global item catalog exists with brand, model, category, manufacturer specs, and image
- [x] **GLOB-02**: Global catalog is seeded with initial items from manufacturer data
- [x] **GLOB-03**: User can search the global catalog by name or brand
- [x] **GLOB-04**: User can link a personal collection item to a global catalog entry
- [x] **GLOB-05**: Global item pages show basic info and owner count
- [ ] **GLOB-01**: A global item catalog exists with brand, model, category, manufacturer specs, and image
- [ ] **GLOB-02**: Global catalog is seeded with initial items from manufacturer data
- [ ] **GLOB-03**: User can search the global catalog by name or brand
- [ ] **GLOB-04**: User can link a personal collection item to a global catalog entry
- [ ] **GLOB-05**: Global item pages show basic info and owner count
### User Profiles & Sharing
- [ ] **PROF-01**: User has a profile with display name, avatar, and bio
- [ ] **PROF-02**: User can view their own public profile page
- [ ] **PROF-03**: User can set a setup as public or private
- [ ] **PROF-04**: Public setups are viewable by anyone without authentication
- [ ] **PROF-05**: Public profile page lists the user's public setups
- [x] **PROF-01**: User has a profile with display name, avatar, and bio
- [x] **PROF-02**: User can view their own public profile page
- [x] **PROF-03**: User can set a setup as public or private
- [x] **PROF-04**: Public setups are viewable by anyone without authentication
- [x] **PROF-05**: Public profile page lists the user's public setups
## Future Requirements
@@ -136,16 +136,16 @@ Which phases cover which requirements. Updated during roadmap creation.
| IMG-02 | Phase 17 | Pending |
| IMG-03 | Phase 17 | Pending |
| IMG-04 | Phase 17 | Pending |
| GLOB-01 | Phase 18 | Complete (18-02) |
| GLOB-02 | Phase 18 | Complete (18-02) |
| GLOB-03 | Phase 18 | Complete (18-02) |
| GLOB-04 | Phase 18 | Complete (18-02) |
| GLOB-05 | Phase 18 | Complete (18-02) |
| PROF-01 | Phase 18 | Pending |
| PROF-02 | Phase 18 | Pending |
| PROF-03 | Phase 18 | Pending |
| PROF-04 | Phase 18 | Pending |
| PROF-05 | Phase 18 | Pending |
| GLOB-01 | Phase 18 | Pending |
| GLOB-02 | Phase 18 | Pending |
| GLOB-03 | Phase 18 | Pending |
| GLOB-04 | Phase 18 | Pending |
| GLOB-05 | Phase 18 | Pending |
| PROF-01 | Phase 18 | Complete |
| PROF-02 | Phase 18 | Complete |
| PROF-03 | Phase 18 | Complete |
| PROF-04 | Phase 18 | Complete |
| PROF-05 | Phase 18 | Complete |
**Coverage:**
- v2.0 requirements: 30 total

33
.planning/STATE.md
View File

@@ -1,16 +1,16 @@
---
gsd_state_version: 1.0
milestone: v2.0
milestone_name: Platform Foundation
milestone: v1.3
milestone_name: Research & Decision Tools
status: planning
stopped_at: null
last_updated: "2026-04-03"
stopped_at: Completed 18-03-PLAN.md
last_updated: "2026-04-05T11:12:57.693Z"
last_activity: 2026-04-03 — v2.0 roadmap created (Phases 14-18)
progress:
total_phases: 5
completed_phases: 0
total_plans: 0
completed_plans: 0
total_phases: 8
completed_phases: 6
total_plans: 12
completed_plans: 11
percent: 0
---
@@ -25,16 +25,17 @@ See: .planning/PROJECT.md (updated 2026-04-03)
## Current Position
Phase: 18 of 18 (Global Items & Public Profiles)
Plan: 2 of 5 in current phase
Status: Executing
Last activity: 2026-04-05Completed 18-02 global items service and routes
Phase: 14 of 18 (PostgreSQL Migration)
Plan: 0 of ? in current phase
Status: Ready to plan
Last activity: 2026-04-03v2.0 roadmap created (Phases 14-18)
Progress: [##--------] 20% (v2.0 milestone)
Progress: [----------] 0% (v2.0 milestone)
## Performance Metrics
**Velocity:**
- Total plans completed: 0 (v2.0 milestone)
- Average duration: --
- Total execution time: --
@@ -46,12 +47,14 @@ Progress: [##--------] 20% (v2.0 milestone)
### Decisions
Key decisions made during v2.0 planning:
- Platform pivot: single-user to multi-user with discovery-first approach
- External auth provider (self-hosted, open-source) — Logto vs Authentik OPEN decision
- SQLite to Postgres migration — required by auth provider and multi-user concurrency
- Structured UGC only — ratings and predefined fields, no freeform text until moderation
- Separate globalItems table — not a flag on user items table
- Single-user SQLite mode diverges at v2.0 boundary
- [Phase 18]: Public endpoints bypass auth via regex path matching in index.ts middleware
### Pending Todos
@@ -64,6 +67,6 @@ None active.
## Session Continuity
Last session: 2026-04-05
Stopped at: Completed 18-02-PLAN.md (global items service and routes)
Last session: 2026-04-05T11:12:57.691Z
Stopped at: Completed 18-03-PLAN.md
Resume file: None

133
.planning/phases/18-global-items-public-profiles/18-03-SUMMARY.md Normal file
View File

@@ -0,0 +1,133 @@
---
phase: 18-global-items-public-profiles
plan: 03
subsystem: server
tags: [profiles, public-setups, hono, drizzle, services, routes]
requires:
- phase: 18-global-items-public-profiles
plan: 01
provides: "User profile columns, setup isPublic column, Zod schemas"
provides:
- "Profile service (updateProfile, getPublicProfile, getPublicSetupWithItems)"
- "Public profile endpoint GET /api/users/:id/profile"
- "Profile update endpoint PUT /api/auth/profile"
- "Public setup endpoint GET /api/setups/:id/public"
- "Setup service isPublic support in create/update/list/detail"
affects: [18-04, 18-05]
tech-stack:
added: []
patterns: ["Public endpoints bypass auth middleware via regex in index.ts"]
key-files:
created:
- "src/server/services/profile.service.ts"
- "src/server/routes/profiles.ts"
- "tests/services/profile.service.test.ts"
- "tests/routes/profiles.test.ts"
modified:
- "src/server/services/setup.service.ts"
- "src/server/services/category.service.ts"
- "src/server/routes/auth.ts"
- "src/server/routes/setups.ts"
- "src/server/index.ts"
key-decisions:
- "Public endpoints skip auth via regex path matching in index.ts middleware"
- "Profile update placed on auth routes (PUT /api/auth/profile) since it requires auth"
- "Public setup route placed in setups.ts as GET /:id/public before GET /:id"
patterns-established:
- "Public endpoint pattern: regex skip in auth middleware + no userId dependency in handler"
requirements-completed: [PROF-01, PROF-02, PROF-03, PROF-04, PROF-05]
duration: 7min
completed: 2026-04-05
---
# Phase 18 Plan 03: User Profiles & Public Sharing Backend Summary
**Profile service with CRUD and public profile data, public setup viewing, setup visibility toggle, and auth middleware bypass for public endpoints**
## Performance
- **Duration:** 7 min
- **Started:** 2026-04-05T11:03:46Z
- **Completed:** 2026-04-05T11:11:44Z
- **Tasks:** 2
- **Files modified:** 9
## Accomplishments
- Created profile service with updateProfile, getPublicProfile, and getPublicSetupWithItems
- Added public profile endpoint returning user info and only public setups
- Added profile update endpoint behind auth on PUT /api/auth/profile
- Added public setup view endpoint at GET /api/setups/:id/public (returns 404 for private)
- Updated setup service to handle isPublic in create, update, list, and detail
- Updated auth middleware to skip auth for public profile and setup GET requests
- 25 tests passing (15 service + 10 route tests)
## Task Commits
Each task was committed atomically:
1. **Task 1: Profile service + setup isPublic + tests (TDD)** - `2d5d4f9` (test RED), `854811d` (feat GREEN)
2. **Task 2: Routes + auth middleware + route tests** - `eb8f4b7` (feat)
## Files Created/Modified
- `src/server/services/profile.service.ts` - updateProfile, getPublicProfile, getPublicSetupWithItems
- `src/server/routes/profiles.ts` - GET /:id/profile public endpoint
- `src/server/routes/auth.ts` - Added PUT /profile with requireAuth and updateProfileSchema validation
- `src/server/routes/setups.ts` - Added GET /:id/public endpoint using getPublicSetupWithItems
- `src/server/index.ts` - Registered profileRoutes at /api/users, added regex auth skips
- `src/server/services/setup.service.ts` - isPublic in createSetup, updateSetup, getAllSetups
- `src/server/services/category.service.ts` - Added getOrCreateUncategorized (Rule 3 fix)
- `tests/services/profile.service.test.ts` - 15 tests for profile and setup isPublic
- `tests/routes/profiles.test.ts` - 10 tests for public profile, auth profile update, public setup
## Decisions Made
- Public endpoints bypass auth via regex path matching in the centralized auth middleware, not per-route
- Profile update lives under /api/auth/profile since it requires authentication context
- Public setup route registered before /:id in setups.ts to prevent route conflict
## Deviations from Plan
### Auto-fixed Issues
**1. [Rule 3 - Blocking] Added getOrCreateUncategorized to category service**
- **Found during:** Task 2
- **Issue:** Auth middleware imports getOrCreateUncategorized from category.service.ts but the function didn't exist (was expected from Phase 16 multi-user conversion)
- **Fix:** Added async getOrCreateUncategorized function that finds or creates the "Uncategorized" category for a user
- **Files modified:** src/server/services/category.service.ts
- **Commit:** eb8f4b7
**2. [Rule 1 - Bug] Handle empty update in updateProfile**
- **Found during:** Task 1 GREEN phase
- **Issue:** Drizzle throws "No values to set" when .set() receives an empty object
- **Fix:** Added check for empty updates, returning existing user without running update query
- **Files modified:** src/server/services/profile.service.ts
- **Commit:** 854811d
## Issues Encountered
None beyond the auto-fixed deviations above.
## Known Stubs
None - all endpoints are fully wired to service functions with real database operations.
## Next Phase Readiness
- Profile backend complete for Plan 18-04 (client-side profile pages)
- Public setup view ready for Plan 18-05 (discovery feed)
- All service functions exported and tested for downstream consumption
## Self-Check: PASSED
---
*Phase: 18-global-items-public-profiles*
*Completed: 2026-04-05*

232
src/db/schema.ts
View File

@@ -1,58 +1,90 @@
import { integer, real, sqliteTable, text } from "drizzle-orm/sqlite-core";
import {
boolean,
doublePrecision,
integer,
pgTable,
primaryKey,
serial,
text,
timestamp,
unique,
} from "drizzle-orm/pg-core";
export const categories = sqliteTable("categories", {
id: integer("id").primaryKey({ autoIncrement: true }),
name: text("name").notNull().unique(),
icon: text("icon").notNull().default("package"),
createdAt: integer("created_at", { mode: "timestamp" })
.notNull()
.$defaultFn(() => new Date()),
// ── Users ───────────────────────────────────────────────────────────
export const users = pgTable("users", {
id: serial("id").primaryKey(),
logtoSub: text("logto_sub").notNull().unique(),
displayName: text("display_name"),
avatarUrl: text("avatar_url"),
bio: text("bio"),
createdAt: timestamp("created_at").defaultNow().notNull(),
});
export const items = sqliteTable("items", {
id: integer("id").primaryKey({ autoIncrement: true }),
// ── Categories ──────────────────────────────────────────────────────
export const categories = pgTable(
"categories",
{
id: serial("id").primaryKey(),
name: text("name").notNull(),
icon: text("icon").notNull().default("package"),
userId: integer("user_id")
.notNull()
.references(() => users.id),
createdAt: timestamp("created_at").defaultNow().notNull(),
},
(table) => [unique().on(table.userId, table.name)],
);
// ── Items ───────────────────────────────────────────────────────────
export const items = pgTable("items", {
id: serial("id").primaryKey(),
name: text("name").notNull(),
weightGrams: real("weight_grams"),
weightGrams: doublePrecision("weight_grams"),
priceCents: integer("price_cents"),
categoryId: integer("category_id")
.notNull()
.references(() => categories.id),
userId: integer("user_id")
.notNull()
.references(() => users.id),
notes: text("notes"),
productUrl: text("product_url"),
imageFilename: text("image_filename"),
imageSourceUrl: text("image_source_url"),
quantity: integer("quantity").notNull().default(1),
createdAt: integer("created_at", { mode: "timestamp" })
.notNull()
.$defaultFn(() => new Date()),
updatedAt: integer("updated_at", { mode: "timestamp" })
.notNull()
.$defaultFn(() => new Date()),
createdAt: timestamp("created_at").defaultNow().notNull(),
updatedAt: timestamp("updated_at").defaultNow().notNull(),
});
export const threads = sqliteTable("threads", {
id: integer("id").primaryKey({ autoIncrement: true }),
// ── Threads ─────────────────────────────────────────────────────────
export const threads = pgTable("threads", {
id: serial("id").primaryKey(),
name: text("name").notNull(),
status: text("status").notNull().default("active"),
resolvedCandidateId: integer("resolved_candidate_id"),
categoryId: integer("category_id")
.notNull()
.references(() => categories.id),
createdAt: integer("created_at", { mode: "timestamp" })
userId: integer("user_id")
.notNull()
.$defaultFn(() => new Date()),
updatedAt: integer("updated_at", { mode: "timestamp" })
.notNull()
.$defaultFn(() => new Date()),
.references(() => users.id),
createdAt: timestamp("created_at").defaultNow().notNull(),
updatedAt: timestamp("updated_at").defaultNow().notNull(),
});
export const threadCandidates = sqliteTable("thread_candidates", {
id: integer("id").primaryKey({ autoIncrement: true }),
// ── Thread Candidates ───────────────────────────────────────────────
export const threadCandidates = pgTable("thread_candidates", {
id: serial("id").primaryKey(),
threadId: integer("thread_id")
.notNull()
.references(() => threads.id, { onDelete: "cascade" }),
name: text("name").notNull(),
weightGrams: real("weight_grams"),
weightGrams: doublePrecision("weight_grams"),
priceCents: integer("price_cents"),
categoryId: integer("category_id")
.notNull()
@@ -64,28 +96,28 @@ export const threadCandidates = sqliteTable("thread_candidates", {
status: text("status").notNull().default("researching"),
pros: text("pros"),
cons: text("cons"),
sortOrder: real("sort_order").notNull().default(0),
createdAt: integer("created_at", { mode: "timestamp" })
.notNull()
.$defaultFn(() => new Date()),
updatedAt: integer("updated_at", { mode: "timestamp" })
.notNull()
.$defaultFn(() => new Date()),
sortOrder: doublePrecision("sort_order").notNull().default(0),
createdAt: timestamp("created_at").defaultNow().notNull(),
updatedAt: timestamp("updated_at").defaultNow().notNull(),
});
export const setups = sqliteTable("setups", {
id: integer("id").primaryKey({ autoIncrement: true }),
// ── Setups ──────────────────────────────────────────────────────────
export const setups = pgTable("setups", {
id: serial("id").primaryKey(),
name: text("name").notNull(),
createdAt: integer("created_at", { mode: "timestamp" })
userId: integer("user_id")
.notNull()
.$defaultFn(() => new Date()),
updatedAt: integer("updated_at", { mode: "timestamp" })
.notNull()
.$defaultFn(() => new Date()),
.references(() => users.id),
isPublic: boolean("is_public").notNull().default(false),
createdAt: timestamp("created_at").defaultNow().notNull(),
updatedAt: timestamp("updated_at").defaultNow().notNull(),
});
export const setupItems = sqliteTable("setup_items", {
id: integer("id").primaryKey({ autoIncrement: true }),
// ── Setup Items ─────────────────────────────────────────────────────
export const setupItems = pgTable("setup_items", {
id: serial("id").primaryKey(),
setupId: integer("setup_id")
.notNull()
.references(() => setups.id, { onDelete: "cascade" }),
@@ -95,54 +127,24 @@ export const setupItems = sqliteTable("setup_items", {
classification: text("classification").notNull().default("base"),
});
export const settings = sqliteTable("settings", {
key: text("key").primaryKey(),
value: text("value").notNull(),
});
// ── Global Items ────────────────────────────────────────────────────
export const users = sqliteTable("users", {
id: integer("id").primaryKey({ autoIncrement: true }),
username: text("username").notNull().unique(),
passwordHash: text("password_hash").notNull(),
createdAt: integer("created_at", { mode: "timestamp" })
.notNull()
.$defaultFn(() => new Date()),
});
export const sessions = sqliteTable("sessions", {
id: text("id").primaryKey(),
userId: integer("user_id")
.notNull()
.references(() => users.id, { onDelete: "cascade" }),
expiresAt: integer("expires_at", { mode: "timestamp" }).notNull(),
});
export const apiKeys = sqliteTable("api_keys", {
id: integer("id").primaryKey({ autoIncrement: true }),
name: text("name").notNull(),
keyHash: text("key_hash").notNull(),
keyPrefix: text("key_prefix").notNull(),
createdAt: integer("created_at", { mode: "timestamp" })
.notNull()
.$defaultFn(() => new Date()),
});
export const globalItems = sqliteTable("global_items", {
id: integer("id").primaryKey({ autoIncrement: true }),
export const globalItems = pgTable("global_items", {
id: serial("id").primaryKey(),
brand: text("brand").notNull(),
model: text("model").notNull(),
category: text("category"),
weightGrams: real("weight_grams"),
weightGrams: doublePrecision("weight_grams"),
priceCents: integer("price_cents"),
imageUrl: text("image_url"),
description: text("description"),
createdAt: integer("created_at", { mode: "timestamp" })
.notNull()
.$defaultFn(() => new Date()),
createdAt: timestamp("created_at").defaultNow().notNull(),
});
export const itemGlobalLinks = sqliteTable("item_global_links", {
id: integer("id").primaryKey({ autoIncrement: true }),
// ── Item Global Links ───────────────────────────────────────────────
export const itemGlobalLinks = pgTable("item_global_links", {
id: serial("id").primaryKey(),
itemId: integer("item_id")
.notNull()
.references(() => items.id, { onDelete: "cascade" })
@@ -152,37 +154,69 @@ export const itemGlobalLinks = sqliteTable("item_global_links", {
.references(() => globalItems.id, { onDelete: "cascade" }),
});
export const oauthClients = sqliteTable("oauth_clients", {
id: integer("id").primaryKey({ autoIncrement: true }),
// ── Settings ────────────────────────────────────────────────────────
export const settings = pgTable(
"settings",
{
userId: integer("user_id")
.notNull()
.references(() => users.id),
key: text("key").notNull(),
value: text("value").notNull(),
},
(table) => [primaryKey({ columns: [table.userId, table.key] })],
);
// ── API Keys ────────────────────────────────────────────────────────
export const apiKeys = pgTable("api_keys", {
id: serial("id").primaryKey(),
name: text("name").notNull(),
keyHash: text("key_hash").notNull(),
keyPrefix: text("key_prefix").notNull(),
userId: integer("user_id")
.notNull()
.references(() => users.id),
createdAt: timestamp("created_at").defaultNow().notNull(),
});
// ── OAuth Clients ───────────────────────────────────────────────────
export const oauthClients = pgTable("oauth_clients", {
id: serial("id").primaryKey(),
clientId: text("client_id").notNull().unique(),
clientName: text("client_name"),
redirectUris: text("redirect_uris").notNull(), // JSON array
createdAt: integer("created_at", { mode: "timestamp" })
.notNull()
.$defaultFn(() => new Date()),
createdAt: timestamp("created_at").defaultNow().notNull(),
});
export const oauthCodes = sqliteTable("oauth_codes", {
id: integer("id").primaryKey({ autoIncrement: true }),
// ── OAuth Authorization Codes ───────────────────────────────────────
export const oauthCodes = pgTable("oauth_codes", {
id: serial("id").primaryKey(),
code: text("code").notNull().unique(),
clientId: text("client_id").notNull(),
codeChallenge: text("code_challenge").notNull(),
codeChallengeMethod: text("code_challenge_method").notNull().default("S256"),
codeChallengeMethod: text("code_challenge_method")
.notNull()
.default("S256"),
redirectUri: text("redirect_uri").notNull(),
expiresAt: integer("expires_at", { mode: "timestamp" }).notNull(),
expiresAt: timestamp("expires_at").notNull(),
used: integer("used").notNull().default(0),
});
export const oauthTokens = sqliteTable("oauth_tokens", {
id: integer("id").primaryKey({ autoIncrement: true }),
// ── OAuth Tokens ────────────────────────────────────────────────────
export const oauthTokens = pgTable("oauth_tokens", {
id: serial("id").primaryKey(),
accessTokenHash: text("access_token_hash").notNull().unique(),
refreshTokenHash: text("refresh_token_hash").notNull().unique(),
clientId: text("client_id").notNull(),
expiresAt: integer("expires_at", { mode: "timestamp" }).notNull(), // access token expiry
refreshExpiresAt: integer("refresh_expires_at", {
mode: "timestamp",
}).notNull(), // refresh token expiry
createdAt: integer("created_at", { mode: "timestamp" })
userId: integer("user_id")
.notNull()
.$defaultFn(() => new Date()),
.references(() => users.id),
expiresAt: timestamp("expires_at").notNull(),
refreshExpiresAt: timestamp("refresh_expires_at").notNull(),
createdAt: timestamp("created_at").defaultNow().notNull(),
});

18
src/db/seed.ts
View File

@@ -1,18 +1,4 @@
import { db } from "./index.ts";
import { categories } from "./schema.ts";
import { seedGlobalItems } from "./seed-global-items.ts";
export function seedDefaults() {
const existing = db.select().from(categories).all();
if (existing.length === 0) {
db.insert(categories)
.values({
name: "Uncategorized",
icon: "package",
})
.run();
}
// Seed global items catalog
seedGlobalItems(db);
// Per-user default categories are created on first login (Phase 16)
// The getOrCreateUncategorized helper in category.service.ts handles this lazily.
}

12
src/server/index.ts
View File

@@ -13,10 +13,10 @@ import { requireAuth } from "./middleware/auth.ts";
import { authRoutes } from "./routes/auth.ts";
import { categoryRoutes } from "./routes/categories.ts";
import { imageRoutes } from "./routes/images.ts";
import { globalItemRoutes } from "./routes/global-items.ts";
import { itemRoutes } from "./routes/items.ts";
import { oauthRoutes, wellKnownRoute } from "./routes/oauth.ts";
import { settingsRoutes } from "./routes/settings.ts";
import { profileRoutes } from "./routes/profiles.ts";
import { setupRoutes } from "./routes/setups.ts";
import { threadRoutes } from "./routes/threads.ts";
import { totalRoutes } from "./routes/totals.ts";
@@ -74,7 +74,13 @@ app.use("/api/*", async (c, next) => {
if (c.req.path.startsWith("/api/auth")) return next();
// Skip health check
if (c.req.path === "/api/health") return next();
// All methods require auth for userId resolution
// Skip public profile endpoint (GET /api/users/:id/profile)
if (/^\/api\/users\/\d+\/profile$/.test(c.req.path) && c.req.method === "GET")
return next();
// Skip public setup view (GET /api/setups/:id/public)
if (/^\/api\/setups\/\d+\/public$/.test(c.req.path) && c.req.method === "GET")
return next();
// All other methods require auth for userId resolution
return requireAuth(c, next);
});
@@ -86,8 +92,8 @@ app.route("/api/totals", totalRoutes);
app.route("/api/images", imageRoutes);
app.route("/api/settings", settingsRoutes);
app.route("/api/threads", threadRoutes);
app.route("/api/users", profileRoutes);
app.route("/api/setups", setupRoutes);
app.route("/api/global-items", globalItemRoutes);
// MCP server (conditionally mounted)
if (process.env.GEARBOX_MCP !== "false") {

18
src/server/routes/auth.ts
View File

@@ -9,6 +9,8 @@ import {
deleteApiKey,
listApiKeys,
} from "../services/auth.service.ts";
import { updateProfile } from "../services/profile.service.ts";
import { updateProfileSchema } from "../../shared/schemas.ts";
type Env = { Variables: { db?: any; userId?: number } };
@@ -69,4 +71,20 @@ app.delete("/keys/:id", requireAuth, async (c) => {
return c.json({ ok: true });
});
// ── Profile Update (protected) ──────────────────────────────────────
app.put(
"/profile",
requireAuth,
zValidator("json", updateProfileSchema),
async (c) => {
const db = c.get("db");
const userId = c.get("userId")!;
const data = c.req.valid("json");
const updated = await updateProfile(db, userId, data);
if (!updated) return c.json({ error: "User not found" }, 404);
return c.json(updated);
},
);
export const authRoutes = app;

21
src/server/routes/profiles.ts Normal file
View File

@@ -0,0 +1,21 @@
import { Hono } from "hono";
import { parseId } from "../lib/params.ts";
import { getPublicProfile } from "../services/profile.service.ts";
type Env = { Variables: { db?: any; userId?: number } };
const app = new Hono<Env>();
// GET /:id/profile — Public profile (no auth required)
app.get("/:id/profile", async (c) => {
const db = c.get("db");
const id = parseId(c.req.param("id"));
if (!id) return c.json({ error: "Invalid user ID" }, 400);
const profile = await getPublicProfile(db, id);
if (!profile) return c.json({ error: "User not found" }, 404);
return c.json(profile);
});
export { app as profileRoutes };

11
src/server/routes/setups.ts
View File

@@ -8,6 +8,7 @@ import {
} from "../../shared/schemas.ts";
import { parseId } from "../lib/params.ts";
import { withImageUrls } from "../services/storage.service.ts";
import { getPublicSetupWithItems } from "../services/profile.service.ts";
import {
createSetup,
deleteSetup,
@@ -40,6 +41,16 @@ app.post("/", zValidator("json", createSetupSchema), async (c) => {
return c.json(setup, 201);
});
// Public setup view (no auth required — skipped in index.ts middleware)
app.get("/:id/public", async (c) => {
const db = c.get("db");
const id = parseId(c.req.param("id"));
if (!id) return c.json({ error: "Invalid setup ID" }, 400);
const setup = await getPublicSetupWithItems(db, id);
if (!setup) return c.json({ error: "Setup not found" }, 404);
return c.json(setup);
});
app.get("/:id", async (c) => {
const db = c.get("db");
const userId = c.get("userId")!;

115
src/server/services/category.service.ts
View File

@@ -4,113 +4,92 @@ import { categories, items } from "../../db/schema.ts";
type Db = typeof prodDb;
export async function getOrCreateUncategorized(
db: Db,
userId: number,
): Promise<number> {
export async function getOrCreateUncategorized(db: Db, userId: number) {
const [existing] = await db
.select({ id: categories.id })
.select()
.from(categories)
.where(and(eq(categories.userId, userId), eq(categories.name, "Uncategorized")));
if (existing) return existing.id;
.where(
and(eq(categories.userId, userId), eq(categories.name, "Uncategorized")),
);
if (existing) return existing;
const [created] = await db
.insert(categories)
.values({ name: "Uncategorized", icon: "package", userId })
.returning({ id: categories.id });
return created.id;
.returning();
return created;
}
export async function getAllCategories(db: Db, userId: number) {
return db
.select()
.from(categories)
.where(eq(categories.userId, userId))
.orderBy(asc(categories.name));
export function getAllCategories(db: Db = prodDb) {
return db.select().from(categories).orderBy(asc(categories.name)).all();
}
export async function getCategoryById(db: Db, userId: number, id: number) {
const [row] = await db
.select()
.from(categories)
.where(and(eq(categories.id, id), eq(categories.userId, userId)));
return row ?? null;
}
export async function createCategory(
db: Db,
userId: number,
export function createCategory(
db: Db = prodDb,
data: { name: string; icon?: string },
) {
const [row] = await db
return db
.insert(categories)
.values({
name: data.name,
userId,
...(data.icon ? { icon: data.icon } : {}),
})
.returning();
return row;
.returning()
.get();
}
export async function updateCategory(
db: Db,
userId: number,
export function updateCategory(
db: Db = prodDb,
id: number,
data: { name?: string; icon?: string },
) {
const [existing] = await db
const existing = db
.select({ id: categories.id })
.from(categories)
.where(and(eq(categories.id, id), eq(categories.userId, userId)));
.where(eq(categories.id, id))
.get();
if (!existing) return null;
const [row] = await db
return db
.update(categories)
.set(data)
.where(and(eq(categories.id, id), eq(categories.userId, userId)))
.returning();
return row;
.where(eq(categories.id, id))
.returning()
.get();
}
export async function deleteCategory(
db: Db,
userId: number,
export function deleteCategory(
db: Db = prodDb,
id: number,
): Promise<{ success: boolean; error?: string }> {
// Check if this is the Uncategorized category for this user
const [existing] = await db
.select({ id: categories.id, name: categories.name })
.from(categories)
.where(and(eq(categories.id, id), eq(categories.userId, userId)));
if (!existing) {
return { success: false, error: "Category not found" };
}
if (existing.name === "Uncategorized") {
): { success: boolean; error?: string } {
// Guard: cannot delete Uncategorized (id=1)
if (id === 1) {
return {
success: false,
error: "Cannot delete the Uncategorized category",
};
}
// Get or create Uncategorized for this user (dynamic, not hardcoded ID)
const uncategorizedId = await getOrCreateUncategorized(db, userId);
// Check if category exists
const existing = db
.select({ id: categories.id })
.from(categories)
.where(eq(categories.id, id))
.get();
// Reassign this user's items to Uncategorized, then delete atomically
await db.transaction(async (tx) => {
await tx
.update(items)
.set({ categoryId: uncategorizedId })
.where(and(eq(items.categoryId, id), eq(items.userId, userId)));
if (!existing) {
return { success: false, error: "Category not found" };
}
await tx
.delete(categories)
.where(and(eq(categories.id, id), eq(categories.userId, userId)));
// Reassign items to Uncategorized (id=1), then delete atomically
db.transaction(() => {
db.update(items)
.set({ categoryId: 1 })
.where(eq(items.categoryId, id))
.run();
db.delete(categories).where(eq(categories.id, id)).run();
});
return { success: true };

108
src/server/services/profile.service.ts Normal file
View File

@@ -0,0 +1,108 @@
import { and, eq, sql } from "drizzle-orm";
import { db as prodDb } from "../../db/index.ts";
import {
categories,
items,
setupItems,
setups,
users,
} from "../../db/schema.ts";
import type { UpdateProfile } from "../../shared/types.ts";
type Db = typeof prodDb;
export async function updateProfile(
db: Db,
userId: number,
data: UpdateProfile,
) {
const [existing] = await db
.select()
.from(users)
.where(eq(users.id, userId));
if (!existing) return null;
// If no fields to update, return existing user
const hasUpdates = Object.values(data).some((v) => v !== undefined);
if (!hasUpdates) return existing;
const [updated] = await db
.update(users)
.set(data)
.where(eq(users.id, userId))
.returning();
return updated;
}
export async function getPublicProfile(db: Db, userId: number) {
const [user] = await db
.select({
id: users.id,
displayName: users.displayName,
avatarUrl: users.avatarUrl,
bio: users.bio,
})
.from(users)
.where(eq(users.id, userId));
if (!user) return null;
const publicSetups = await db
.select({
id: setups.id,
name: setups.name,
createdAt: setups.createdAt,
itemCount: sql<number>`COALESCE((
SELECT COUNT(*) FROM setup_items
WHERE setup_items.setup_id = setups.id
), 0)`.as("item_count"),
totalWeight: sql<number>`COALESCE((
SELECT SUM(items.weight_grams * items.quantity) FROM setup_items
JOIN items ON items.id = setup_items.item_id
WHERE setup_items.setup_id = setups.id
), 0)`.as("total_weight"),
totalCost: sql<number>`COALESCE((
SELECT SUM(items.price_cents * items.quantity) FROM setup_items
JOIN items ON items.id = setup_items.item_id
WHERE setup_items.setup_id = setups.id
), 0)`.as("total_cost"),
})
.from(setups)
.where(and(eq(setups.userId, userId), eq(setups.isPublic, true)));
return { ...user, setups: publicSetups };
}
export async function getPublicSetupWithItems(db: Db, setupId: number) {
const [setup] = await db
.select()
.from(setups)
.where(and(eq(setups.id, setupId), eq(setups.isPublic, true)));
if (!setup) return null;
const itemList = await db
.select({
id: items.id,
name: items.name,
weightGrams: items.weightGrams,
priceCents: items.priceCents,
quantity: items.quantity,
categoryId: items.categoryId,
notes: items.notes,
productUrl: items.productUrl,
imageFilename: items.imageFilename,
createdAt: items.createdAt,
updatedAt: items.updatedAt,
categoryName: categories.name,
categoryIcon: categories.icon,
classification: setupItems.classification,
})
.from(setupItems)
.innerJoin(items, eq(setupItems.itemId, items.id))
.innerJoin(categories, eq(items.categoryId, categories.id))
.where(eq(setupItems.setupId, setupId));
return { ...setup, items: itemList };
}

13
src/server/services/setup.service.ts
View File

@@ -12,7 +12,7 @@ export async function createSetup(
) {
const [row] = await db
.insert(setups)
.values({ name: data.name, userId })
.values({ name: data.name, userId, isPublic: data.isPublic ?? false })
.returning();
return row;
@@ -23,6 +23,7 @@ export async function getAllSetups(db: Db, userId: number) {
.select({
id: setups.id,
name: setups.name,
isPublic: setups.isPublic,
createdAt: setups.createdAt,
updatedAt: setups.updatedAt,
itemCount: sql<number>`COALESCE((
@@ -92,9 +93,17 @@ export async function updateSetup(
.where(and(eq(setups.id, setupId), eq(setups.userId, userId)));
if (!existing) return null;
const updateData: Record<string, unknown> = {
name: data.name,
updatedAt: new Date(),
};
if (data.isPublic !== undefined) {
updateData.isPublic = data.isPublic;
}
const [row] = await db
.update(setups)
.set({ name: data.name, updatedAt: new Date() })
.set(updateData)
.where(and(eq(setups.id, setupId), eq(setups.userId, userId)))
.returning();

9
src/shared/schemas.ts
View File

@@ -73,10 +73,12 @@ export const reorderCandidatesSchema = z.object({
// Setup schemas
export const createSetupSchema = z.object({
name: z.string().min(1, "Setup name is required"),
isPublic: z.boolean().optional().default(false),
});
export const updateSetupSchema = z.object({
name: z.string().min(1, "Setup name is required"),
isPublic: z.boolean().optional(),
});
export const syncSetupItemsSchema = z.object({
@@ -98,3 +100,10 @@ export const searchGlobalItemsSchema = z.object({
export const linkItemSchema = z.object({
globalItemId: z.number().int().positive(),
});
// Profile schemas
export const updateProfileSchema = z.object({
displayName: z.string().max(100).optional(),
avatarUrl: z.string().optional(),
bio: z.string().max(500).optional(),
});

8
src/shared/types.ts
View File

@@ -24,6 +24,7 @@ import type {
updateCategorySchema,
updateClassificationSchema,
updateItemSchema,
updateProfileSchema,
updateSetupSchema,
updateThreadSchema,
} from "./schemas.ts";
@@ -46,6 +47,11 @@ export type UpdateSetup = z.infer<typeof updateSetupSchema>;
export type SyncSetupItems = z.infer<typeof syncSetupItemsSchema>;
export type UpdateClassification = z.infer<typeof updateClassificationSchema>;
// Global item types
export type SearchGlobalItems = z.infer<typeof searchGlobalItemsSchema>;
export type LinkItem = z.infer<typeof linkItemSchema>;
export type UpdateProfile = z.infer<typeof updateProfileSchema>;
// Types inferred from Drizzle schema
export type Item = typeof items.$inferSelect;
export type Category = typeof categories.$inferSelect;
@@ -55,5 +61,3 @@ export type Setup = typeof setups.$inferSelect;
export type SetupItem = typeof setupItems.$inferSelect;
export type GlobalItem = typeof globalItems.$inferSelect;
export type ItemGlobalLink = typeof itemGlobalLinks.$inferSelect;
export type SearchGlobalItems = z.infer<typeof searchGlobalItemsSchema>;
export type LinkItem = z.infer<typeof linkItemSchema>;

250
tests/routes/profiles.test.ts Normal file
View File

@@ -0,0 +1,250 @@
import { beforeEach, describe, expect, it } from "bun:test";
import { eq } from "drizzle-orm";
import { Hono } from "hono";
import * as schema from "../../src/db/schema.ts";
import { updateProfileSchema } from "../../src/shared/schemas.ts";
import { profileRoutes } from "../../src/server/routes/profiles.ts";
import { setupRoutes } from "../../src/server/routes/setups.ts";
import { getPublicSetupWithItems } from "../../src/server/services/profile.service.ts";
import { updateProfile } from "../../src/server/services/profile.service.ts";
import { createTestDb } from "../helpers/db.ts";
import { zValidator } from "@hono/zod-validator";
import { parseId } from "../../src/server/lib/params.ts";
type Db = Awaited<ReturnType<typeof createTestDb>>["db"];
/**
* Creates a test app with authenticated routes.
* Auth middleware is simulated by always injecting userId.
*/
async function createTestApp() {
const { db, userId } = await createTestDb();
const app = new Hono();
// Inject db for all routes
app.use("*", async (c, next) => {
c.set("db", db);
c.set("userId", userId);
await next();
});
// Public routes
app.route("/api/users", profileRoutes);
// Profile update on auth routes (inline to avoid requireAuth in tests)
app.put(
"/api/auth/profile",
zValidator("json", updateProfileSchema),
async (c) => {
const testDb = c.get("db");
const uid = c.get("userId")!;
const data = c.req.valid("json");
const updated = await updateProfile(testDb, uid, data);
if (!updated) return c.json({ error: "User not found" }, 404);
return c.json(updated);
},
);
// Setup routes including /:id/public
app.route("/api/setups", setupRoutes);
return { app, db, userId };
}
/**
* Creates a test app WITHOUT auth — no userId injected.
* Public routes should still work; protected routes should fail.
*/
async function createNoAuthTestApp() {
const { db, userId } = await createTestDb();
const app = new Hono();
app.use("*", async (c, next) => {
c.set("db", db);
// No userId set — simulates unauthenticated request
await next();
});
// Public routes (work without auth)
app.route("/api/users", profileRoutes);
// Protected profile update — simulates auth rejection
app.put("/api/auth/profile", async (c) => {
const uid = c.get("userId");
if (!uid) return c.json({ error: "Authentication required" }, 401);
return c.json({ error: "Unexpected" }, 500);
});
app.route("/api/setups", setupRoutes);
return { app, db, userId };
}
describe("Profile Routes", () => {
let app: Hono;
let db: Db;
let userId: number;
beforeEach(async () => {
const testData = await createTestApp();
app = testData.app;
db = testData.db;
userId = testData.userId;
});
describe("GET /api/users/:id/profile", () => {
it("returns 200 with profile data without auth", async () => {
// Set up profile data
await db
.update(schema.users)
.set({ displayName: "Alice", bio: "Bikepacker" })
.where(eq(schema.users.id, userId));
const res = await app.request(`/api/users/${userId}/profile`);
expect(res.status).toBe(200);
const body = await res.json();
expect(body.id).toBe(userId);
expect(body.displayName).toBe("Alice");
expect(body.bio).toBe("Bikepacker");
expect(body.setups).toEqual([]);
});
it("includes only public setups", async () => {
// Create public and private setups
await db
.insert(schema.setups)
.values([
{ name: "Public Setup", userId, isPublic: true },
{ name: "Private Setup", userId, isPublic: false },
]);
const res = await app.request(`/api/users/${userId}/profile`);
expect(res.status).toBe(200);
const body = await res.json();
expect(body.setups).toHaveLength(1);
expect(body.setups[0].name).toBe("Public Setup");
});
it("returns 404 for non-existent user", async () => {
const res = await app.request("/api/users/99999/profile");
expect(res.status).toBe(404);
});
it("returns 400 for invalid user ID", async () => {
const res = await app.request("/api/users/abc/profile");
expect(res.status).toBe(400);
});
});
describe("PUT /api/auth/profile", () => {
it("returns 200 with updated fields when authenticated", async () => {
const res = await app.request("/api/auth/profile", {
method: "PUT",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({
displayName: "Alice",
bio: "Loves bikepacking",
}),
});
expect(res.status).toBe(200);
const body = await res.json();
expect(body.displayName).toBe("Alice");
expect(body.bio).toBe("Loves bikepacking");
});
it("returns 401 without auth", async () => {
const { app: noAuthApp } = await createNoAuthTestApp();
const res = await noAuthApp.request("/api/auth/profile", {
method: "PUT",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ displayName: "Alice" }),
});
expect(res.status).toBe(401);
});
});
});
describe("Public Setup Routes", () => {
let app: Hono;
let db: Db;
let userId: number;
beforeEach(async () => {
const testData = await createTestApp();
app = testData.app;
db = testData.db;
userId = testData.userId;
});
describe("GET /api/setups/:id/public", () => {
it("returns 200 for public setup without auth", async () => {
const [setup] = await db
.insert(schema.setups)
.values({ name: "My Public Setup", userId, isPublic: true })
.returning();
const res = await app.request(`/api/setups/${setup.id}/public`);
expect(res.status).toBe(200);
const body = await res.json();
expect(body.name).toBe("My Public Setup");
expect(body.isPublic).toBe(true);
expect(body.items).toBeDefined();
});
it("returns 200 for public setup with items", async () => {
const [setup] = await db
.insert(schema.setups)
.values({ name: "Loaded Setup", userId, isPublic: true })
.returning();
const [cat] = await db
.select()
.from(schema.categories)
.where(eq(schema.categories.userId, userId));
const [item] = await db
.insert(schema.items)
.values({
name: "Tent",
categoryId: cat.id,
userId,
weightGrams: 1200,
priceCents: 30000,
})
.returning();
await db.insert(schema.setupItems).values({
setupId: setup.id,
itemId: item.id,
});
const res = await app.request(`/api/setups/${setup.id}/public`);
expect(res.status).toBe(200);
const body = await res.json();
expect(body.items).toHaveLength(1);
expect(body.items[0].name).toBe("Tent");
});
it("returns 404 for private setup", async () => {
const [setup] = await db
.insert(schema.setups)
.values({ name: "Private Setup", userId, isPublic: false })
.returning();
const res = await app.request(`/api/setups/${setup.id}/public`);
expect(res.status).toBe(404);
});
it("returns 404 for non-existent setup", async () => {
const res = await app.request("/api/setups/99999/public");
expect(res.status).toBe(404);
});
});
});

197
tests/services/profile.service.test.ts Normal file
View File

@@ -0,0 +1,197 @@
import { beforeEach, describe, expect, it } from "bun:test";
import { eq } from "drizzle-orm";
import * as schema from "../../src/db/schema.ts";
import {
getPublicProfile,
getPublicSetupWithItems,
updateProfile,
} from "../../src/server/services/profile.service.ts";
import {
createSetup,
getAllSetups,
getSetupWithItems,
updateSetup,
} from "../../src/server/services/setup.service.ts";
import { createSecondTestUser, createTestDb } from "../helpers/db.ts";
type Db = Awaited<ReturnType<typeof createTestDb>>["db"];
describe("Profile Service", () => {
let db: Db;
let userId: number;
beforeEach(async () => {
const testData = await createTestDb();
db = testData.db;
userId = testData.userId;
});
describe("updateProfile", () => {
it("updates displayName and returns updated user", async () => {
const result = await updateProfile(db, userId, {
displayName: "Alice",
});
expect(result).not.toBeNull();
expect(result!.displayName).toBe("Alice");
});
it("updates bio only, leaves other fields untouched", async () => {
await updateProfile(db, userId, { displayName: "Alice" });
const result = await updateProfile(db, userId, { bio: "Bikepacker" });
expect(result).not.toBeNull();
expect(result!.bio).toBe("Bikepacker");
expect(result!.displayName).toBe("Alice");
});
it("handles empty update without error", async () => {
const result = await updateProfile(db, userId, {});
expect(result).not.toBeNull();
expect(result!.id).toBe(userId);
});
it("returns null for non-existent user", async () => {
const result = await updateProfile(db, 99999, {
displayName: "Ghost",
});
expect(result).toBeNull();
});
});
describe("getPublicProfile", () => {
it("returns user profile with empty setups when none exist", async () => {
await updateProfile(db, userId, {
displayName: "Alice",
bio: "Bikepacker",
});
const profile = await getPublicProfile(db, userId);
expect(profile).not.toBeNull();
expect(profile!.displayName).toBe("Alice");
expect(profile!.bio).toBe("Bikepacker");
expect(profile!.setups).toEqual([]);
});
it("returns only public setups, not private ones", async () => {
// Create one public and one private setup
const pub = await createSetup(db, userId, { name: "Public Setup", isPublic: true });
const priv = await createSetup(db, userId, { name: "Private Setup" });
const profile = await getPublicProfile(db, userId);
expect(profile).not.toBeNull();
expect(profile!.setups).toHaveLength(1);
expect(profile!.setups[0].name).toBe("Public Setup");
});
it("returns null for non-existent user", async () => {
const profile = await getPublicProfile(db, 99999);
expect(profile).toBeNull();
});
});
describe("getPublicSetupWithItems", () => {
it("returns setup with items when isPublic is true", async () => {
const setup = await createSetup(db, userId, {
name: "Public Setup",
isPublic: true,
});
// Create an item and add to setup
const [cat] = await db
.select()
.from(schema.categories)
.where(eq(schema.categories.userId, userId));
const [item] = await db
.insert(schema.items)
.values({
name: "Tent",
categoryId: cat.id,
userId,
weightGrams: 1200,
priceCents: 30000,
})
.returning();
await db.insert(schema.setupItems).values({
setupId: setup.id,
itemId: item.id,
});
const result = await getPublicSetupWithItems(db, setup.id);
expect(result).not.toBeNull();
expect(result!.name).toBe("Public Setup");
expect(result!.items).toHaveLength(1);
expect(result!.items[0].name).toBe("Tent");
});
it("returns null when isPublic is false", async () => {
const setup = await createSetup(db, userId, {
name: "Private Setup",
});
const result = await getPublicSetupWithItems(db, setup.id);
expect(result).toBeNull();
});
it("returns null for non-existent setup", async () => {
const result = await getPublicSetupWithItems(db, 99999);
expect(result).toBeNull();
});
});
});
describe("Setup Service - isPublic", () => {
let db: Db;
let userId: number;
beforeEach(async () => {
const testData = await createTestDb();
db = testData.db;
userId = testData.userId;
});
it("createSetup persists isPublic when true", async () => {
const setup = await createSetup(db, userId, {
name: "Public",
isPublic: true,
});
expect(setup.isPublic).toBe(true);
});
it("createSetup defaults isPublic to false", async () => {
const setup = await createSetup(db, userId, { name: "Private" });
expect(setup.isPublic).toBe(false);
});
it("updateSetup can toggle isPublic", async () => {
const setup = await createSetup(db, userId, { name: "Test" });
expect(setup.isPublic).toBe(false);
const updated = await updateSetup(db, userId, setup.id, {
name: "Test",
isPublic: true,
});
expect(updated).not.toBeNull();
expect(updated!.isPublic).toBe(true);
});
it("getAllSetups includes isPublic in response", async () => {
await createSetup(db, userId, { name: "Public", isPublic: true });
await createSetup(db, userId, { name: "Private" });
const setups = await getAllSetups(db, userId);
expect(setups).toHaveLength(2);
const pub = setups.find((s) => s.name === "Public");
const priv = setups.find((s) => s.name === "Private");
expect(pub!.isPublic).toBe(true);
expect(priv!.isPublic).toBe(false);
});
it("getSetupWithItems includes isPublic", async () => {
const setup = await createSetup(db, userId, {
name: "Test",
isPublic: true,
});
const result = await getSetupWithItems(db, userId, setup.id);
expect(result).not.toBeNull();
expect(result!.isPublic).toBe(true);
});
});