diff --git a/backend/.env.example b/backend/.env.example new file mode 100644 index 0000000..e9e2965 --- /dev/null +++ b/backend/.env.example @@ -0,0 +1,34 @@ +# Supabase +SUPABASE_URL=https://your-project.supabase.co +SUPABASE_SERVICE_KEY=your-service-key +SUPABASE_DB_PASSWORD=your-db-password + +# JWT +JWT_SECRET=your-jwt-secret +JWT_EXPIRES_IN=7d + +# Server +PORT=3010 +NODE_ENV=production + +# Brevo Email +BREVO_API_KEY=your-brevo-key +BREVO_SENDER_EMAIL=noreply@wellnuo.com +BREVO_SENDER_NAME=WellNuo + +# Frontend URL (for password reset links) +FRONTEND_URL=https://wellnuo.smartlaunchhub.com + +# Stripe +STRIPE_PUBLISHABLE_KEY=pk_test_xxx +STRIPE_SECRET_KEY=sk_test_xxx +STRIPE_WEBHOOK_SECRET=whsec_xxx + +# Stripe Products & Prices +STRIPE_PRICE_STARTER_KIT=price_xxx +STRIPE_PRICE_PREMIUM=price_xxx +STRIPE_PRODUCT_STARTER_KIT=prod_xxx +STRIPE_PRODUCT_PREMIUM=prod_xxx + +# Admin +ADMIN_API_KEY=your-admin-api-key diff --git a/backend/.gitignore b/backend/.gitignore new file mode 100644 index 0000000..daf1dd0 --- /dev/null +++ b/backend/.gitignore @@ -0,0 +1,4 @@ +node_modules/ +.env +*.log +.DS_Store diff --git a/backend/migrations/001_password_resets.sql b/backend/migrations/001_password_resets.sql new file mode 100644 index 0000000..0d7dd4b --- /dev/null +++ b/backend/migrations/001_password_resets.sql @@ -0,0 +1,27 @@ +-- Create password_resets table for password recovery flow +CREATE TABLE IF NOT EXISTS password_resets ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + user_id INTEGER REFERENCES person_details(user_id), + token TEXT NOT NULL UNIQUE, + expires_at TIMESTAMPTZ NOT NULL, + used_at TIMESTAMPTZ, + created_at TIMESTAMPTZ DEFAULT NOW() +); + +-- Create indexes for faster lookups +CREATE INDEX IF NOT EXISTS idx_password_resets_token ON password_resets(token); +CREATE INDEX IF NOT EXISTS idx_password_resets_expires ON password_resets(expires_at); +CREATE INDEX IF NOT EXISTS idx_password_resets_user ON password_resets(user_id); + +-- Add RLS policies +ALTER TABLE password_resets ENABLE ROW LEVEL SECURITY; + +-- Allow service role full access +CREATE POLICY "Service role can manage password_resets" + ON password_resets + FOR ALL + USING (true) + WITH CHECK (true); + +-- Clean up expired tokens (optional: run periodically) +-- DELETE FROM password_resets WHERE expires_at < NOW() AND used_at IS NULL; diff --git a/backend/package-lock.json b/backend/package-lock.json new file mode 100644 index 0000000..dbbea24 --- /dev/null +++ b/backend/package-lock.json @@ -0,0 +1,1820 @@ +{ + "name": "wellnuo-api", + "version": "1.0.0", + "lockfileVersion": 3, + "requires": true, + "packages": { + "": { + "name": "wellnuo-api", + "version": "1.0.0", + "dependencies": { + "@supabase/supabase-js": "^2.39.0", + "bcryptjs": "^2.4.3", + "cors": "^2.8.5", + "dotenv": "^16.3.1", + "express": "^4.18.2", + "jsonwebtoken": "^9.0.2", + "multer": "^1.4.5-lts.1", + "pg": "^8.16.3", + "stripe": "^20.1.0" + }, + "devDependencies": { + "nodemon": "^3.0.2" + } + }, + "node_modules/@supabase/auth-js": { + "version": "2.89.0", + "resolved": "https://registry.npmjs.org/@supabase/auth-js/-/auth-js-2.89.0.tgz", + "integrity": "sha512-wiWZdz8WMad8LQdJMWYDZ2SJtZP5MwMqzQq3ehtW2ngiI3UTgbKiFrvMUUS3KADiVlk4LiGfODB2mrYx7w2f8w==", + "license": "MIT", + "dependencies": { + "tslib": "2.8.1" + }, + "engines": { + "node": ">=20.0.0" + } + }, + "node_modules/@supabase/functions-js": { + "version": "2.89.0", + "resolved": "https://registry.npmjs.org/@supabase/functions-js/-/functions-js-2.89.0.tgz", + "integrity": "sha512-XEueaC5gMe5NufNYfBh9kPwJlP5M2f+Ogr8rvhmRDAZNHgY6mI35RCkYDijd92pMcNM7g8pUUJov93UGUnqfyw==", + "license": "MIT", + "dependencies": { + "tslib": "2.8.1" + }, + "engines": { + "node": ">=20.0.0" + } + }, + "node_modules/@supabase/postgrest-js": { + "version": "2.89.0", + "resolved": "https://registry.npmjs.org/@supabase/postgrest-js/-/postgrest-js-2.89.0.tgz", + "integrity": "sha512-/b0fKrxV9i7RNOEXMno/I1862RsYhuUo+Q6m6z3ar1f4ulTMXnDfv0y4YYxK2POcgrOXQOgKYQx1eArybyNvtg==", + "license": "MIT", + "dependencies": { + "tslib": "2.8.1" + }, + "engines": { + "node": ">=20.0.0" + } + }, + "node_modules/@supabase/realtime-js": { + "version": "2.89.0", + "resolved": "https://registry.npmjs.org/@supabase/realtime-js/-/realtime-js-2.89.0.tgz", + "integrity": "sha512-aMOvfDb2a52u6PX6jrrjvACHXGV3zsOlWRzZsTIOAJa0hOVvRp01AwC1+nLTGUzxzezejrYeCX+KnnM1xHdl+w==", + "license": "MIT", + "dependencies": { + "@types/phoenix": "^1.6.6", + "@types/ws": "^8.18.1", + "tslib": "2.8.1", + "ws": "^8.18.2" + }, + "engines": { + "node": ">=20.0.0" + } + }, + "node_modules/@supabase/storage-js": { + "version": "2.89.0", + "resolved": "https://registry.npmjs.org/@supabase/storage-js/-/storage-js-2.89.0.tgz", + "integrity": "sha512-6zKcXofk/M/4Eato7iqpRh+B+vnxeiTumCIP+Tz26xEqIiywzD9JxHq+udRrDuv6hXE+pmetvJd8n5wcf4MFRQ==", + "license": "MIT", + "dependencies": { + "iceberg-js": "^0.8.1", + "tslib": "2.8.1" + }, + "engines": { + "node": ">=20.0.0" + } + }, + "node_modules/@supabase/supabase-js": { + "version": "2.89.0", + "resolved": "https://registry.npmjs.org/@supabase/supabase-js/-/supabase-js-2.89.0.tgz", + "integrity": "sha512-KlaRwSfFA0fD73PYVMHj5/iXFtQGCcX7PSx0FdQwYEEw9b2wqM7GxadY+5YwcmuEhalmjFB/YvqaoNVF+sWUlg==", + "license": "MIT", + "dependencies": { + "@supabase/auth-js": "2.89.0", + "@supabase/functions-js": "2.89.0", + "@supabase/postgrest-js": "2.89.0", + "@supabase/realtime-js": "2.89.0", + "@supabase/storage-js": "2.89.0" + }, + "engines": { + "node": ">=20.0.0" + } + }, + "node_modules/@types/node": { + "version": "25.0.3", + "resolved": "https://registry.npmjs.org/@types/node/-/node-25.0.3.tgz", + "integrity": "sha512-W609buLVRVmeW693xKfzHeIV6nJGGz98uCPfeXI1ELMLXVeKYZ9m15fAMSaUPBHYLGFsVRcMmSCksQOrZV9BYA==", + "license": "MIT", + "dependencies": { + "undici-types": "~7.16.0" + } + }, + "node_modules/@types/phoenix": { + "version": "1.6.7", + "resolved": "https://registry.npmjs.org/@types/phoenix/-/phoenix-1.6.7.tgz", + "integrity": "sha512-oN9ive//QSBkf19rfDv45M7eZPi0eEXylht2OLEXicu5b4KoQ1OzXIw+xDSGWxSxe1JmepRR/ZH283vsu518/Q==", + "license": "MIT" + }, + "node_modules/@types/ws": { + "version": "8.18.1", + "resolved": "https://registry.npmjs.org/@types/ws/-/ws-8.18.1.tgz", + "integrity": "sha512-ThVF6DCVhA8kUGy+aazFQ4kXQ7E1Ty7A3ypFOe0IcJV8O/M511G99AW24irKrW56Wt44yG9+ij8FaqoBGkuBXg==", + "license": "MIT", + "dependencies": { + "@types/node": "*" + } + }, + "node_modules/accepts": { + "version": "1.3.8", + "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.8.tgz", + "integrity": "sha512-PYAthTa2m2VKxuvSD3DPC/Gy+U+sOA1LAuT8mkmRuvw+NACSaeXEQ+NHcVF7rONl6qcaxV3Uuemwawk+7+SJLw==", + "license": "MIT", + "dependencies": { + "mime-types": "~2.1.34", + "negotiator": "0.6.3" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/anymatch": { + "version": "3.1.3", + "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz", + "integrity": "sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==", + "dev": true, + "license": "ISC", + "dependencies": { + "normalize-path": "^3.0.0", + "picomatch": "^2.0.4" + }, + "engines": { + "node": ">= 8" + } + }, + "node_modules/append-field": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/append-field/-/append-field-1.0.0.tgz", + "integrity": "sha512-klpgFSWLW1ZEs8svjfb7g4qWY0YS5imI82dTg+QahUvJ8YqAY0P10Uk8tTyh9ZGuYEZEMaeJYCF5BFuX552hsw==", + "license": "MIT" + }, + "node_modules/array-flatten": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz", + "integrity": "sha512-PCVAQswWemu6UdxsDFFX/+gVeYqKAod3D3UVm91jHwynguOwAvYPhx8nNlM++NqRcK6CxxpUafjmhIdKiHibqg==", + "license": "MIT" + }, + "node_modules/balanced-match": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz", + "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==", + "dev": true, + "license": "MIT" + }, + "node_modules/bcryptjs": { + "version": "2.4.3", + "resolved": "https://registry.npmjs.org/bcryptjs/-/bcryptjs-2.4.3.tgz", + "integrity": "sha512-V/Hy/X9Vt7f3BbPJEi8BdVFMByHi+jNXrYkW3huaybV/kQ0KJg0Y6PkEMbn+zeT+i+SiKZ/HMqJGIIt4LZDqNQ==", + "license": "MIT" + }, + "node_modules/binary-extensions": { + "version": "2.3.0", + "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz", + "integrity": "sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8" + }, + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/body-parser": { + "version": "1.20.4", + "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.20.4.tgz", + "integrity": "sha512-ZTgYYLMOXY9qKU/57FAo8F+HA2dGX7bqGc71txDRC1rS4frdFI5R7NhluHxH6M0YItAP0sHB4uqAOcYKxO6uGA==", + "license": "MIT", + "dependencies": { + "bytes": "~3.1.2", + "content-type": "~1.0.5", + "debug": "2.6.9", + "depd": "2.0.0", + "destroy": "~1.2.0", + "http-errors": "~2.0.1", + "iconv-lite": "~0.4.24", + "on-finished": "~2.4.1", + "qs": "~6.14.0", + "raw-body": "~2.5.3", + "type-is": "~1.6.18", + "unpipe": "~1.0.0" + }, + "engines": { + "node": ">= 0.8", + "npm": "1.2.8000 || >= 1.4.16" + } + }, + "node_modules/brace-expansion": { + "version": "1.1.12", + "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz", + "integrity": "sha512-9T9UjW3r0UW5c1Q7GTwllptXwhvYmEzFhzMfZ9H7FQWt+uZePjZPjBP/W1ZEyZ1twGWom5/56TF4lPcqjnDHcg==", + "dev": true, + "license": "MIT", + "dependencies": { + "balanced-match": "^1.0.0", + "concat-map": "0.0.1" + } + }, + "node_modules/braces": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz", + "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==", + "dev": true, + "license": "MIT", + "dependencies": { + "fill-range": "^7.1.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/buffer-equal-constant-time": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz", + "integrity": "sha512-zRpUiDwd/xk6ADqPMATG8vc9VPrkck7T07OIx0gnjmJAnHnTVXNQG3vfvWNuiZIkwu9KrKdA1iJKfsfTVxE6NA==", + "license": "BSD-3-Clause" + }, + "node_modules/buffer-from": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz", + "integrity": "sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ==", + "license": "MIT" + }, + "node_modules/busboy": { + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/busboy/-/busboy-1.6.0.tgz", + "integrity": "sha512-8SFQbg/0hQ9xy3UNTB0YEnsNBbWfhf7RtnzpL7TkBiTBRfrQ9Fxcnz7VJsleJpyp6rVLvXiuORqjlHi5q+PYuA==", + "dependencies": { + "streamsearch": "^1.1.0" + }, + "engines": { + "node": ">=10.16.0" + } + }, + "node_modules/bytes": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.2.tgz", + "integrity": "sha512-/Nf7TyzTx6S3yRJObOAV7956r8cr2+Oj8AC5dt8wSP3BQAoeX58NoHyCU8P8zGkNXStjTSi6fzO6F0pBdcYbEg==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/call-bind-apply-helpers": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/call-bind-apply-helpers/-/call-bind-apply-helpers-1.0.2.tgz", + "integrity": "sha512-Sp1ablJ0ivDkSzjcaJdxEunN5/XvksFJ2sMBFfq6x0ryhQV/2b/KwFe21cMpmHtPOSij8K99/wSfoEuTObmuMQ==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/call-bound": { + "version": "1.0.4", + "resolved": "https://registry.npmjs.org/call-bound/-/call-bound-1.0.4.tgz", + "integrity": "sha512-+ys997U96po4Kx/ABpBCqhA9EuxJaQWDQg7295H4hBphv3IZg0boBKuwYpt4YXp6MZ5AmZQnU/tyMTlRpaSejg==", + "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.2", + "get-intrinsic": "^1.3.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/chokidar": { + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz", + "integrity": "sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==", + "dev": true, + "license": "MIT", + "dependencies": { + "anymatch": "~3.1.2", + "braces": "~3.0.2", + "glob-parent": "~5.1.2", + "is-binary-path": "~2.1.0", + "is-glob": "~4.0.1", + "normalize-path": "~3.0.0", + "readdirp": "~3.6.0" + }, + "engines": { + "node": ">= 8.10.0" + }, + "funding": { + "url": "https://paulmillr.com/funding/" + }, + "optionalDependencies": { + "fsevents": "~2.3.2" + } + }, + "node_modules/concat-map": { + "version": "0.0.1", + "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz", + "integrity": "sha512-/Srv4dswyQNBfohGpz9o6Yb3Gz3SrUDqBH5rTuhGR7ahtlbYKnVxw2bCFMRljaA7EXHaXZ8wsHdodFvbkhKmqg==", + "dev": true, + "license": "MIT" + }, + "node_modules/concat-stream": { + "version": "1.6.2", + "resolved": "https://registry.npmjs.org/concat-stream/-/concat-stream-1.6.2.tgz", + "integrity": "sha512-27HBghJxjiZtIk3Ycvn/4kbJk/1uZuJFfuPEns6LaEvpvG1f0hTea8lilrouyo9mVc2GWdcEZ8OLoGmSADlrCw==", + "engines": [ + "node >= 0.8" + ], + "license": "MIT", + "dependencies": { + "buffer-from": "^1.0.0", + "inherits": "^2.0.3", + "readable-stream": "^2.2.2", + "typedarray": "^0.0.6" + } + }, + "node_modules/content-disposition": { + "version": "0.5.4", + "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.4.tgz", + "integrity": "sha512-FveZTNuGw04cxlAiWbzi6zTAL/lhehaWbTtgluJh4/E95DqMwTmha3KZN1aAWA8cFIhHzMZUvLevkw5Rqk+tSQ==", + "license": "MIT", + "dependencies": { + "safe-buffer": "5.2.1" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/content-type": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.5.tgz", + "integrity": "sha512-nTjqfcBFEipKdXCv4YDQWCfmcLZKm81ldF0pAopTvyrFGVbcR6P/VAAd5G7N+0tTr8QqiU0tFadD6FK4NtJwOA==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/cookie": { + "version": "0.7.2", + "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.7.2.tgz", + "integrity": "sha512-yki5XnKuf750l50uGTllt6kKILY4nQ1eNIQatoXEByZ5dWgnKqbnqmTrBE5B4N7lrMJKQ2ytWMiTO2o0v6Ew/w==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/cookie-signature": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.7.tgz", + "integrity": "sha512-NXdYc3dLr47pBkpUCHtKSwIOQXLVn8dZEuywboCOJY/osA0wFSLlSawr3KN8qXJEyX66FcONTH8EIlVuK0yyFA==", + "license": "MIT" + }, + "node_modules/core-util-is": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.3.tgz", + "integrity": "sha512-ZQBvi1DcpJ4GDqanjucZ2Hj3wEO5pZDS89BWbkcrvdxksJorwUDDZamX9ldFkp9aw2lmBDLgkObEA4DWNJ9FYQ==", + "license": "MIT" + }, + "node_modules/cors": { + "version": "2.8.5", + "resolved": "https://registry.npmjs.org/cors/-/cors-2.8.5.tgz", + "integrity": "sha512-KIHbLJqu73RGr/hnbrO9uBeixNGuvSQjul/jdFvS/KFSIH1hWVd1ng7zOHx+YrEfInLG7q4n6GHQ9cDtxv/P6g==", + "license": "MIT", + "dependencies": { + "object-assign": "^4", + "vary": "^1" + }, + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/debug": { + "version": "2.6.9", + "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz", + "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==", + "license": "MIT", + "dependencies": { + "ms": "2.0.0" + } + }, + "node_modules/depd": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz", + "integrity": "sha512-g7nH6P6dyDioJogAAGprGpCtVImJhpPk/roCzdb3fIh61/s/nPsfR6onyMwkCAR/OlC3yBC0lESvUoQEAssIrw==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/destroy": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.2.0.tgz", + "integrity": "sha512-2sJGJTaXIIaR1w4iJSNoN0hnMY7Gpc/n8D4qSCJw8QqFWXf7cuAgnEHxBpweaVcPevC2l3KpjYCx3NypQQgaJg==", + "license": "MIT", + "engines": { + "node": ">= 0.8", + "npm": "1.2.8000 || >= 1.4.16" + } + }, + "node_modules/dotenv": { + "version": "16.6.1", + "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-16.6.1.tgz", + "integrity": "sha512-uBq4egWHTcTt33a72vpSG0z3HnPuIl6NqYcTrKEg2azoEyl2hpW0zqlxysq2pK9HlDIHyHyakeYaYnSAwd8bow==", + "license": "BSD-2-Clause", + "engines": { + "node": ">=12" + }, + "funding": { + "url": "https://dotenvx.com" + } + }, + "node_modules/dunder-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/dunder-proto/-/dunder-proto-1.0.1.tgz", + "integrity": "sha512-KIN/nDJBQRcXw0MLVhZE9iQHmG68qAVIBg9CqmUYjmQIhgij9U5MFvrqkUL5FbtyyzZuOeOt0zdeRe4UY7ct+A==", + "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.1", + "es-errors": "^1.3.0", + "gopd": "^1.2.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/ecdsa-sig-formatter": { + "version": "1.0.11", + "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.11.tgz", + "integrity": "sha512-nagl3RYrbNv6kQkeJIpt6NJZy8twLB/2vtz6yN9Z4vRKHN4/QZJIEbqohALSgwKdnksuY3k5Addp5lg8sVoVcQ==", + "license": "Apache-2.0", + "dependencies": { + "safe-buffer": "^5.0.1" + } + }, + "node_modules/ee-first": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz", + "integrity": "sha512-WMwm9LhRUo+WUaRN+vRuETqG89IgZphVSNkdFgeb6sS/E4OrDIN7t48CAewSHXc6C8lefD8KKfr5vY61brQlow==", + "license": "MIT" + }, + "node_modules/encodeurl": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-2.0.0.tgz", + "integrity": "sha512-Q0n9HRi4m6JuGIV1eFlmvJB7ZEVxu93IrMyiMsGC0lrMJMWzRgx6WGquyfQgZVb31vhGgXnfmPNNXmxnOkRBrg==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/es-define-property": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/es-define-property/-/es-define-property-1.0.1.tgz", + "integrity": "sha512-e3nRfgfUZ4rNGL232gUgX06QNyyez04KdjFrF+LTRoOXmrOgFKDg4BCdsjW8EnT69eqdYGmRpJwiPVYNrCaW3g==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-errors": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/es-errors/-/es-errors-1.3.0.tgz", + "integrity": "sha512-Zf5H2Kxt2xjTvbJvP2ZWLEICxA6j+hAmMzIlypy4xcBg1vKVnx89Wy0GbS+kf5cwCVFFzdCFh2XSCFNULS6csw==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/es-object-atoms": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/es-object-atoms/-/es-object-atoms-1.1.1.tgz", + "integrity": "sha512-FGgH2h8zKNim9ljj7dankFPcICIK9Cp5bm+c2gQSYePhpaG5+esrLODihIorn+Pe6FGJzWhXQotPv73jTaldXA==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/escape-html": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz", + "integrity": "sha512-NiSupZ4OeuGwr68lGIeym/ksIZMJodUGOSCZ/FSnTxcrekbvqrgdUxlJOMpijaKZVjAJrWrGs/6Jy8OMuyj9ow==", + "license": "MIT" + }, + "node_modules/etag": { + "version": "1.8.1", + "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz", + "integrity": "sha512-aIL5Fx7mawVa300al2BnEE4iNvo1qETxLrPI/o05L7z6go7fCw1J6EQmbK4FmJ2AS7kgVF/KEZWufBfdClMcPg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/express": { + "version": "4.22.1", + "resolved": "https://registry.npmjs.org/express/-/express-4.22.1.tgz", + "integrity": "sha512-F2X8g9P1X7uCPZMA3MVf9wcTqlyNp7IhH5qPCI0izhaOIYXaW9L535tGA3qmjRzpH+bZczqq7hVKxTR4NWnu+g==", + "license": "MIT", + "dependencies": { + "accepts": "~1.3.8", + "array-flatten": "1.1.1", + "body-parser": "~1.20.3", + "content-disposition": "~0.5.4", + "content-type": "~1.0.4", + "cookie": "~0.7.1", + "cookie-signature": "~1.0.6", + "debug": "2.6.9", + "depd": "2.0.0", + "encodeurl": "~2.0.0", + "escape-html": "~1.0.3", + "etag": "~1.8.1", + "finalhandler": "~1.3.1", + "fresh": "~0.5.2", + "http-errors": "~2.0.0", + "merge-descriptors": "1.0.3", + "methods": "~1.1.2", + "on-finished": "~2.4.1", + "parseurl": "~1.3.3", + "path-to-regexp": "~0.1.12", + "proxy-addr": "~2.0.7", + "qs": "~6.14.0", + "range-parser": "~1.2.1", + "safe-buffer": "5.2.1", + "send": "~0.19.0", + "serve-static": "~1.16.2", + "setprototypeof": "1.2.0", + "statuses": "~2.0.1", + "type-is": "~1.6.18", + "utils-merge": "1.0.1", + "vary": "~1.1.2" + }, + "engines": { + "node": ">= 0.10.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/fill-range": { + "version": "7.1.1", + "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz", + "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==", + "dev": true, + "license": "MIT", + "dependencies": { + "to-regex-range": "^5.0.1" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/finalhandler": { + "version": "1.3.2", + "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.3.2.tgz", + "integrity": "sha512-aA4RyPcd3badbdABGDuTXCMTtOneUCAYH/gxoYRTZlIJdF0YPWuGqiAsIrhNnnqdXGswYk6dGujem4w80UJFhg==", + "license": "MIT", + "dependencies": { + "debug": "2.6.9", + "encodeurl": "~2.0.0", + "escape-html": "~1.0.3", + "on-finished": "~2.4.1", + "parseurl": "~1.3.3", + "statuses": "~2.0.2", + "unpipe": "~1.0.0" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/forwarded": { + "version": "0.2.0", + "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.2.0.tgz", + "integrity": "sha512-buRG0fpBtRHSTCOASe6hD258tEubFoRLb4ZNA6NxMVHNw2gOcwHo9wyablzMzOA5z9xA9L1KNjk/Nt6MT9aYow==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/fresh": { + "version": "0.5.2", + "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz", + "integrity": "sha512-zJ2mQYM18rEFOudeV4GShTGIQ7RbzA7ozbU9I/XBpm7kqgMywgmylMwXHxZJmkVoYkna9d2pVXVXPdYTP9ej8Q==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/fsevents": { + "version": "2.3.3", + "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz", + "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==", + "dev": true, + "hasInstallScript": true, + "license": "MIT", + "optional": true, + "os": [ + "darwin" + ], + "engines": { + "node": "^8.16.0 || ^10.6.0 || >=11.0.0" + } + }, + "node_modules/function-bind": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz", + "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/get-intrinsic": { + "version": "1.3.0", + "resolved": "https://registry.npmjs.org/get-intrinsic/-/get-intrinsic-1.3.0.tgz", + "integrity": "sha512-9fSjSaos/fRIVIp+xSJlE6lfwhES7LNtKaCBIamHsjr2na1BiABJPo0mOjjz8GJDURarmCPGqaiVg5mfjb98CQ==", + "license": "MIT", + "dependencies": { + "call-bind-apply-helpers": "^1.0.2", + "es-define-property": "^1.0.1", + "es-errors": "^1.3.0", + "es-object-atoms": "^1.1.1", + "function-bind": "^1.1.2", + "get-proto": "^1.0.1", + "gopd": "^1.2.0", + "has-symbols": "^1.1.0", + "hasown": "^2.0.2", + "math-intrinsics": "^1.1.0" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/get-proto": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/get-proto/-/get-proto-1.0.1.tgz", + "integrity": "sha512-sTSfBjoXBp89JvIKIefqw7U2CCebsc74kiY6awiGogKtoSGbgjYE/G/+l9sF3MWFPNc9IcoOC4ODfKHfxFmp0g==", + "license": "MIT", + "dependencies": { + "dunder-proto": "^1.0.1", + "es-object-atoms": "^1.0.0" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/glob-parent": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz", + "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==", + "dev": true, + "license": "ISC", + "dependencies": { + "is-glob": "^4.0.1" + }, + "engines": { + "node": ">= 6" + } + }, + "node_modules/gopd": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/gopd/-/gopd-1.2.0.tgz", + "integrity": "sha512-ZUKRh6/kUFoAiTAtTYPZJ3hw9wNxx+BIBOijnlG9PnrJsCcSjs1wyyD6vJpaYtgnzDrKYRSqf3OO6Rfa93xsRg==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/has-flag": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz", + "integrity": "sha512-sKJf1+ceQBr4SMkvQnBDNDtf4TXpVhVGateu0t918bl30FnbE2m4vNLX+VWe/dpjlb+HugGYzW7uQXH98HPEYw==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=4" + } + }, + "node_modules/has-symbols": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/has-symbols/-/has-symbols-1.1.0.tgz", + "integrity": "sha512-1cDNdwJ2Jaohmb3sg4OmKaMBwuC48sYni5HUw2DvsC8LjGTLK9h+eb1X6RyuOHe4hT0ULCW68iomhjUoKUqlPQ==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/hasown": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz", + "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==", + "license": "MIT", + "dependencies": { + "function-bind": "^1.1.2" + }, + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/http-errors": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-2.0.1.tgz", + "integrity": "sha512-4FbRdAX+bSdmo4AUFuS0WNiPz8NgFt+r8ThgNWmlrjQjt1Q7ZR9+zTlce2859x4KSXrwIsaeTqDoKQmtP8pLmQ==", + "license": "MIT", + "dependencies": { + "depd": "~2.0.0", + "inherits": "~2.0.4", + "setprototypeof": "~1.2.0", + "statuses": "~2.0.2", + "toidentifier": "~1.0.1" + }, + "engines": { + "node": ">= 0.8" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" + } + }, + "node_modules/iceberg-js": { + "version": "0.8.1", + "resolved": "https://registry.npmjs.org/iceberg-js/-/iceberg-js-0.8.1.tgz", + "integrity": "sha512-1dhVQZXhcHje7798IVM+xoo/1ZdVfzOMIc8/rgVSijRK38EDqOJoGula9N/8ZI5RD8QTxNQtK/Gozpr+qUqRRA==", + "license": "MIT", + "engines": { + "node": ">=20.0.0" + } + }, + "node_modules/iconv-lite": { + "version": "0.4.24", + "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz", + "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==", + "license": "MIT", + "dependencies": { + "safer-buffer": ">= 2.1.2 < 3" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/ignore-by-default": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/ignore-by-default/-/ignore-by-default-1.0.1.tgz", + "integrity": "sha512-Ius2VYcGNk7T90CppJqcIkS5ooHUZyIQK+ClZfMfMNFEF9VSE73Fq+906u/CWu92x4gzZMWOwfFYckPObzdEbA==", + "dev": true, + "license": "ISC" + }, + "node_modules/inherits": { + "version": "2.0.4", + "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz", + "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==", + "license": "ISC" + }, + "node_modules/ipaddr.js": { + "version": "1.9.1", + "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz", + "integrity": "sha512-0KI/607xoxSToH7GjN1FfSbLoU0+btTicjsQSWQlh/hZykN8KpmMf7uYwPW3R+akZ6R/w18ZlXSHBYXiYUPO3g==", + "license": "MIT", + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/is-binary-path": { + "version": "2.1.0", + "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz", + "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==", + "dev": true, + "license": "MIT", + "dependencies": { + "binary-extensions": "^2.0.0" + }, + "engines": { + "node": ">=8" + } + }, + "node_modules/is-extglob": { + "version": "2.1.1", + "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz", + "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-glob": { + "version": "4.0.3", + "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz", + "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==", + "dev": true, + "license": "MIT", + "dependencies": { + "is-extglob": "^2.1.1" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/is-number": { + "version": "7.0.0", + "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz", + "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.12.0" + } + }, + "node_modules/isarray": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz", + "integrity": "sha512-VLghIWNM6ELQzo7zwmcg0NmTVyWKYjvIeM83yjp0wRDTmUnrM678fQbcKBo6n2CJEF0szoG//ytg+TKla89ALQ==", + "license": "MIT" + }, + "node_modules/jsonwebtoken": { + "version": "9.0.3", + "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-9.0.3.tgz", + "integrity": "sha512-MT/xP0CrubFRNLNKvxJ2BYfy53Zkm++5bX9dtuPbqAeQpTVe0MQTFhao8+Cp//EmJp244xt6Drw/GVEGCUj40g==", + "license": "MIT", + "dependencies": { + "jws": "^4.0.1", + "lodash.includes": "^4.3.0", + "lodash.isboolean": "^3.0.3", + "lodash.isinteger": "^4.0.4", + "lodash.isnumber": "^3.0.3", + "lodash.isplainobject": "^4.0.6", + "lodash.isstring": "^4.0.1", + "lodash.once": "^4.0.0", + "ms": "^2.1.1", + "semver": "^7.5.4" + }, + "engines": { + "node": ">=12", + "npm": ">=6" + } + }, + "node_modules/jsonwebtoken/node_modules/ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", + "license": "MIT" + }, + "node_modules/jwa": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/jwa/-/jwa-2.0.1.tgz", + "integrity": "sha512-hRF04fqJIP8Abbkq5NKGN0Bbr3JxlQ+qhZufXVr0DvujKy93ZCbXZMHDL4EOtodSbCWxOqR8MS1tXA5hwqCXDg==", + "license": "MIT", + "dependencies": { + "buffer-equal-constant-time": "^1.0.1", + "ecdsa-sig-formatter": "1.0.11", + "safe-buffer": "^5.0.1" + } + }, + "node_modules/jws": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/jws/-/jws-4.0.1.tgz", + "integrity": "sha512-EKI/M/yqPncGUUh44xz0PxSidXFr/+r0pA70+gIYhjv+et7yxM+s29Y+VGDkovRofQem0fs7Uvf4+YmAdyRduA==", + "license": "MIT", + "dependencies": { + "jwa": "^2.0.1", + "safe-buffer": "^5.0.1" + } + }, + "node_modules/lodash.includes": { + "version": "4.3.0", + "resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz", + "integrity": "sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==", + "license": "MIT" + }, + "node_modules/lodash.isboolean": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz", + "integrity": "sha512-Bz5mupy2SVbPHURB98VAcw+aHh4vRV5IPNhILUCsOzRmsTmSQ17jIuqopAentWoehktxGd9e/hbIXq980/1QJg==", + "license": "MIT" + }, + "node_modules/lodash.isinteger": { + "version": "4.0.4", + "resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz", + "integrity": "sha512-DBwtEWN2caHQ9/imiNeEA5ys1JoRtRfY3d7V9wkqtbycnAmTvRRmbHKDV4a0EYc678/dia0jrte4tjYwVBaZUA==", + "license": "MIT" + }, + "node_modules/lodash.isnumber": { + "version": "3.0.3", + "resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz", + "integrity": "sha512-QYqzpfwO3/CWf3XP+Z+tkQsfaLL/EnUlXWVkIk5FUPc4sBdTehEqZONuyRt2P67PXAk+NXmTBcc97zw9t1FQrw==", + "license": "MIT" + }, + "node_modules/lodash.isplainobject": { + "version": "4.0.6", + "resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz", + "integrity": "sha512-oSXzaWypCMHkPC3NvBEaPHf0KsA5mvPrOPgQWDsbg8n7orZ290M0BmC/jgRZ4vcJ6DTAhjrsSYgdsW/F+MFOBA==", + "license": "MIT" + }, + "node_modules/lodash.isstring": { + "version": "4.0.1", + "resolved": "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz", + "integrity": "sha512-0wJxfxH1wgO3GrbuP+dTTk7op+6L41QCXbGINEmD+ny/G/eCqGzxyCsh7159S+mgDDcoarnBw6PC1PS5+wUGgw==", + "license": "MIT" + }, + "node_modules/lodash.once": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz", + "integrity": "sha512-Sb487aTOCr9drQVL8pIxOzVhafOjZN9UU54hiN8PU3uAiSV7lx1yYNpbNmex2PK6dSJoNTSJUUswT651yww3Mg==", + "license": "MIT" + }, + "node_modules/math-intrinsics": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/math-intrinsics/-/math-intrinsics-1.1.0.tgz", + "integrity": "sha512-/IXtbwEk5HTPyEwyKX6hGkYXxM9nbj64B+ilVJnC/R6B0pH5G4V3b0pVbL7DBj4tkhBAppbQUlf6F6Xl9LHu1g==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + } + }, + "node_modules/media-typer": { + "version": "0.3.0", + "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz", + "integrity": "sha512-dq+qelQ9akHpcOl/gUVRTxVIOkAJ1wR3QAvb4RsVjS8oVoFjDGTc679wJYmUmknUF5HwMLOgb5O+a3KxfWapPQ==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/merge-descriptors": { + "version": "1.0.3", + "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.3.tgz", + "integrity": "sha512-gaNvAS7TZ897/rVaZ0nMtAyxNyi/pdbjbAwUpFQpN70GqnVfOiXpeUUMKRBmzXaSQ8DdTX4/0ms62r2K+hE6mQ==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/sindresorhus" + } + }, + "node_modules/methods": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz", + "integrity": "sha512-iclAHeNqNm68zFtnZ0e+1L2yUIdvzNoauKU4WBA3VvH/vPFieF7qfRlwUZU+DA9P9bPXIS90ulxoUoCH23sV2w==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mime": { + "version": "1.6.0", + "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz", + "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg==", + "license": "MIT", + "bin": { + "mime": "cli.js" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/mime-db": { + "version": "1.52.0", + "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.52.0.tgz", + "integrity": "sha512-sPU4uV7dYlvtWJxwwxHD0PuihVNiE7TyAbQ5SWxDCB9mUYvOgroQOwYQQOKPJ8CIbE+1ETVlOoK1UC2nU3gYvg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/mime-types": { + "version": "2.1.35", + "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.35.tgz", + "integrity": "sha512-ZDY+bPm5zTTF+YpCrAU9nK0UgICYPT0QtT1NZWFv4s++TNkcgVaT0g6+4R2uI4MjQjzysHB1zxuWL50hzaeXiw==", + "license": "MIT", + "dependencies": { + "mime-db": "1.52.0" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/minimatch": { + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz", + "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==", + "dev": true, + "license": "ISC", + "dependencies": { + "brace-expansion": "^1.1.7" + }, + "engines": { + "node": "*" + } + }, + "node_modules/minimist": { + "version": "1.2.8", + "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.8.tgz", + "integrity": "sha512-2yyAR8qBkN3YuheJanUpWC5U3bb5osDywNB8RzDVlDwDHbocAJveqqj1u8+SVD7jkWT4yvsHCpWqqWqAxb0zCA==", + "license": "MIT", + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/mkdirp": { + "version": "0.5.6", + "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.6.tgz", + "integrity": "sha512-FP+p8RB8OWpF3YZBCrP5gtADmtXApB5AMLn+vdyA+PyxCjrCs00mjyUozssO33cwDeT3wNGdLxJ5M//YqtHAJw==", + "license": "MIT", + "dependencies": { + "minimist": "^1.2.6" + }, + "bin": { + "mkdirp": "bin/cmd.js" + } + }, + "node_modules/ms": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz", + "integrity": "sha512-Tpp60P6IUJDTuOq/5Z8cdskzJujfwqfOTkrwIwj7IRISpnkJnT6SyJ4PCPnGMoFjC9ddhal5KVIYtAt97ix05A==", + "license": "MIT" + }, + "node_modules/multer": { + "version": "1.4.5-lts.2", + "resolved": "https://registry.npmjs.org/multer/-/multer-1.4.5-lts.2.tgz", + "integrity": "sha512-VzGiVigcG9zUAoCNU+xShztrlr1auZOlurXynNvO9GiWD1/mTBbUljOKY+qMeazBqXgRnjzeEgJI/wyjJUHg9A==", + "deprecated": "Multer 1.x is impacted by a number of vulnerabilities, which have been patched in 2.x. You should upgrade to the latest 2.x version.", + "license": "MIT", + "dependencies": { + "append-field": "^1.0.0", + "busboy": "^1.0.0", + "concat-stream": "^1.5.2", + "mkdirp": "^0.5.4", + "object-assign": "^4.1.1", + "type-is": "^1.6.4", + "xtend": "^4.0.0" + }, + "engines": { + "node": ">= 6.0.0" + } + }, + "node_modules/negotiator": { + "version": "0.6.3", + "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.3.tgz", + "integrity": "sha512-+EUsqGPLsM+j/zdChZjsnX51g4XrHFOIXwfnCVPGlQk/k5giakcKsuxCObBRu6DSm9opw/O6slWbJdghQM4bBg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/nodemon": { + "version": "3.1.11", + "resolved": "https://registry.npmjs.org/nodemon/-/nodemon-3.1.11.tgz", + "integrity": "sha512-is96t8F/1//UHAjNPHpbsNY46ELPpftGUoSVNXwUfMk/qdjSylYrWSu1XavVTBOn526kFiOR733ATgNBCQyH0g==", + "dev": true, + "license": "MIT", + "dependencies": { + "chokidar": "^3.5.2", + "debug": "^4", + "ignore-by-default": "^1.0.1", + "minimatch": "^3.1.2", + "pstree.remy": "^1.1.8", + "semver": "^7.5.3", + "simple-update-notifier": "^2.0.0", + "supports-color": "^5.5.0", + "touch": "^3.1.0", + "undefsafe": "^2.0.5" + }, + "bin": { + "nodemon": "bin/nodemon.js" + }, + "engines": { + "node": ">=10" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/nodemon" + } + }, + "node_modules/nodemon/node_modules/debug": { + "version": "4.4.3", + "resolved": "https://registry.npmjs.org/debug/-/debug-4.4.3.tgz", + "integrity": "sha512-RGwwWnwQvkVfavKVt22FGLw+xYSdzARwm0ru6DhTVA3umU5hZc28V3kO4stgYryrTlLpuvgI9GiijltAjNbcqA==", + "dev": true, + "license": "MIT", + "dependencies": { + "ms": "^2.1.3" + }, + "engines": { + "node": ">=6.0" + }, + "peerDependenciesMeta": { + "supports-color": { + "optional": true + } + } + }, + "node_modules/nodemon/node_modules/ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", + "dev": true, + "license": "MIT" + }, + "node_modules/normalize-path": { + "version": "3.0.0", + "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz", + "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/object-assign": { + "version": "4.1.1", + "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz", + "integrity": "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/object-inspect": { + "version": "1.13.4", + "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.13.4.tgz", + "integrity": "sha512-W67iLl4J2EXEGTbfeHCffrjDfitvLANg0UlX3wFUUSTx92KXRFegMHUVgSqE+wvhAbi4WqjGg9czysTV2Epbew==", + "license": "MIT", + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/on-finished": { + "version": "2.4.1", + "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.4.1.tgz", + "integrity": "sha512-oVlzkg3ENAhCk2zdv7IJwd/QUD4z2RxRwpkcGY8psCVcCYZNq4wYnVWALHM+brtuJjePWiYF/ClmuDr8Ch5+kg==", + "license": "MIT", + "dependencies": { + "ee-first": "1.1.1" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/parseurl": { + "version": "1.3.3", + "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz", + "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/path-to-regexp": { + "version": "0.1.12", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz", + "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ==", + "license": "MIT" + }, + "node_modules/pg": { + "version": "8.16.3", + "resolved": "https://registry.npmjs.org/pg/-/pg-8.16.3.tgz", + "integrity": "sha512-enxc1h0jA/aq5oSDMvqyW3q89ra6XIIDZgCX9vkMrnz5DFTw/Ny3Li2lFQ+pt3L6MCgm/5o2o8HW9hiJji+xvw==", + "license": "MIT", + "dependencies": { + "pg-connection-string": "^2.9.1", + "pg-pool": "^3.10.1", + "pg-protocol": "^1.10.3", + "pg-types": "2.2.0", + "pgpass": "1.0.5" + }, + "engines": { + "node": ">= 16.0.0" + }, + "optionalDependencies": { + "pg-cloudflare": "^1.2.7" + }, + "peerDependencies": { + "pg-native": ">=3.0.1" + }, + "peerDependenciesMeta": { + "pg-native": { + "optional": true + } + } + }, + "node_modules/pg-cloudflare": { + "version": "1.2.7", + "resolved": "https://registry.npmjs.org/pg-cloudflare/-/pg-cloudflare-1.2.7.tgz", + "integrity": "sha512-YgCtzMH0ptvZJslLM1ffsY4EuGaU0cx4XSdXLRFae8bPP4dS5xL1tNB3k2o/N64cHJpwU7dxKli/nZ2lUa5fLg==", + "license": "MIT", + "optional": true + }, + "node_modules/pg-connection-string": { + "version": "2.9.1", + "resolved": "https://registry.npmjs.org/pg-connection-string/-/pg-connection-string-2.9.1.tgz", + "integrity": "sha512-nkc6NpDcvPVpZXxrreI/FOtX3XemeLl8E0qFr6F2Lrm/I8WOnaWNhIPK2Z7OHpw7gh5XJThi6j6ppgNoaT1w4w==", + "license": "MIT" + }, + "node_modules/pg-int8": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/pg-int8/-/pg-int8-1.0.1.tgz", + "integrity": "sha512-WCtabS6t3c8SkpDBUlb1kjOs7l66xsGdKpIPZsg4wR+B3+u9UAum2odSsF9tnvxg80h4ZxLWMy4pRjOsFIqQpw==", + "license": "ISC", + "engines": { + "node": ">=4.0.0" + } + }, + "node_modules/pg-pool": { + "version": "3.10.1", + "resolved": "https://registry.npmjs.org/pg-pool/-/pg-pool-3.10.1.tgz", + "integrity": "sha512-Tu8jMlcX+9d8+QVzKIvM/uJtp07PKr82IUOYEphaWcoBhIYkoHpLXN3qO59nAI11ripznDsEzEv8nUxBVWajGg==", + "license": "MIT", + "peerDependencies": { + "pg": ">=8.0" + } + }, + "node_modules/pg-protocol": { + "version": "1.10.3", + "resolved": "https://registry.npmjs.org/pg-protocol/-/pg-protocol-1.10.3.tgz", + "integrity": "sha512-6DIBgBQaTKDJyxnXaLiLR8wBpQQcGWuAESkRBX/t6OwA8YsqP+iVSiond2EDy6Y/dsGk8rh/jtax3js5NeV7JQ==", + "license": "MIT" + }, + "node_modules/pg-types": { + "version": "2.2.0", + "resolved": "https://registry.npmjs.org/pg-types/-/pg-types-2.2.0.tgz", + "integrity": "sha512-qTAAlrEsl8s4OiEQY69wDvcMIdQN6wdz5ojQiOy6YRMuynxenON0O5oCpJI6lshc6scgAY8qvJ2On/p+CXY0GA==", + "license": "MIT", + "dependencies": { + "pg-int8": "1.0.1", + "postgres-array": "~2.0.0", + "postgres-bytea": "~1.0.0", + "postgres-date": "~1.0.4", + "postgres-interval": "^1.1.0" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/pgpass": { + "version": "1.0.5", + "resolved": "https://registry.npmjs.org/pgpass/-/pgpass-1.0.5.tgz", + "integrity": "sha512-FdW9r/jQZhSeohs1Z3sI1yxFQNFvMcnmfuj4WBMUTxOrAyLMaTcE1aAMBiTlbMNaXvBCQuVi0R7hd8udDSP7ug==", + "license": "MIT", + "dependencies": { + "split2": "^4.1.0" + } + }, + "node_modules/picomatch": { + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz", + "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==", + "dev": true, + "license": "MIT", + "engines": { + "node": ">=8.6" + }, + "funding": { + "url": "https://github.com/sponsors/jonschlinkert" + } + }, + "node_modules/postgres-array": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/postgres-array/-/postgres-array-2.0.0.tgz", + "integrity": "sha512-VpZrUqU5A69eQyW2c5CA1jtLecCsN2U/bD6VilrFDWq5+5UIEVO7nazS3TEcHf1zuPYO/sqGvUvW62g86RXZuA==", + "license": "MIT", + "engines": { + "node": ">=4" + } + }, + "node_modules/postgres-bytea": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/postgres-bytea/-/postgres-bytea-1.0.1.tgz", + "integrity": "sha512-5+5HqXnsZPE65IJZSMkZtURARZelel2oXUEO8rH83VS/hxH5vv1uHquPg5wZs8yMAfdv971IU+kcPUczi7NVBQ==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/postgres-date": { + "version": "1.0.7", + "resolved": "https://registry.npmjs.org/postgres-date/-/postgres-date-1.0.7.tgz", + "integrity": "sha512-suDmjLVQg78nMK2UZ454hAG+OAW+HQPZ6n++TNDUX+L0+uUlLywnoxJKDou51Zm+zTCjrCl0Nq6J9C5hP9vK/Q==", + "license": "MIT", + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/postgres-interval": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/postgres-interval/-/postgres-interval-1.2.0.tgz", + "integrity": "sha512-9ZhXKM/rw350N1ovuWHbGxnGh/SNJ4cnxHiM0rxE4VN41wsg8P8zWn9hv/buK00RP4WvlOyr/RBDiptyxVbkZQ==", + "license": "MIT", + "dependencies": { + "xtend": "^4.0.0" + }, + "engines": { + "node": ">=0.10.0" + } + }, + "node_modules/process-nextick-args": { + "version": "2.0.1", + "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz", + "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==", + "license": "MIT" + }, + "node_modules/proxy-addr": { + "version": "2.0.7", + "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.7.tgz", + "integrity": "sha512-llQsMLSUDUPT44jdrU/O37qlnifitDP+ZwrmmZcoSKyLKvtZxpyV0n2/bD/N4tBAAZ/gJEdZU7KMraoK1+XYAg==", + "license": "MIT", + "dependencies": { + "forwarded": "0.2.0", + "ipaddr.js": "1.9.1" + }, + "engines": { + "node": ">= 0.10" + } + }, + "node_modules/pstree.remy": { + "version": "1.1.8", + "resolved": "https://registry.npmjs.org/pstree.remy/-/pstree.remy-1.1.8.tgz", + "integrity": "sha512-77DZwxQmxKnu3aR542U+X8FypNzbfJ+C5XQDk3uWjWxn6151aIMGthWYRXTqT1E5oJvg+ljaa2OJi+VfvCOQ8w==", + "dev": true, + "license": "MIT" + }, + "node_modules/qs": { + "version": "6.14.0", + "resolved": "https://registry.npmjs.org/qs/-/qs-6.14.0.tgz", + "integrity": "sha512-YWWTjgABSKcvs/nWBi9PycY/JiPJqOD4JA6o9Sej2AtvSGarXxKC3OQSk4pAarbdQlKAh5D4FCQkJNkW+GAn3w==", + "license": "BSD-3-Clause", + "dependencies": { + "side-channel": "^1.1.0" + }, + "engines": { + "node": ">=0.6" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/range-parser": { + "version": "1.2.1", + "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz", + "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg==", + "license": "MIT", + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/raw-body": { + "version": "2.5.3", + "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.3.tgz", + "integrity": "sha512-s4VSOf6yN0rvbRZGxs8Om5CWj6seneMwK3oDb4lWDH0UPhWcxwOWw5+qk24bxq87szX1ydrwylIOp2uG1ojUpA==", + "license": "MIT", + "dependencies": { + "bytes": "~3.1.2", + "http-errors": "~2.0.1", + "iconv-lite": "~0.4.24", + "unpipe": "~1.0.0" + }, + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/readable-stream": { + "version": "2.3.8", + "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz", + "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==", + "license": "MIT", + "dependencies": { + "core-util-is": "~1.0.0", + "inherits": "~2.0.3", + "isarray": "~1.0.0", + "process-nextick-args": "~2.0.0", + "safe-buffer": "~5.1.1", + "string_decoder": "~1.1.1", + "util-deprecate": "~1.0.1" + } + }, + "node_modules/readable-stream/node_modules/safe-buffer": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", + "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==", + "license": "MIT" + }, + "node_modules/readdirp": { + "version": "3.6.0", + "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz", + "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==", + "dev": true, + "license": "MIT", + "dependencies": { + "picomatch": "^2.2.1" + }, + "engines": { + "node": ">=8.10.0" + } + }, + "node_modules/safe-buffer": { + "version": "5.2.1", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz", + "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==", + "funding": [ + { + "type": "github", + "url": "https://github.com/sponsors/feross" + }, + { + "type": "patreon", + "url": "https://www.patreon.com/feross" + }, + { + "type": "consulting", + "url": "https://feross.org/support" + } + ], + "license": "MIT" + }, + "node_modules/safer-buffer": { + "version": "2.1.2", + "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz", + "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==", + "license": "MIT" + }, + "node_modules/semver": { + "version": "7.7.3", + "resolved": "https://registry.npmjs.org/semver/-/semver-7.7.3.tgz", + "integrity": "sha512-SdsKMrI9TdgjdweUSR9MweHA4EJ8YxHn8DFaDisvhVlUOe4BF1tLD7GAj0lIqWVl+dPb/rExr0Btby5loQm20Q==", + "license": "ISC", + "bin": { + "semver": "bin/semver.js" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/send": { + "version": "0.19.2", + "resolved": "https://registry.npmjs.org/send/-/send-0.19.2.tgz", + "integrity": "sha512-VMbMxbDeehAxpOtWJXlcUS5E8iXh6QmN+BkRX1GARS3wRaXEEgzCcB10gTQazO42tpNIya8xIyNx8fll1OFPrg==", + "license": "MIT", + "dependencies": { + "debug": "2.6.9", + "depd": "2.0.0", + "destroy": "1.2.0", + "encodeurl": "~2.0.0", + "escape-html": "~1.0.3", + "etag": "~1.8.1", + "fresh": "~0.5.2", + "http-errors": "~2.0.1", + "mime": "1.6.0", + "ms": "2.1.3", + "on-finished": "~2.4.1", + "range-parser": "~1.2.1", + "statuses": "~2.0.2" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/send/node_modules/ms": { + "version": "2.1.3", + "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz", + "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==", + "license": "MIT" + }, + "node_modules/serve-static": { + "version": "1.16.3", + "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.16.3.tgz", + "integrity": "sha512-x0RTqQel6g5SY7Lg6ZreMmsOzncHFU7nhnRWkKgWuMTu5NN0DR5oruckMqRvacAN9d5w6ARnRBXl9xhDCgfMeA==", + "license": "MIT", + "dependencies": { + "encodeurl": "~2.0.0", + "escape-html": "~1.0.3", + "parseurl": "~1.3.3", + "send": "~0.19.1" + }, + "engines": { + "node": ">= 0.8.0" + } + }, + "node_modules/setprototypeof": { + "version": "1.2.0", + "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.2.0.tgz", + "integrity": "sha512-E5LDX7Wrp85Kil5bhZv46j8jOeboKq5JMmYM3gVGdGH8xFpPWXUMsNrlODCrkoxMEeNi/XZIwuRvY4XNwYMJpw==", + "license": "ISC" + }, + "node_modules/side-channel": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/side-channel/-/side-channel-1.1.0.tgz", + "integrity": "sha512-ZX99e6tRweoUXqR+VBrslhda51Nh5MTQwou5tnUDgbtyM0dBgmhEDtWGP/xbKn6hqfPRHujUNwz5fy/wbbhnpw==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "object-inspect": "^1.13.3", + "side-channel-list": "^1.0.0", + "side-channel-map": "^1.0.1", + "side-channel-weakmap": "^1.0.2" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-list": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/side-channel-list/-/side-channel-list-1.0.0.tgz", + "integrity": "sha512-FCLHtRD/gnpCiCHEiJLOwdmFP+wzCmDEkc9y7NsYxeF4u7Btsn1ZuwgwJGxImImHicJArLP4R0yX4c2KCrMrTA==", + "license": "MIT", + "dependencies": { + "es-errors": "^1.3.0", + "object-inspect": "^1.13.3" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-map": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/side-channel-map/-/side-channel-map-1.0.1.tgz", + "integrity": "sha512-VCjCNfgMsby3tTdo02nbjtM/ewra6jPHmpThenkTYh8pG9ucZ/1P8So4u4FGBek/BjpOVsDCMoLA/iuBKIFXRA==", + "license": "MIT", + "dependencies": { + "call-bound": "^1.0.2", + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.5", + "object-inspect": "^1.13.3" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/side-channel-weakmap": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/side-channel-weakmap/-/side-channel-weakmap-1.0.2.tgz", + "integrity": "sha512-WPS/HvHQTYnHisLo9McqBHOJk2FkHO/tlpvldyrnem4aeQp4hai3gythswg6p01oSoTl58rcpiFAjF2br2Ak2A==", + "license": "MIT", + "dependencies": { + "call-bound": "^1.0.2", + "es-errors": "^1.3.0", + "get-intrinsic": "^1.2.5", + "object-inspect": "^1.13.3", + "side-channel-map": "^1.0.1" + }, + "engines": { + "node": ">= 0.4" + }, + "funding": { + "url": "https://github.com/sponsors/ljharb" + } + }, + "node_modules/simple-update-notifier": { + "version": "2.0.0", + "resolved": "https://registry.npmjs.org/simple-update-notifier/-/simple-update-notifier-2.0.0.tgz", + "integrity": "sha512-a2B9Y0KlNXl9u/vsW6sTIu9vGEpfKu2wRV6l1H3XEas/0gUIzGzBoP/IouTcUQbm9JWZLH3COxyn03TYlFax6w==", + "dev": true, + "license": "MIT", + "dependencies": { + "semver": "^7.5.3" + }, + "engines": { + "node": ">=10" + } + }, + "node_modules/split2": { + "version": "4.2.0", + "resolved": "https://registry.npmjs.org/split2/-/split2-4.2.0.tgz", + "integrity": "sha512-UcjcJOWknrNkF6PLX83qcHM6KHgVKNkV62Y8a5uYDVv9ydGQVwAHMKqHdJje1VTWpljG0WYpCDhrCdAOYH4TWg==", + "license": "ISC", + "engines": { + "node": ">= 10.x" + } + }, + "node_modules/statuses": { + "version": "2.0.2", + "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.2.tgz", + "integrity": "sha512-DvEy55V3DB7uknRo+4iOGT5fP1slR8wQohVdknigZPMpMstaKJQWhwiYBACJE3Ul2pTnATihhBYnRhZQHGBiRw==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/streamsearch": { + "version": "1.1.0", + "resolved": "https://registry.npmjs.org/streamsearch/-/streamsearch-1.1.0.tgz", + "integrity": "sha512-Mcc5wHehp9aXz1ax6bZUyY5afg9u2rv5cqQI3mRrYkGC8rW2hM02jWuwjtL++LS5qinSyhj2QfLyNsuc+VsExg==", + "engines": { + "node": ">=10.0.0" + } + }, + "node_modules/string_decoder": { + "version": "1.1.1", + "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz", + "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==", + "license": "MIT", + "dependencies": { + "safe-buffer": "~5.1.0" + } + }, + "node_modules/string_decoder/node_modules/safe-buffer": { + "version": "5.1.2", + "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz", + "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==", + "license": "MIT" + }, + "node_modules/stripe": { + "version": "20.1.0", + "resolved": "https://registry.npmjs.org/stripe/-/stripe-20.1.0.tgz", + "integrity": "sha512-o1VNRuMkY76ZCq92U3EH3/XHm/WHp7AerpzDs4Zyo8uE5mFL4QUcv/2SudWsSnhBSp4moO2+ZoGCZ7mT8crPmQ==", + "license": "MIT", + "dependencies": { + "qs": "^6.11.0" + }, + "engines": { + "node": ">=16" + }, + "peerDependencies": { + "@types/node": ">=16" + }, + "peerDependenciesMeta": { + "@types/node": { + "optional": true + } + } + }, + "node_modules/supports-color": { + "version": "5.5.0", + "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz", + "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==", + "dev": true, + "license": "MIT", + "dependencies": { + "has-flag": "^3.0.0" + }, + "engines": { + "node": ">=4" + } + }, + "node_modules/to-regex-range": { + "version": "5.0.1", + "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", + "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==", + "dev": true, + "license": "MIT", + "dependencies": { + "is-number": "^7.0.0" + }, + "engines": { + "node": ">=8.0" + } + }, + "node_modules/toidentifier": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.1.tgz", + "integrity": "sha512-o5sSPKEkg/DIQNmH43V0/uerLrpzVedkUh8tGNvaeXpfpuwjKenlSox/2O/BTlZUtEe+JG7s5YhEz608PlAHRA==", + "license": "MIT", + "engines": { + "node": ">=0.6" + } + }, + "node_modules/touch": { + "version": "3.1.1", + "resolved": "https://registry.npmjs.org/touch/-/touch-3.1.1.tgz", + "integrity": "sha512-r0eojU4bI8MnHr8c5bNo7lJDdI2qXlWWJk6a9EAFG7vbhTjElYhBVS3/miuE0uOuoLdb8Mc/rVfsmm6eo5o9GA==", + "dev": true, + "license": "ISC", + "bin": { + "nodetouch": "bin/nodetouch.js" + } + }, + "node_modules/tslib": { + "version": "2.8.1", + "resolved": "https://registry.npmjs.org/tslib/-/tslib-2.8.1.tgz", + "integrity": "sha512-oJFu94HQb+KVduSUQL7wnpmqnfmLsOA/nAh6b6EH0wCEoK0/mPeXU6c3wKDV83MkOuHPRHtSXKKU99IBazS/2w==", + "license": "0BSD" + }, + "node_modules/type-is": { + "version": "1.6.18", + "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz", + "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==", + "license": "MIT", + "dependencies": { + "media-typer": "0.3.0", + "mime-types": "~2.1.24" + }, + "engines": { + "node": ">= 0.6" + } + }, + "node_modules/typedarray": { + "version": "0.0.6", + "resolved": "https://registry.npmjs.org/typedarray/-/typedarray-0.0.6.tgz", + "integrity": "sha512-/aCDEGatGvZ2BIk+HmLf4ifCJFwvKFNb9/JeZPMulfgFracn9QFcAf5GO8B/mweUjSoblS5In0cWhqpfs/5PQA==", + "license": "MIT" + }, + "node_modules/undefsafe": { + "version": "2.0.5", + "resolved": "https://registry.npmjs.org/undefsafe/-/undefsafe-2.0.5.tgz", + "integrity": "sha512-WxONCrssBM8TSPRqN5EmsjVrsv4A8X12J4ArBiiayv3DyyG3ZlIg6yysuuSYdZsVz3TKcTg2fd//Ujd4CHV1iA==", + "dev": true, + "license": "MIT" + }, + "node_modules/undici-types": { + "version": "7.16.0", + "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.16.0.tgz", + "integrity": "sha512-Zz+aZWSj8LE6zoxD+xrjh4VfkIG8Ya6LvYkZqtUQGJPZjYl53ypCaUwWqo7eI0x66KBGeRo+mlBEkMSeSZ38Nw==", + "license": "MIT" + }, + "node_modules/unpipe": { + "version": "1.0.0", + "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz", + "integrity": "sha512-pjy2bYhSsufwWlKwPc+l3cN7+wuJlK6uz0YdJEOlQDbl6jo/YlPi4mb8agUkVC8BF7V8NuzeyPNqRksA3hztKQ==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/util-deprecate": { + "version": "1.0.2", + "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz", + "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==", + "license": "MIT" + }, + "node_modules/utils-merge": { + "version": "1.0.1", + "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz", + "integrity": "sha512-pMZTvIkT1d+TFGvDOqodOclx0QWkkgi6Tdoa8gC8ffGAAqz9pzPTZWAybbsHHoED/ztMtkv/VoYTYyShUn81hA==", + "license": "MIT", + "engines": { + "node": ">= 0.4.0" + } + }, + "node_modules/vary": { + "version": "1.1.2", + "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz", + "integrity": "sha512-BNGbWLfd0eUPabhkXUVm0j8uuvREyTh5ovRa/dyow/BqAbZJyC+5fU+IzQOzmAKzYqYRAISoRhdQr3eIZ/PXqg==", + "license": "MIT", + "engines": { + "node": ">= 0.8" + } + }, + "node_modules/ws": { + "version": "8.18.3", + "resolved": "https://registry.npmjs.org/ws/-/ws-8.18.3.tgz", + "integrity": "sha512-PEIGCY5tSlUt50cqyMXfCzX+oOPqN0vuGqWzbcJ2xvnkzkq46oOpz7dQaTDBdfICb4N14+GARUDw2XV2N4tvzg==", + "license": "MIT", + "engines": { + "node": ">=10.0.0" + }, + "peerDependencies": { + "bufferutil": "^4.0.1", + "utf-8-validate": ">=5.0.2" + }, + "peerDependenciesMeta": { + "bufferutil": { + "optional": true + }, + "utf-8-validate": { + "optional": true + } + } + }, + "node_modules/xtend": { + "version": "4.0.2", + "resolved": "https://registry.npmjs.org/xtend/-/xtend-4.0.2.tgz", + "integrity": "sha512-LKYU1iAXJXUgAXn9URjiu+MWhyUXHsvfp7mcuYm9dSUKK0/CjtrUwFAxD82/mCWbtLsGjFIad0wIsod4zrTAEQ==", + "license": "MIT", + "engines": { + "node": ">=0.4" + } + } + } +} diff --git a/backend/package.json b/backend/package.json new file mode 100644 index 0000000..32e709c --- /dev/null +++ b/backend/package.json @@ -0,0 +1,24 @@ +{ + "name": "wellnuo-api", + "version": "1.0.0", + "description": "WellNuo Backend API", + "main": "src/index.js", + "scripts": { + "start": "node src/index.js", + "dev": "nodemon src/index.js" + }, + "dependencies": { + "@supabase/supabase-js": "^2.39.0", + "bcryptjs": "^2.4.3", + "cors": "^2.8.5", + "dotenv": "^16.3.1", + "express": "^4.18.2", + "jsonwebtoken": "^9.0.2", + "multer": "^1.4.5-lts.1", + "pg": "^8.16.3", + "stripe": "^20.1.0" + }, + "devDependencies": { + "nodemon": "^3.0.2" + } +} diff --git a/backend/run-migration.js b/backend/run-migration.js new file mode 100644 index 0000000..11d14b6 --- /dev/null +++ b/backend/run-migration.js @@ -0,0 +1,52 @@ +#!/usr/bin/env node +/** + * Run SQL migration in Supabase + * + * This script requires direct PostgreSQL connection to Supabase. + * Get your database password from Supabase Dashboard: + * Settings → Database → Connection string → Password + * + * Usage: + * PGPASSWORD=your_password node run-migration.js + */ + +const { createClient } = require('@supabase/supabase-js'); +const fs = require('fs'); +const path = require('path'); + +const SUPABASE_URL = process.env.SUPABASE_URL || 'https://bfzizknbxbsfrffqityf.supabase.co'; +const SUPABASE_KEY = process.env.SUPABASE_SERVICE_KEY || 'sb_secret_N7TN930UzzXGgFgrAaozqA_Y4b0DKlM'; + +const supabase = createClient(SUPABASE_URL, SUPABASE_KEY); + +async function runMigration() { + console.log('Checking if password_resets table exists...'); + + // Try to query the table + const { data, error } = await supabase + .from('password_resets') + .select('id') + .limit(1); + + if (!error) { + console.log('✓ password_resets table already exists'); + return; + } + + if (error.code === 'PGRST205') { + console.log('Table does not exist. Please run the following SQL in Supabase Dashboard:'); + console.log('\n--- SQL to execute in Supabase Dashboard (SQL Editor) ---\n'); + + const sql = fs.readFileSync( + path.join(__dirname, 'migrations/001_password_resets.sql'), + 'utf8' + ); + console.log(sql); + console.log('\n--- End of SQL ---\n'); + console.log('URL: https://supabase.com/dashboard/project/bfzizknbxbsfrffqityf/sql'); + } else { + console.error('Error:', error); + } +} + +runMigration().catch(console.error); diff --git a/backend/scripts/MIGRATION_INSTRUCTIONS.html b/backend/scripts/MIGRATION_INSTRUCTIONS.html new file mode 100644 index 0000000..84b64c1 --- /dev/null +++ b/backend/scripts/MIGRATION_INSTRUCTIONS.html @@ -0,0 +1,170 @@ + + + + + WellNuo Database Migration + + + +

WellNuo Database Migration

+ +
+

Step 1: Open Supabase SQL Editor

+

Go to: + https://supabase.com/dashboard/project/bfzizknbxbsfrffqityf/sql/new +

+
+ +
+

Step 2: Copy and Run This SQL

+

Click the button to copy, then paste in SQL Editor and click "Run":

+ 
-- WellNuo Orders & Subscriptions Schema
+-- Compatible with existing database structure
+
+-- ============ ORDERS TABLE ============
+CREATE TABLE IF NOT EXISTS orders (
+  id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
+  order_number VARCHAR(50) UNIQUE NOT NULL,
+  user_id INTEGER REFERENCES person_details(user_id),
+
+  -- Beneficiary info (stored directly, not FK)
+  beneficiary_name VARCHAR(255),
+  beneficiary_address TEXT,
+  beneficiary_phone VARCHAR(50),
+
+  -- Stripe
+  stripe_session_id VARCHAR(255),
+  stripe_customer_id VARCHAR(255),
+  stripe_subscription_id VARCHAR(255),
+
+  -- Order details
+  status VARCHAR(50) DEFAULT 'paid' CHECK (status IN ('paid', 'preparing', 'shipped', 'delivered', 'installed', 'canceled')),
+  amount_total INTEGER NOT NULL, -- in cents
+  currency VARCHAR(3) DEFAULT 'usd',
+
+  -- Shipping
+  shipping_address JSONB,
+  shipping_name VARCHAR(255),
+  tracking_number VARCHAR(255),
+  carrier VARCHAR(50),
+  estimated_delivery DATE,
+
+  -- Items
+  items JSONB NOT NULL DEFAULT '[]',
+
+  -- Timestamps
+  created_at TIMESTAMPTZ DEFAULT NOW(),
+  updated_at TIMESTAMPTZ DEFAULT NOW(),
+  shipped_at TIMESTAMPTZ,
+  delivered_at TIMESTAMPTZ
+);
+
+-- Index for faster queries
+CREATE INDEX IF NOT EXISTS idx_orders_user_id ON orders(user_id);
+CREATE INDEX IF NOT EXISTS idx_orders_status ON orders(status);
+CREATE INDEX IF NOT EXISTS idx_orders_created_at ON orders(created_at DESC);
+
+-- ============ SUBSCRIPTIONS TABLE ============
+CREATE TABLE IF NOT EXISTS subscriptions (
+  id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
+  user_id INTEGER REFERENCES person_details(user_id),
+  deployment_id INTEGER REFERENCES deployments(deployment_id),
+
+  -- Stripe
+  stripe_subscription_id VARCHAR(255) UNIQUE,
+  stripe_customer_id VARCHAR(255),
+
+  -- Plan
+  plan VARCHAR(50) DEFAULT 'free' CHECK (plan IN ('free', 'premium')),
+  status VARCHAR(50) DEFAULT 'active' CHECK (status IN ('active', 'past_due', 'canceled', 'unpaid')),
+
+  -- Billing period
+  current_period_start TIMESTAMPTZ,
+  current_period_end TIMESTAMPTZ,
+  canceled_at TIMESTAMPTZ,
+
+  -- Timestamps
+  created_at TIMESTAMPTZ DEFAULT NOW(),
+  updated_at TIMESTAMPTZ DEFAULT NOW()
+);
+
+CREATE INDEX IF NOT EXISTS idx_subscriptions_user_id ON subscriptions(user_id);
+CREATE INDEX IF NOT EXISTS idx_subscriptions_status ON subscriptions(status);
+
+-- ============ PUSH TOKENS TABLE ============
+CREATE TABLE IF NOT EXISTS push_tokens (
+  id UUID DEFAULT gen_random_uuid() PRIMARY KEY,
+  user_id INTEGER REFERENCES person_details(user_id),
+  token TEXT NOT NULL,
+  platform VARCHAR(20) CHECK (platform IN ('ios', 'android', 'web')),
+  device_id VARCHAR(255),
+  created_at TIMESTAMPTZ DEFAULT NOW(),
+  updated_at TIMESTAMPTZ DEFAULT NOW(),
+
+  UNIQUE(user_id, token)
+);
+
+CREATE INDEX IF NOT EXISTS idx_push_tokens_user_id ON push_tokens(user_id);
+
+-- ============ UPDATED_AT TRIGGER ============
+CREATE OR REPLACE FUNCTION update_updated_at_column()
+RETURNS TRIGGER AS $$
+BEGIN
+  NEW.updated_at = NOW();
+  RETURN NEW;
+END;
+$$ language 'plpgsql';
+
+-- Drop triggers if exist and recreate
+DROP TRIGGER IF EXISTS update_orders_updated_at ON orders;
+CREATE TRIGGER update_orders_updated_at BEFORE UPDATE ON orders
+  FOR EACH ROW EXECUTE FUNCTION update_updated_at_column();
+
+DROP TRIGGER IF EXISTS update_subscriptions_updated_at ON subscriptions;
+CREATE TRIGGER update_subscriptions_updated_at BEFORE UPDATE ON subscriptions
+  FOR EACH ROW EXECUTE FUNCTION update_updated_at_column();
+
+-- ============ TEST INSERT ============
+-- Insert a test order to verify everything works
+INSERT INTO orders (order_number, user_id, beneficiary_name, beneficiary_address, status, amount_total, items)
+VALUES ('WN-TEST-0001', NULL, 'Test Beneficiary', '123 Test St', 'paid', 25899, '[{"type": "starter_kit", "name": "WellNuo Starter Kit", "price": 24900}, {"type": "subscription", "name": "Premium Monthly", "price": 999}]')
+ON CONFLICT (order_number) DO NOTHING;
+ +
+ +
+

Step 3: Verify Tables Created

+

After running, you should see:

+ +
+ +
+ After migration: The admin panel at https://wellnuo.smartlaunchhub.com/admin should work fully! +
+ + + + diff --git a/backend/scripts/create-tables-v2.sql b/backend/scripts/create-tables-v2.sql new file mode 100644 index 0000000..e101746 --- /dev/null +++ b/backend/scripts/create-tables-v2.sql @@ -0,0 +1,112 @@ +-- WellNuo Orders & Subscriptions Schema +-- Compatible with existing database structure +-- Run this in Supabase SQL Editor + +-- ============ ORDERS TABLE ============ +CREATE TABLE IF NOT EXISTS orders ( + id UUID DEFAULT gen_random_uuid() PRIMARY KEY, + order_number VARCHAR(50) UNIQUE NOT NULL, + user_id INTEGER REFERENCES person_details(user_id), + + -- Beneficiary info (stored directly, not FK) + beneficiary_name VARCHAR(255), + beneficiary_address TEXT, + beneficiary_phone VARCHAR(50), + + -- Stripe + stripe_session_id VARCHAR(255), + stripe_customer_id VARCHAR(255), + stripe_subscription_id VARCHAR(255), + + -- Order details + status VARCHAR(50) DEFAULT 'paid' CHECK (status IN ('paid', 'preparing', 'shipped', 'delivered', 'installed', 'canceled')), + amount_total INTEGER NOT NULL, -- in cents + currency VARCHAR(3) DEFAULT 'usd', + + -- Shipping + shipping_address JSONB, + shipping_name VARCHAR(255), + tracking_number VARCHAR(255), + carrier VARCHAR(50), + estimated_delivery DATE, + + -- Items + items JSONB NOT NULL DEFAULT '[]', + + -- Timestamps + created_at TIMESTAMPTZ DEFAULT NOW(), + updated_at TIMESTAMPTZ DEFAULT NOW(), + shipped_at TIMESTAMPTZ, + delivered_at TIMESTAMPTZ +); + +-- Index for faster queries +CREATE INDEX IF NOT EXISTS idx_orders_user_id ON orders(user_id); +CREATE INDEX IF NOT EXISTS idx_orders_status ON orders(status); +CREATE INDEX IF NOT EXISTS idx_orders_created_at ON orders(created_at DESC); + +-- ============ SUBSCRIPTIONS TABLE ============ +CREATE TABLE IF NOT EXISTS subscriptions ( + id UUID DEFAULT gen_random_uuid() PRIMARY KEY, + user_id INTEGER REFERENCES person_details(user_id), + deployment_id INTEGER REFERENCES deployments(deployment_id), + + -- Stripe + stripe_subscription_id VARCHAR(255) UNIQUE, + stripe_customer_id VARCHAR(255), + + -- Plan + plan VARCHAR(50) DEFAULT 'free' CHECK (plan IN ('free', 'premium')), + status VARCHAR(50) DEFAULT 'active' CHECK (status IN ('active', 'past_due', 'canceled', 'unpaid')), + + -- Billing period + current_period_start TIMESTAMPTZ, + current_period_end TIMESTAMPTZ, + canceled_at TIMESTAMPTZ, + + -- Timestamps + created_at TIMESTAMPTZ DEFAULT NOW(), + updated_at TIMESTAMPTZ DEFAULT NOW() +); + +CREATE INDEX IF NOT EXISTS idx_subscriptions_user_id ON subscriptions(user_id); +CREATE INDEX IF NOT EXISTS idx_subscriptions_status ON subscriptions(status); + +-- ============ PUSH TOKENS TABLE ============ +CREATE TABLE IF NOT EXISTS push_tokens ( + id UUID DEFAULT gen_random_uuid() PRIMARY KEY, + user_id INTEGER REFERENCES person_details(user_id), + token TEXT NOT NULL, + platform VARCHAR(20) CHECK (platform IN ('ios', 'android', 'web')), + device_id VARCHAR(255), + created_at TIMESTAMPTZ DEFAULT NOW(), + updated_at TIMESTAMPTZ DEFAULT NOW(), + + UNIQUE(user_id, token) +); + +CREATE INDEX IF NOT EXISTS idx_push_tokens_user_id ON push_tokens(user_id); + +-- ============ UPDATED_AT TRIGGER ============ +CREATE OR REPLACE FUNCTION update_updated_at_column() +RETURNS TRIGGER AS $$ +BEGIN + NEW.updated_at = NOW(); + RETURN NEW; +END; +$$ language 'plpgsql'; + +-- Drop triggers if exist and recreate +DROP TRIGGER IF EXISTS update_orders_updated_at ON orders; +CREATE TRIGGER update_orders_updated_at BEFORE UPDATE ON orders + FOR EACH ROW EXECUTE FUNCTION update_updated_at_column(); + +DROP TRIGGER IF EXISTS update_subscriptions_updated_at ON subscriptions; +CREATE TRIGGER update_subscriptions_updated_at BEFORE UPDATE ON subscriptions + FOR EACH ROW EXECUTE FUNCTION update_updated_at_column(); + +-- ============ TEST INSERT ============ +-- Insert a test order to verify everything works +INSERT INTO orders (order_number, user_id, beneficiary_name, beneficiary_address, status, amount_total, items) +VALUES ('WN-TEST-0001', NULL, 'Test Beneficiary', '123 Test St', 'paid', 25899, '[{"type": "starter_kit", "name": "WellNuo Starter Kit", "price": 24900}, {"type": "subscription", "name": "Premium Monthly", "price": 999}]') +ON CONFLICT (order_number) DO NOTHING; diff --git a/backend/scripts/create-tables.sql b/backend/scripts/create-tables.sql new file mode 100644 index 0000000..57d2646 --- /dev/null +++ b/backend/scripts/create-tables.sql @@ -0,0 +1,205 @@ +-- WellNuo Database Schema +-- Run this in Supabase SQL Editor + +-- ============ ORDERS TABLE ============ +CREATE TABLE IF NOT EXISTS orders ( + id UUID DEFAULT gen_random_uuid() PRIMARY KEY, + order_number VARCHAR(50) UNIQUE NOT NULL, + user_id UUID NOT NULL REFERENCES auth.users(id), + beneficiary_id UUID REFERENCES beneficiaries(id), + + -- Stripe + stripe_session_id VARCHAR(255), + stripe_customer_id VARCHAR(255), + stripe_subscription_id VARCHAR(255), + + -- Order details + status VARCHAR(50) DEFAULT 'paid' CHECK (status IN ('paid', 'preparing', 'shipped', 'delivered', 'installed', 'canceled')), + amount_total INTEGER NOT NULL, -- in cents + currency VARCHAR(3) DEFAULT 'usd', + + -- Shipping + shipping_address JSONB, + shipping_name VARCHAR(255), + tracking_number VARCHAR(255), + carrier VARCHAR(50), + estimated_delivery DATE, + + -- Items + items JSONB NOT NULL DEFAULT '[]', + + -- Timestamps + created_at TIMESTAMPTZ DEFAULT NOW(), + updated_at TIMESTAMPTZ DEFAULT NOW(), + shipped_at TIMESTAMPTZ, + delivered_at TIMESTAMPTZ +); + +-- Index for faster queries +CREATE INDEX idx_orders_user_id ON orders(user_id); +CREATE INDEX idx_orders_status ON orders(status); +CREATE INDEX idx_orders_created_at ON orders(created_at DESC); + +-- ============ SUBSCRIPTIONS TABLE ============ +CREATE TABLE IF NOT EXISTS subscriptions ( + id UUID DEFAULT gen_random_uuid() PRIMARY KEY, + user_id UUID NOT NULL REFERENCES auth.users(id), + beneficiary_id UUID REFERENCES beneficiaries(id), + + -- Stripe + stripe_subscription_id VARCHAR(255) UNIQUE, + stripe_customer_id VARCHAR(255), + + -- Plan + plan VARCHAR(50) DEFAULT 'free' CHECK (plan IN ('free', 'premium')), + status VARCHAR(50) DEFAULT 'active' CHECK (status IN ('active', 'past_due', 'canceled', 'unpaid')), + + -- Billing period + current_period_start TIMESTAMPTZ, + current_period_end TIMESTAMPTZ, + canceled_at TIMESTAMPTZ, + + -- Timestamps + created_at TIMESTAMPTZ DEFAULT NOW(), + updated_at TIMESTAMPTZ DEFAULT NOW() +); + +CREATE INDEX idx_subscriptions_user_id ON subscriptions(user_id); +CREATE INDEX idx_subscriptions_status ON subscriptions(status); + +-- ============ BENEFICIARIES TABLE (if not exists) ============ +CREATE TABLE IF NOT EXISTS beneficiaries ( + id UUID DEFAULT gen_random_uuid() PRIMARY KEY, + user_id UUID NOT NULL REFERENCES auth.users(id), + + -- Info + name VARCHAR(255) NOT NULL, + photo_url TEXT, + address TEXT, + phone VARCHAR(50), + notes TEXT, + + -- Status + status VARCHAR(50) DEFAULT 'awaiting_sensors' CHECK (status IN ('awaiting_sensors', 'setup_pending', 'active', 'inactive')), + + -- Timestamps + created_at TIMESTAMPTZ DEFAULT NOW(), + updated_at TIMESTAMPTZ DEFAULT NOW() +); + +CREATE INDEX idx_beneficiaries_user_id ON beneficiaries(user_id); + +-- ============ DEVICES TABLE ============ +CREATE TABLE IF NOT EXISTS devices ( + id UUID DEFAULT gen_random_uuid() PRIMARY KEY, + beneficiary_id UUID REFERENCES beneficiaries(id), + + -- Device info + device_type VARCHAR(50) NOT NULL CHECK (device_type IN ('hub', 'motion', 'door', 'window', 'environment')), + serial_number VARCHAR(255) UNIQUE, + name VARCHAR(255), + room VARCHAR(255), + + -- Status + status VARCHAR(50) DEFAULT 'offline' CHECK (status IN ('online', 'offline', 'error')), + last_seen TIMESTAMPTZ, + battery_level INTEGER, + + -- Timestamps + created_at TIMESTAMPTZ DEFAULT NOW(), + updated_at TIMESTAMPTZ DEFAULT NOW() +); + +CREATE INDEX idx_devices_beneficiary_id ON devices(beneficiary_id); +CREATE INDEX idx_devices_status ON devices(status); + +-- ============ PUSH TOKENS TABLE ============ +CREATE TABLE IF NOT EXISTS push_tokens ( + id UUID DEFAULT gen_random_uuid() PRIMARY KEY, + user_id UUID NOT NULL REFERENCES auth.users(id), + token TEXT NOT NULL, + platform VARCHAR(20) CHECK (platform IN ('ios', 'android', 'web')), + device_id VARCHAR(255), + created_at TIMESTAMPTZ DEFAULT NOW(), + updated_at TIMESTAMPTZ DEFAULT NOW(), + + UNIQUE(user_id, token) +); + +CREATE INDEX idx_push_tokens_user_id ON push_tokens(user_id); + +-- ============ ROW LEVEL SECURITY ============ + +-- Enable RLS +ALTER TABLE orders ENABLE ROW LEVEL SECURITY; +ALTER TABLE subscriptions ENABLE ROW LEVEL SECURITY; +ALTER TABLE beneficiaries ENABLE ROW LEVEL SECURITY; +ALTER TABLE devices ENABLE ROW LEVEL SECURITY; +ALTER TABLE push_tokens ENABLE ROW LEVEL SECURITY; + +-- Orders: users can only see their own orders +CREATE POLICY "Users can view own orders" ON orders + FOR SELECT USING (auth.uid() = user_id); + +-- Subscriptions: users can only see their own subscriptions +CREATE POLICY "Users can view own subscriptions" ON subscriptions + FOR SELECT USING (auth.uid() = user_id); + +-- Beneficiaries: users can view and manage their own beneficiaries +CREATE POLICY "Users can view own beneficiaries" ON beneficiaries + FOR SELECT USING (auth.uid() = user_id); + +CREATE POLICY "Users can insert own beneficiaries" ON beneficiaries + FOR INSERT WITH CHECK (auth.uid() = user_id); + +CREATE POLICY "Users can update own beneficiaries" ON beneficiaries + FOR UPDATE USING (auth.uid() = user_id); + +-- Devices: users can view devices for their beneficiaries +CREATE POLICY "Users can view devices for own beneficiaries" ON devices + FOR SELECT USING ( + beneficiary_id IN ( + SELECT id FROM beneficiaries WHERE user_id = auth.uid() + ) + ); + +-- Push tokens: users can manage their own tokens +CREATE POLICY "Users can manage own push tokens" ON push_tokens + FOR ALL USING (auth.uid() = user_id); + +-- ============ SERVICE ROLE POLICIES ============ +-- These allow the backend (service role) to manage all data + +CREATE POLICY "Service role can manage orders" ON orders + FOR ALL USING (auth.role() = 'service_role'); + +CREATE POLICY "Service role can manage subscriptions" ON subscriptions + FOR ALL USING (auth.role() = 'service_role'); + +CREATE POLICY "Service role can manage beneficiaries" ON beneficiaries + FOR ALL USING (auth.role() = 'service_role'); + +CREATE POLICY "Service role can manage devices" ON devices + FOR ALL USING (auth.role() = 'service_role'); + +-- ============ UPDATED_AT TRIGGERS ============ + +CREATE OR REPLACE FUNCTION update_updated_at_column() +RETURNS TRIGGER AS $$ +BEGIN + NEW.updated_at = NOW(); + RETURN NEW; +END; +$$ language 'plpgsql'; + +CREATE TRIGGER update_orders_updated_at BEFORE UPDATE ON orders + FOR EACH ROW EXECUTE FUNCTION update_updated_at_column(); + +CREATE TRIGGER update_subscriptions_updated_at BEFORE UPDATE ON subscriptions + FOR EACH ROW EXECUTE FUNCTION update_updated_at_column(); + +CREATE TRIGGER update_beneficiaries_updated_at BEFORE UPDATE ON beneficiaries + FOR EACH ROW EXECUTE FUNCTION update_updated_at_column(); + +CREATE TRIGGER update_devices_updated_at BEFORE UPDATE ON devices + FOR EACH ROW EXECUTE FUNCTION update_updated_at_column(); diff --git a/backend/scripts/setup-stripe-products.js b/backend/scripts/setup-stripe-products.js new file mode 100644 index 0000000..4bc97c5 --- /dev/null +++ b/backend/scripts/setup-stripe-products.js @@ -0,0 +1,94 @@ +/** + * Setup Stripe Products and Prices + * Run once: node scripts/setup-stripe-products.js + */ + +require('dotenv').config(); +const Stripe = require('stripe'); + +const stripe = new Stripe(process.env.STRIPE_SECRET_KEY); + +async function setupStripeProducts() { + console.log('Setting up Stripe products and prices...\n'); + + try { + // 1. Create Starter Kit product + console.log('Creating Starter Kit product...'); + const starterKit = await stripe.products.create({ + name: 'WellNuo Starter Kit', + description: '2x Motion Sensors + 1x Door Sensor + 1x Hub - Everything you need to start monitoring', + metadata: { + type: 'hardware', + sku: 'KIT-STARTER-001' + } + }); + console.log(`✓ Product created: ${starterKit.id}`); + + // Create price for Starter Kit ($249 one-time) + const starterKitPrice = await stripe.prices.create({ + product: starterKit.id, + unit_amount: 24900, // $249.00 + currency: 'usd', + metadata: { + display_name: 'Starter Kit' + } + }); + console.log(`✓ Price created: ${starterKitPrice.id} ($249.00)\n`); + + // 2. Create Premium Subscription product + console.log('Creating Premium Subscription product...'); + const premium = await stripe.products.create({ + name: 'WellNuo Premium', + description: 'AI Julia assistant, 90-day activity history, invite up to 5 family members', + metadata: { + type: 'subscription', + tier: 'premium' + } + }); + console.log(`✓ Product created: ${premium.id}`); + + // Create price for Premium ($9.99/month) + const premiumPrice = await stripe.prices.create({ + product: premium.id, + unit_amount: 999, // $9.99 + currency: 'usd', + recurring: { + interval: 'month' + }, + metadata: { + display_name: 'Premium Monthly' + } + }); + console.log(`✓ Price created: ${premiumPrice.id} ($9.99/month)\n`); + + // Summary + console.log('='.repeat(50)); + console.log('STRIPE SETUP COMPLETE'); + console.log('='.repeat(50)); + console.log('\nAdd these to your .env file:\n'); + console.log(`STRIPE_PRICE_STARTER_KIT=${starterKitPrice.id}`); + console.log(`STRIPE_PRICE_PREMIUM=${premiumPrice.id}`); + console.log(`STRIPE_PRODUCT_STARTER_KIT=${starterKit.id}`); + console.log(`STRIPE_PRODUCT_PREMIUM=${premium.id}`); + console.log('\n'); + + return { + starterKit: { + productId: starterKit.id, + priceId: starterKitPrice.id + }, + premium: { + productId: premium.id, + priceId: premiumPrice.id + } + }; + + } catch (error) { + console.error('Error setting up Stripe:', error.message); + throw error; + } +} + +setupStripeProducts() + .then(() => process.exit(0)) + .catch(() => process.exit(1)); diff --git a/backend/src/admin/index.html b/backend/src/admin/index.html new file mode 100644 index 0000000..01707ce --- /dev/null +++ b/backend/src/admin/index.html @@ -0,0 +1,492 @@ + + + + + + WellNuo Admin + + + + + +
+
+

WellNuo Admin

+ + + +
+
+ + + + + + + + + + diff --git a/backend/src/config/stripe.js b/backend/src/config/stripe.js new file mode 100644 index 0000000..a3701cb --- /dev/null +++ b/backend/src/config/stripe.js @@ -0,0 +1,24 @@ +const Stripe = require('stripe'); + +const stripe = new Stripe(process.env.STRIPE_SECRET_KEY, { + apiVersion: '2024-12-18.acacia' +}); + +// Product and Price IDs - will be created on first run +const PRODUCTS = { + STARTER_KIT: { + name: 'WellNuo Starter Kit', + description: '2x Motion Sensors + 1x Door Sensor + 1x Hub', + price: 24900, // $249.00 in cents + type: 'one_time' + }, + PREMIUM_SUBSCRIPTION: { + name: 'WellNuo Premium', + description: 'AI Julia chat, 90-day history, invite up to 5 family members', + price: 999, // $9.99 in cents + type: 'recurring', + interval: 'month' + } +}; + +module.exports = { stripe, PRODUCTS }; diff --git a/backend/src/config/supabase.js b/backend/src/config/supabase.js new file mode 100644 index 0000000..f7d12ee --- /dev/null +++ b/backend/src/config/supabase.js @@ -0,0 +1,17 @@ +const { createClient } = require('@supabase/supabase-js'); + +const supabaseUrl = process.env.SUPABASE_URL; +const supabaseKey = process.env.SUPABASE_SERVICE_KEY; + +if (!supabaseUrl || !supabaseKey) { + console.error('Missing Supabase credentials!'); +} + +const supabase = createClient(supabaseUrl, supabaseKey, { + auth: { + autoRefreshToken: false, + persistSession: false + } +}); + +module.exports = { supabase }; diff --git a/backend/src/controllers/alarm.js b/backend/src/controllers/alarm.js new file mode 100644 index 0000000..1970b3b --- /dev/null +++ b/backend/src/controllers/alarm.js @@ -0,0 +1,134 @@ +const { supabase } = require('../config/supabase'); + +// POST: alarm_on_off +exports.onOff = async (req, res) => { + const { user_name, token, deployment_id, alarm_on } = req.body; + + try { + const { error } = await supabase + .from('deployments') + .update({ + alarm_on: alarm_on === '1' || alarm_on === 1, + time_edit: Date.now() / 1000 + }) + .eq('deployment_id', deployment_id); + + if (error) throw error; + + return res.json({ + success: true, + deployment_id, + alarm_on: alarm_on === '1' || alarm_on === 1 + }); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; + +// POST: get_alarm_state +exports.getState = async (req, res) => { + const { user_name, token, deployment_id } = req.body; + + try { + const { data, error } = await supabase + .from('deployments') + .select('deployment_id, alarm_on, alarm_details') + .eq('deployment_id', deployment_id) + .single(); + + if (error) throw error; + + return res.json({ + deployment_id, + alarm_on: data?.alarm_on || false, + alarm_details: data?.alarm_details || null + }); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; + +// POST: store_alarms +exports.store = async (req, res) => { + const { + user_name, token, deployment_id, deployment_alarms, + device_id, device_alarms + } = req.body; + + try { + // Store deployment alarms + if (deployment_id && deployment_alarms) { + await supabase + .from('deployments') + .update({ + alarm_details: JSON.parse(deployment_alarms), + time_edit: Date.now() / 1000 + }) + .eq('deployment_id', deployment_id); + } + + // Store device alarms + if (device_id && device_alarms) { + await supabase + .from('devices') + .update({ + alarm_settings: JSON.parse(device_alarms), + time_edit: Date.now() / 1000 + }) + .eq('device_id', device_id); + } + + return res.json({ success: true }); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; + +// POST: send_walarm +exports.sendWalarm = async (req, res) => { + const { + user_name, token, deployment_id, + location, method, conditionType, content + } = req.body; + + try { + // TODO: Implement alarm sending (push notifications, SMS, etc.) + // For now, log the alarm and return success + + console.log('ALARM:', { + deployment_id, + location, + method, + conditionType, + content, + timestamp: new Date().toISOString() + }); + + return res.json({ + success: true, + message: 'Alarm sent', + deployment_id + }); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; + +// POST: activity_detected +exports.activityDetected = async (req, res) => { + const { user_name, token, time, deployment_id, device_id } = req.body; + + try { + // Log activity detection + // TODO: Store in activity_log table + + return res.json({ + success: true, + time, + deployment_id, + device_id + }); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; diff --git a/backend/src/controllers/auth.js b/backend/src/controllers/auth.js new file mode 100644 index 0000000..c77120f --- /dev/null +++ b/backend/src/controllers/auth.js @@ -0,0 +1,243 @@ +const jwt = require('jsonwebtoken'); +const bcrypt = require('bcryptjs'); +const crypto = require('crypto'); +const { supabase } = require('../config/supabase'); +const { sendPasswordResetEmail } = require('../services/email'); + +// POST: credentials - login +exports.credentials = async (req, res) => { + const { user_name, ps, clientId, nonce } = req.body; + + try { + // Get user from database (need users table) + // For now, return mock response matching old API format + const { data: user, error } = await supabase + .from('users') + .select('*') + .eq('username', user_name) + .single(); + + if (error || !user) { + return res.status(401).json({ error: 'Invalid credentials' }); + } + + // Verify password + const validPassword = await bcrypt.compare(ps, user.password_hash); + if (!validPassword) { + return res.status(401).json({ error: 'Invalid credentials' }); + } + + // Generate JWT token + const access_token = jwt.sign( + { + username: user_name, + user_id: user.id, + role: user.role + }, + process.env.JWT_SECRET, + { expiresIn: process.env.JWT_EXPIRES_IN } + ); + + return res.json({ + access_token, + user_id: user.id, + role: user.role, + first_name: user.first_name, + last_name: user.last_name, + email: user.email + }); + + } catch (error) { + console.error('Credentials error:', error); + return res.status(500).json({ error: error.message }); + } +}; + +// POST: new_user_form - register new user +exports.newUserForm = async (req, res) => { + const { + firstName, + lastName, + email, + password, + devices, + agreementDate, + privacyPolicyVersion, + phone + } = req.body; + + try { + // Hash password + const password_hash = await bcrypt.hash(password, 10); + + // Generate username from email + const username = email.split('@')[0]; + + // Insert new user + const { data: user, error } = await supabase + .from('users') + .insert({ + username, + email, + password_hash, + first_name: firstName, + last_name: lastName, + phone, + devices: devices ? JSON.parse(devices) : [], + agreement_date: agreementDate, + privacy_policy_version: privacyPolicyVersion, + role: 'beneficiary', + created_at: new Date().toISOString() + }) + .select() + .single(); + + if (error) { + return res.status(400).json({ error: error.message }); + } + + // Generate token for auto-login + const access_token = jwt.sign( + { + username: user.username, + user_id: user.id, + role: user.role + }, + process.env.JWT_SECRET, + { expiresIn: process.env.JWT_EXPIRES_IN } + ); + + return res.json({ + success: true, + access_token, + user_id: user.id + }); + + } catch (error) { + console.error('New user form error:', error); + return res.status(500).json({ error: error.message }); + } +}; + +// POST: forgot_password - request password reset +exports.forgotPassword = async (req, res) => { + const { email } = req.body; + + if (!email) { + return res.status(400).json({ error: 'Email is required' }); + } + + try { + // Find user by email in person_details table + const { data: user, error: userError } = await supabase + .from('person_details') + .select('user_id, email, first_name') + .eq('email', email) + .single(); + + if (userError || !user) { + // Don't reveal if email exists or not (security) + return res.json({ + success: true, + message: 'If this email exists, a password reset link will be sent' + }); + } + + // Generate reset token + const resetToken = crypto.randomBytes(32).toString('hex'); + const expiresAt = new Date(Date.now() + 60 * 60 * 1000); // 1 hour + + // Store reset token in password_resets table + const { error: insertError } = await supabase + .from('password_resets') + .insert({ + user_id: user.user_id, + token: resetToken, + expires_at: expiresAt.toISOString() + }); + + if (insertError) { + console.error('Failed to store reset token:', insertError); + return res.status(500).json({ error: 'Failed to process request' }); + } + + // Send reset email + try { + await sendPasswordResetEmail(email, resetToken); + } catch (emailError) { + console.error('Failed to send email:', emailError); + // Still return success to not reveal email status + } + + return res.json({ + success: true, + message: 'If this email exists, a password reset link will be sent' + }); + + } catch (error) { + console.error('Forgot password error:', error); + return res.status(500).json({ error: error.message }); + } +}; + +// POST: reset_password - set new password using token +exports.resetPassword = async (req, res) => { + const { token, password } = req.body; + + if (!token || !password) { + return res.status(400).json({ error: 'Token and password are required' }); + } + + if (password.length < 6) { + return res.status(400).json({ error: 'Password must be at least 6 characters' }); + } + + try { + // Find valid reset token + const { data: resetRecord, error: tokenError } = await supabase + .from('password_resets') + .select('*') + .eq('token', token) + .is('used_at', null) + .gt('expires_at', new Date().toISOString()) + .single(); + + if (tokenError || !resetRecord) { + return res.status(400).json({ error: 'Invalid or expired reset token' }); + } + + // Hash new password + const passwordHash = await bcrypt.hash(password, 10); + + // Update password in person_details table + // Note: Currently passwords are stored in 'key' field as plain text + // This updates to password_hash field (need to add this column) + const { error: updateError } = await supabase + .from('person_details') + .update({ + key: password, // Legacy: update plain text (TODO: migrate to password_hash) + // password_hash: passwordHash // Future: use hashed password + }) + .eq('user_id', resetRecord.user_id); + + if (updateError) { + console.error('Failed to update password:', updateError); + return res.status(500).json({ error: 'Failed to update password' }); + } + + // Mark token as used + await supabase + .from('password_resets') + .update({ used_at: new Date().toISOString() }) + .eq('id', resetRecord.id); + + return res.json({ + success: true, + message: 'Password has been reset successfully' + }); + + } catch (error) { + console.error('Reset password error:', error); + return res.status(500).json({ error: error.message }); + } +}; diff --git a/backend/src/controllers/beneficiary.js b/backend/src/controllers/beneficiary.js new file mode 100644 index 0000000..7767ba5 --- /dev/null +++ b/backend/src/controllers/beneficiary.js @@ -0,0 +1,100 @@ +const { supabase } = require('../config/supabase'); + +// POST: beneficiaries_list +exports.list = async (req, res) => { + const { user_name, token, first = 0, last = 100 } = req.body; + + try { + const { data, error, count } = await supabase + .from('person_details') + .select('*', { count: 'exact' }) + .eq('role', 'beneficiary') + .range(parseInt(first), parseInt(last) - 1); + + if (error) throw error; + + return res.json({ + beneficiaries: data, + total: count + }); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; + +// POST: get_beneficiary +exports.get = async (req, res) => { + const { user_name, token, user_id } = req.body; + + try { + const { data, error } = await supabase + .from('person_details') + .select('*') + .eq('person_id', user_id) + .single(); + + if (error) throw error; + return res.json(data); + } catch (error) { + return res.status(404).json({ error: 'Beneficiary not found' }); + } +}; + +// POST: beneficiary_form - create/update beneficiary +exports.form = async (req, res) => { + const { + user_name, token, new_user_name, editing_user_id, user_id, + role_ids, email, first_name, last_name, + address_street, address_city, address_zip, address_state, address_country, + phone_number, picture, key + } = req.body; + + try { + const personData = { + username: new_user_name, + email, + first_name, + last_name, + address_street, + address_city, + address_zip, + address_state, + address_country, + phone_number, + picture, + role: 'beneficiary', + role_ids: role_ids ? JSON.parse(role_ids) : null, + time_edit: Date.now() / 1000 + }; + + let result; + const id = editing_user_id || user_id; + + if (id) { + // Update existing + const { data, error } = await supabase + .from('person_details') + .update(personData) + .eq('person_id', id) + .select() + .single(); + + if (error) throw error; + result = data; + } else { + // Create new + const { data, error } = await supabase + .from('person_details') + .insert(personData) + .select() + .single(); + + if (error) throw error; + result = data; + } + + return res.json({ success: true, beneficiary: result }); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; diff --git a/backend/src/controllers/caretaker.js b/backend/src/controllers/caretaker.js new file mode 100644 index 0000000..e30c068 --- /dev/null +++ b/backend/src/controllers/caretaker.js @@ -0,0 +1,101 @@ +const { supabase } = require('../config/supabase'); + +// POST: caretakers_list +exports.list = async (req, res) => { + const { user_name, token, first = 0, last = 100 } = req.body; + + try { + const { data, error, count } = await supabase + .from('person_details') + .select('*', { count: 'exact' }) + .eq('role', 'caretaker') + .range(parseInt(first), parseInt(last) - 1); + + if (error) throw error; + + return res.json({ + caretakers: data, + total: count + }); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; + +// POST: get_caretaker +exports.get = async (req, res) => { + const { user_name, token, user_id } = req.body; + + try { + const { data, error } = await supabase + .from('person_details') + .select('*') + .eq('person_id', user_id) + .single(); + + if (error) throw error; + return res.json(data); + } catch (error) { + return res.status(404).json({ error: 'Caretaker not found' }); + } +}; + +// POST: caretaker_form - create/update caretaker +exports.form = async (req, res) => { + const { + user_name, token, new_user_name, user_id, editing_user_id, key, + role_ids, access_to, email, first_name, last_name, + address_street, address_city, address_zip, address_state, address_country, + phone_number, picture + } = req.body; + + try { + const personData = { + username: new_user_name, + email, + first_name, + last_name, + address_street, + address_city, + address_zip, + address_state, + address_country, + phone_number, + picture, + role: 'caretaker', + role_ids: role_ids ? JSON.parse(role_ids) : null, + access_to: access_to ? JSON.parse(access_to) : null, + time_edit: Date.now() / 1000 + }; + + let result; + const id = editing_user_id || user_id; + + if (id) { + // Update existing + const { data, error } = await supabase + .from('person_details') + .update(personData) + .eq('person_id', id) + .select() + .single(); + + if (error) throw error; + result = data; + } else { + // Create new + const { data, error } = await supabase + .from('person_details') + .insert(personData) + .select() + .single(); + + if (error) throw error; + result = data; + } + + return res.json({ success: true, caretaker: result }); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; diff --git a/backend/src/controllers/dashboard.js b/backend/src/controllers/dashboard.js new file mode 100644 index 0000000..5daeeb5 --- /dev/null +++ b/backend/src/controllers/dashboard.js @@ -0,0 +1,66 @@ +const { supabase } = require('../config/supabase'); +const { verifyToken } = require('../middleware/auth'); + +// POST: dashboard_list - get all deployments for dashboard +exports.list = async (req, res) => { + const { user_name, token, user_id, date } = req.body; + + try { + // Get all deployments + const { data: deployments, error } = await supabase + .from('deployments') + .select('*') + .order('deployment_id', { ascending: true }); + + if (error) { + return res.status(500).json({ error: error.message }); + } + + return res.json(deployments); + + } catch (error) { + console.error('Dashboard list error:', error); + return res.status(500).json({ error: error.message }); + } +}; + +// POST: dashboard_single - get single deployment details +exports.single = async (req, res) => { + const { user_name, token, date, deployment_id, nonce } = req.body; + + try { + // Get deployment + const { data: deployment, error } = await supabase + .from('deployments') + .select('*') + .eq('deployment_id', deployment_id) + .single(); + + if (error) { + return res.status(404).json({ error: 'Deployment not found' }); + } + + // Get devices for this deployment + const { data: devices } = await supabase + .from('devices') + .select('*') + .eq('deployment_id', deployment_id); + + // Get deployment details + const { data: details } = await supabase + .from('deployment_details') + .select('*') + .eq('deployment_id', deployment_id) + .single(); + + return res.json({ + deployment, + devices: devices || [], + details: details || null + }); + + } catch (error) { + console.error('Dashboard single error:', error); + return res.status(500).json({ error: error.message }); + } +}; diff --git a/backend/src/controllers/deployment.js b/backend/src/controllers/deployment.js new file mode 100644 index 0000000..a8add6b --- /dev/null +++ b/backend/src/controllers/deployment.js @@ -0,0 +1,191 @@ +const { supabase } = require('../config/supabase'); + +// POST: deployments_list +exports.list = async (req, res) => { + const { user_name, token, first = 0, last = 100 } = req.body; + + try { + const { data, error, count } = await supabase + .from('deployments') + .select('*', { count: 'exact' }) + .range(parseInt(first), parseInt(last) - 1) + .order('deployment_id', { ascending: true }); + + if (error) throw error; + + return res.json({ + deployments: data, + total: count + }); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; + +// POST: get_deployment +exports.get = async (req, res) => { + const { user_name, token, date, deployment_id } = req.body; + + try { + const { data, error } = await supabase + .from('deployments') + .select('*') + .eq('deployment_id', deployment_id) + .single(); + + if (error) throw error; + return res.json(data); + } catch (error) { + return res.status(404).json({ error: 'Deployment not found' }); + } +}; + +// POST: deployment_form - create/update deployment +exports.form = async (req, res) => { + const { + user_name, token, editing_deployment_id, + beneficiary_id, caretaker_id, owner_id, installer_id, + address_street, address_city, address_zip, address_state, address_country, + persons, gender, race, born, pets, wifis, + lat, lng, devices, time_zone_s + } = req.body; + + try { + const deploymentData = { + time_edit: Date.now() / 1000, + user_edit: 1, // TODO: get from token + time_zone_s, + persons: parseInt(persons) || 0, + gender: parseInt(gender) || 0, + race: parseInt(race) || 0, + born: parseInt(born) || null, + pets: parseInt(pets) || 0 + }; + + let result; + if (editing_deployment_id) { + // Update existing + const { data, error } = await supabase + .from('deployments') + .update(deploymentData) + .eq('deployment_id', editing_deployment_id) + .select() + .single(); + + if (error) throw error; + result = data; + } else { + // Create new + const { data, error } = await supabase + .from('deployments') + .insert(deploymentData) + .select() + .single(); + + if (error) throw error; + result = data; + } + + return res.json({ success: true, deployment: result }); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; + +// POST: deployment_delete +exports.delete = async (req, res) => { + const { user_name, token, editing_deployment_id } = req.body; + + try { + const { error } = await supabase + .from('deployments') + .delete() + .eq('deployment_id', editing_deployment_id); + + if (error) throw error; + return res.json({ success: true }); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; + +// POST: set_deployment +exports.set = async (req, res) => { + // Same as form but with different field names + return exports.form(req, res); +}; + +// POST: find_deployments +exports.find = async (req, res) => { + const { user_name, token, well_ids } = req.body; + + try { + const ids = well_ids.split(',').map(id => id.trim()); + + const { data, error } = await supabase + .from('deployments') + .select('*') + .in('deployment_id', ids); + + if (error) throw error; + return res.json(data); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; + +// POST: get_floor_layout +exports.getFloorLayout = async (req, res) => { + const { user_name, token, deployment_id } = req.body; + + try { + const { data, error } = await supabase + .from('deployment_details') + .select('floor_layout') + .eq('deployment_id', deployment_id) + .single(); + + if (error) throw error; + return res.json({ layout: data?.floor_layout || null }); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; + +// POST: set_floor_layout +exports.setFloorLayout = async (req, res) => { + const { user_name, token, deployment_id, layout } = req.body; + + try { + const { error } = await supabase + .from('deployment_details') + .upsert({ + deployment_id, + floor_layout: layout + }); + + if (error) throw error; + return res.json({ success: true }); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; + +// POST: request_deployment_map_new +exports.requestMap = async (req, res) => { + const { user_name, token, deployment_id, map_type } = req.body; + + try { + // Return map data from deployment_details + const { data, error } = await supabase + .from('deployment_details') + .select('*') + .eq('deployment_id', deployment_id) + .single(); + + if (error) throw error; + return res.json(data); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; diff --git a/backend/src/controllers/device.js b/backend/src/controllers/device.js new file mode 100644 index 0000000..2c44868 --- /dev/null +++ b/backend/src/controllers/device.js @@ -0,0 +1,230 @@ +const { supabase } = require('../config/supabase'); + +// POST: device_list +exports.list = async (req, res) => { + const { user_name, token, first = 0, last = 100 } = req.body; + + try { + const { data, error, count } = await supabase + .from('devices') + .select('*', { count: 'exact' }) + .range(parseInt(first), parseInt(last) - 1) + .order('device_id', { ascending: true }); + + if (error) throw error; + + return res.json({ + devices: data, + total: count + }); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; + +// POST: device_list_4_gui +exports.listForGui = async (req, res) => { + // Same as list but may have different formatting + return exports.list(req, res); +}; + +// POST: device_list_by_deployment +exports.listByDeployment = async (req, res) => { + const { user_name, token, deployment_id, first = 0, last = 100 } = req.body; + + try { + const { data, error } = await supabase + .from('devices') + .select('*') + .eq('deployment_id', deployment_id) + .range(parseInt(first), parseInt(last) - 1) + .order('device_id', { ascending: true }); + + if (error) throw error; + return res.json(data); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; + +// POST: get_device +exports.get = async (req, res) => { + const { user_name, token, device_id, mac } = req.body; + + try { + let query = supabase.from('devices').select('*'); + + if (device_id) { + query = query.eq('device_id', device_id); + } else if (mac) { + query = query.eq('mac', mac); + } + + const { data, error } = await query.single(); + + if (error) throw error; + return res.json(data); + } catch (error) { + return res.status(404).json({ error: 'Device not found' }); + } +}; + +// POST: device_form - create/update device +exports.form = async (req, res) => { + const { + user_name, token, + well_id, device_mac, description, location, close_to, + radar_threshold, temperature_calib, humidity_calib, group + } = req.body; + + try { + const deviceData = { + well_id, + mac: device_mac, + description, + location, + close_to, + radar_threshold: parseFloat(radar_threshold) || null, + temperature_calib: parseFloat(temperature_calib) || null, + humidity_calib: parseFloat(humidity_calib) || null, + group_id: parseInt(group) || null, + time_edit: Date.now() / 1000 + }; + + // Upsert by MAC address + const { data, error } = await supabase + .from('devices') + .upsert(deviceData, { onConflict: 'mac' }) + .select() + .single(); + + if (error) throw error; + return res.json({ success: true, device: data }); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; + +// POST: device_set_group +exports.setGroup = async (req, res) => { + const { user_name, token, device_id, group_id } = req.body; + + try { + const { error } = await supabase + .from('devices') + .update({ group_id: parseInt(group_id) }) + .eq('device_id', device_id); + + if (error) throw error; + return res.json({ success: true }); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; + +// POST: device_get_live +exports.getLive = async (req, res) => { + const { user_name, token, device_id, mac } = req.body; + + // TODO: Implement live data fetching from device + return res.json({ + success: true, + live_data: null, + message: 'Live data not available' + }); +}; + +// POST: device_reboot +exports.reboot = async (req, res) => { + const { user_name, token, device_id, mac } = req.body; + + // TODO: Implement device reboot command + return res.json({ + success: true, + message: 'Reboot command sent' + }); +}; + +// POST: device_set_well_id +exports.setWellId = async (req, res) => { + const { user_name, token, device_id, well_id, mac } = req.body; + + try { + let query = supabase.from('devices').update({ well_id }); + + if (device_id) { + query = query.eq('device_id', device_id); + } else if (mac) { + query = query.eq('mac', mac); + } + + const { error } = await query; + + if (error) throw error; + return res.json({ success: true }); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; + +// POST: device_set_network_id +exports.setNetworkId = async (req, res) => { + const { user_name, token, device_id, well_id } = req.body; + + try { + const { error } = await supabase + .from('devices') + .update({ network_id: well_id }) + .eq('device_id', device_id); + + if (error) throw error; + return res.json({ success: true }); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; + +// POST: request_devices +exports.requestDevices = async (req, res) => { + const { user_name, token, group_id, deployment_id, location, fresh } = req.body; + + try { + let query = supabase.from('devices').select('*'); + + if (deployment_id) { + query = query.eq('deployment_id', deployment_id); + } + if (group_id) { + query = query.eq('group_id', group_id); + } + if (location) { + query = query.eq('location', location); + } + + const { data, error } = await query; + + if (error) throw error; + return res.json(data); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; + +// POST: get_devices_locations +exports.getLocations = async (req, res) => { + const { user_name, token, well_ids } = req.body; + + try { + const ids = well_ids.split(',').map(id => id.trim()); + + const { data, error } = await supabase + .from('devices') + .select('device_id, well_id, location, lat, lng') + .in('well_id', ids); + + if (error) throw error; + return res.json(data); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; diff --git a/backend/src/controllers/sensor.js b/backend/src/controllers/sensor.js new file mode 100644 index 0000000..70b1300 --- /dev/null +++ b/backend/src/controllers/sensor.js @@ -0,0 +1,178 @@ +const { supabase } = require('../config/supabase'); + +// POST: get_presence_data +exports.getPresenceData = async (req, res) => { + const { + user_name, token, deployment_id, date, + filter, data_type, to_date, device_id + } = req.body; + + try { + // TODO: Implement sensor data storage and retrieval + // For now return empty data structure + return res.json({ + deployment_id, + date, + data_type, + presence_data: [], + message: 'Sensor data endpoint - implementation pending' + }); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; + +// POST: get_raw_data +exports.getRawData = async (req, res) => { + const { + user_name, token, sensor, MAC, + from_time, to_time, part, tzone + } = req.body; + + try { + return res.json({ + sensor, + mac: MAC, + from_time, + to_time, + raw_data: [], + message: 'Raw sensor data endpoint - implementation pending' + }); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; + +// POST: get_sensor_data_by_deployment_id +exports.getByDeploymentId = async (req, res) => { + const { + user_name, token, sensor, deployment_id, + data_type, radar_part, date + } = req.body; + + try { + return res.json({ + deployment_id, + sensor, + date, + data: [], + message: 'Sensor data by deployment - implementation pending' + }); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; + +// POST: get_sensor_bucketed_data_by_room_sensor +exports.getBucketed = async (req, res) => { + const { + user_name, token, sensor, deployment_id, + data_type, radar_part, date, bucket_size, location + } = req.body; + + try { + return res.json({ + deployment_id, + sensor, + location, + bucket_size, + buckets: [], + message: 'Bucketed sensor data - implementation pending' + }); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; + +// POST: get_time_deltas +exports.getTimeDeltas = async (req, res) => { + const { + user_name, token, date, to_date, + device_id, sensor, deployment_id + } = req.body; + + try { + return res.json({ + deployment_id, + device_id, + date, + to_date, + deltas: [], + message: 'Time deltas - implementation pending' + }); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; + +// POST: request_single_slice +exports.requestSingleSlice = async (req, res) => { + const { + user_name, token, date, devices_list, deployment_id, + sensor_list, ctrl_key_state, alt_key_state, + radar_part, time, data_type, to_date + } = req.body; + + try { + return res.json({ + deployment_id, + date, + slice_data: [], + message: 'Single slice data - implementation pending' + }); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; + +// POST: request_single_radar_slice +exports.requestRadarSlice = async (req, res) => { + const { + user_name, token, date, devices_list, deployment_id, + sensor_index_list, ctrl_key_state, alt_key_state, + radar_part, data_type, to_date + } = req.body; + + try { + return res.json({ + deployment_id, + date, + radar_data: [], + message: 'Radar slice data - implementation pending' + }); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; + +// POST: request_proximity +exports.requestProximity = async (req, res) => { + const { user_name, token, time, deployment_id } = req.body; + + try { + return res.json({ + deployment_id, + time, + proximity_data: [], + message: 'Proximity data - implementation pending' + }); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; + +// POST: activities_report_details +exports.activitiesReport = async (req, res) => { + const { user_name, token, deployment_id, filter } = req.body; + + try { + return res.json({ + deployment_id, + filter, + activities: [], + message: 'Activities report - implementation pending' + }); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; diff --git a/backend/src/controllers/voice.js b/backend/src/controllers/voice.js new file mode 100644 index 0000000..9096221 --- /dev/null +++ b/backend/src/controllers/voice.js @@ -0,0 +1,39 @@ +const { supabase } = require('../config/supabase'); + +// POST: voice_ask - AI voice assistant +exports.ask = async (req, res) => { + const { clientId, user_name, token, question, deployment_id } = req.body; + + try { + // TODO: Integrate with OpenAI/Claude for voice AI + // For now, return a placeholder response + + // Get deployment context + let context = null; + if (deployment_id) { + const { data } = await supabase + .from('deployments') + .select('*') + .eq('deployment_id', deployment_id) + .single(); + context = data; + } + + // Placeholder AI response + const response = { + success: true, + question, + answer: `I received your question: "${question}". Voice AI integration is pending.`, + deployment_context: context ? { + id: context.deployment_id, + persons: context.persons, + time_zone: context.time_zone_s + } : null, + timestamp: new Date().toISOString() + }; + + return res.json(response); + } catch (error) { + return res.status(500).json({ error: error.message }); + } +}; diff --git a/backend/src/index.js b/backend/src/index.js new file mode 100644 index 0000000..5c8fa1b --- /dev/null +++ b/backend/src/index.js @@ -0,0 +1,65 @@ +require('dotenv').config(); +const express = require('express'); +const cors = require('cors'); +const path = require('path'); +const apiRouter = require('./routes/api'); +const stripeRouter = require('./routes/stripe'); +const webhookRouter = require('./routes/webhook'); +const adminRouter = require('./routes/admin'); + +const app = express(); +const PORT = process.env.PORT || 3000; + +// CORS +app.use(cors()); + +// Stripe webhooks need raw body for signature verification +// Must be before express.json() +app.use('/api/webhook/stripe', express.raw({ type: 'application/json' })); + +// JSON body parser for other routes +app.use(express.json()); +app.use(express.urlencoded({ extended: true })); + +// ============ ROUTES ============ + +// Legacy API route - matches old API structure +// POST /function/well-api/api with function parameter +app.use('/function/well-api/api', apiRouter); + +// New REST API routes +app.use('/api/stripe', stripeRouter); +app.use('/api/webhook', webhookRouter); +app.use('/api/admin', adminRouter); + +// Admin UI +app.get('/admin', (req, res) => { + res.sendFile(path.join(__dirname, 'admin', 'index.html')); +}); + +// Health check +app.get('/health', (req, res) => { + res.json({ + status: 'ok', + timestamp: new Date().toISOString(), + stripe: process.env.STRIPE_SECRET_KEY ? 'configured' : 'missing' + }); +}); + +// API info +app.get('/api', (req, res) => { + res.json({ + name: 'WellNuo API', + version: '1.0.0', + endpoints: { + legacy: '/function/well-api/api', + stripe: '/api/stripe', + webhook: '/api/webhook/stripe' + } + }); +}); + +app.listen(PORT, () => { + console.log(`WellNuo API running on port ${PORT}`); + console.log(`Stripe: ${process.env.STRIPE_SECRET_KEY ? '✓ configured' : '✗ missing'}`); +}); diff --git a/backend/src/middleware/auth.js b/backend/src/middleware/auth.js new file mode 100644 index 0000000..da9a696 --- /dev/null +++ b/backend/src/middleware/auth.js @@ -0,0 +1,35 @@ +const jwt = require('jsonwebtoken'); + +// Verify JWT token from request body +exports.verifyToken = (req, res, next) => { + const { token } = req.body; + + if (!token) { + return res.status(401).json({ error: 'No token provided' }); + } + + try { + const decoded = jwt.verify(token, process.env.JWT_SECRET); + req.user = decoded; + next(); + } catch (error) { + return res.status(401).json({ error: 'Invalid token' }); + } +}; + +// Optional token verification (doesn't fail if no token) +exports.optionalAuth = (req, res, next) => { + const { token } = req.body; + + if (token) { + try { + const decoded = jwt.verify(token, process.env.JWT_SECRET); + req.user = decoded; + } catch (error) { + // Token invalid but continue anyway + req.user = null; + } + } + + next(); +}; diff --git a/backend/src/routes/admin.js b/backend/src/routes/admin.js new file mode 100644 index 0000000..d922b14 --- /dev/null +++ b/backend/src/routes/admin.js @@ -0,0 +1,409 @@ +const express = require('express'); +const router = express.Router(); +const { supabase } = require('../config/supabase'); +const Stripe = require('stripe'); + +const stripe = new Stripe(process.env.STRIPE_SECRET_KEY); + +// Simple admin auth middleware +// TODO: Replace with proper admin authentication +const adminAuth = (req, res, next) => { + const adminKey = req.headers['x-admin-key']; + + // For now, use a simple key from env + // In production, use proper JWT-based admin auth + if (adminKey !== process.env.ADMIN_API_KEY) { + return res.status(401).json({ error: 'Unauthorized' }); + } + next(); +}; + +// Apply admin auth to all routes +router.use(adminAuth); + +// ============ DASHBOARD STATS ============ + +/** + * GET /api/admin/stats + * Dashboard statistics + */ +router.get('/stats', async (req, res) => { + try { + // Get order counts by status + const { data: orders, error: ordersError } = await supabase + .from('orders') + .select('status, created_at'); + + if (ordersError) throw ordersError; + + const today = new Date(); + today.setHours(0, 0, 0, 0); + + const stats = { + orders: { + total: orders.length, + today: orders.filter(o => new Date(o.created_at) >= today).length, + byStatus: { + paid: orders.filter(o => o.status === 'paid').length, + preparing: orders.filter(o => o.status === 'preparing').length, + shipped: orders.filter(o => o.status === 'shipped').length, + delivered: orders.filter(o => o.status === 'delivered').length, + installed: orders.filter(o => o.status === 'installed').length + } + } + }; + + // Get subscription stats + const { data: subs } = await supabase + .from('subscriptions') + .select('plan, status'); + + if (subs) { + stats.subscriptions = { + total: subs.length, + premium: subs.filter(s => s.plan === 'premium' && s.status === 'active').length, + free: subs.filter(s => s.plan === 'free').length, + churned: subs.filter(s => s.status === 'canceled').length + }; + + // MRR = active premium subs * $9.99 + stats.mrr = stats.subscriptions.premium * 9.99; + } + + // Get beneficiary stats + const { data: beneficiaries } = await supabase + .from('beneficiaries') + .select('status'); + + if (beneficiaries) { + stats.beneficiaries = { + total: beneficiaries.length, + active: beneficiaries.filter(b => b.status === 'active').length, + awaitingSensors: beneficiaries.filter(b => b.status === 'awaiting_sensors').length + }; + } + + res.json(stats); + + } catch (error) { + console.error('Stats error:', error); + res.status(500).json({ error: error.message }); + } +}); + +// ============ ORDERS ============ + +/** + * GET /api/admin/orders + * List all orders with filtering + */ +router.get('/orders', async (req, res) => { + try { + const { status, limit = 50, offset = 0 } = req.query; + + let query = supabase + .from('orders') + .select(` + *, + beneficiaries (id, name), + users:user_id (email) + `) + .order('created_at', { ascending: false }) + .range(offset, offset + limit - 1); + + if (status) { + query = query.eq('status', status); + } + + const { data, error, count } = await query; + + if (error) throw error; + + res.json({ + orders: data, + total: count, + limit: parseInt(limit), + offset: parseInt(offset) + }); + + } catch (error) { + console.error('Orders error:', error); + res.status(500).json({ error: error.message }); + } +}); + +/** + * GET /api/admin/orders/:id + * Get single order details + */ +router.get('/orders/:id', async (req, res) => { + try { + const { data, error } = await supabase + .from('orders') + .select(` + *, + beneficiaries (*), + subscriptions (*) + `) + .eq('id', req.params.id) + .single(); + + if (error) throw error; + if (!data) return res.status(404).json({ error: 'Order not found' }); + + res.json(data); + + } catch (error) { + console.error('Order error:', error); + res.status(500).json({ error: error.message }); + } +}); + +/** + * PATCH /api/admin/orders/:id + * Update order status, add tracking, etc. + */ +router.patch('/orders/:id', async (req, res) => { + try { + const { status, tracking_number, carrier, estimated_delivery } = req.body; + + const updates = { updated_at: new Date().toISOString() }; + + if (status) { + updates.status = status; + + // Set timestamps based on status + if (status === 'shipped') { + updates.shipped_at = new Date().toISOString(); + } else if (status === 'delivered') { + updates.delivered_at = new Date().toISOString(); + } + } + + if (tracking_number) updates.tracking_number = tracking_number; + if (carrier) updates.carrier = carrier; + if (estimated_delivery) updates.estimated_delivery = estimated_delivery; + + const { data, error } = await supabase + .from('orders') + .update(updates) + .eq('id', req.params.id) + .select() + .single(); + + if (error) throw error; + + // TODO: Send email notification when status changes + if (status === 'shipped') { + console.log('TODO: Send shipping notification email'); + } else if (status === 'delivered') { + console.log('TODO: Send delivery notification email'); + } + + res.json(data); + + } catch (error) { + console.error('Update order error:', error); + res.status(500).json({ error: error.message }); + } +}); + +// ============ USERS ============ + +/** + * GET /api/admin/users + * List all users + */ +router.get('/users', async (req, res) => { + try { + const { limit = 50, offset = 0, search } = req.query; + + let query = supabase + .from('users') + .select('*') + .order('created_at', { ascending: false }) + .range(offset, offset + limit - 1); + + if (search) { + query = query.or(`email.ilike.%${search}%,name.ilike.%${search}%`); + } + + const { data, error } = await query; + + if (error) throw error; + + res.json({ users: data }); + + } catch (error) { + console.error('Users error:', error); + res.status(500).json({ error: error.message }); + } +}); + +/** + * GET /api/admin/users/:id + * Get user with their orders and beneficiaries + */ +router.get('/users/:id', async (req, res) => { + try { + const { data: user, error: userError } = await supabase + .from('users') + .select('*') + .eq('id', req.params.id) + .single(); + + if (userError) throw userError; + + const { data: orders } = await supabase + .from('orders') + .select('*') + .eq('user_id', req.params.id) + .order('created_at', { ascending: false }); + + const { data: beneficiaries } = await supabase + .from('beneficiaries') + .select('*') + .eq('user_id', req.params.id); + + const { data: subscriptions } = await supabase + .from('subscriptions') + .select('*') + .eq('user_id', req.params.id); + + res.json({ + ...user, + orders, + beneficiaries, + subscriptions + }); + + } catch (error) { + console.error('User error:', error); + res.status(500).json({ error: error.message }); + } +}); + +// ============ SUBSCRIPTIONS ============ + +/** + * GET /api/admin/subscriptions + * List all subscriptions + */ +router.get('/subscriptions', async (req, res) => { + try { + const { status, plan } = req.query; + + let query = supabase + .from('subscriptions') + .select(` + *, + beneficiaries (name), + users:user_id (email) + `) + .order('created_at', { ascending: false }); + + if (status) query = query.eq('status', status); + if (plan) query = query.eq('plan', plan); + + const { data, error } = await query; + + if (error) throw error; + + res.json({ subscriptions: data }); + + } catch (error) { + console.error('Subscriptions error:', error); + res.status(500).json({ error: error.message }); + } +}); + +// ============ REFUNDS ============ + +/** + * POST /api/admin/refund + * Process a refund via Stripe + */ +router.post('/refund', async (req, res) => { + try { + const { orderId, amount, reason } = req.body; + + // Get order + const { data: order, error: orderError } = await supabase + .from('orders') + .select('*') + .eq('id', orderId) + .single(); + + if (orderError || !order) { + return res.status(404).json({ error: 'Order not found' }); + } + + // Get payment intent from Stripe session + const session = await stripe.checkout.sessions.retrieve(order.stripe_session_id); + const paymentIntentId = session.payment_intent; + + // Create refund + const refund = await stripe.refunds.create({ + payment_intent: paymentIntentId, + amount: amount ? amount : undefined, // Full refund if no amount specified + reason: reason || 'requested_by_customer' + }); + + // Update order status + await supabase + .from('orders') + .update({ + status: 'canceled', + updated_at: new Date().toISOString() + }) + .eq('id', orderId); + + res.json({ + success: true, + refund: { + id: refund.id, + amount: refund.amount / 100, + status: refund.status + } + }); + + } catch (error) { + console.error('Refund error:', error); + res.status(500).json({ error: error.message }); + } +}); + +// ============ BENEFICIARIES ============ + +/** + * GET /api/admin/beneficiaries + * List all beneficiaries + */ +router.get('/beneficiaries', async (req, res) => { + try { + const { status } = req.query; + + let query = supabase + .from('beneficiaries') + .select(` + *, + users:user_id (email, name), + devices (id, device_type, status) + `) + .order('created_at', { ascending: false }); + + if (status) query = query.eq('status', status); + + const { data, error } = await query; + + if (error) throw error; + + res.json({ beneficiaries: data }); + + } catch (error) { + console.error('Beneficiaries error:', error); + res.status(500).json({ error: error.message }); + } +}); + +module.exports = router; diff --git a/backend/src/routes/api.js b/backend/src/routes/api.js new file mode 100644 index 0000000..087b943 --- /dev/null +++ b/backend/src/routes/api.js @@ -0,0 +1,179 @@ +const express = require('express'); +const router = express.Router(); + +// Old API proxy for endpoints we don't handle +const OLD_API_URL = 'https://eluxnetworks.net/function/well-api/api'; + +async function proxyToOldApi(req, res) { + try { + const params = new URLSearchParams(req.body); + const response = await fetch(OLD_API_URL, { + method: 'POST', + headers: { 'Content-Type': 'application/x-www-form-urlencoded' }, + body: params.toString() + }); + const data = await response.json(); + return res.json(data); + } catch (error) { + return res.status(500).json({ error: 'Proxy error: ' + error.message }); + } +} + +// Controllers +const authController = require('../controllers/auth'); +const dashboardController = require('../controllers/dashboard'); +const deploymentController = require('../controllers/deployment'); +const deviceController = require('../controllers/device'); +const beneficiaryController = require('../controllers/beneficiary'); +const caretakerController = require('../controllers/caretaker'); +const sensorController = require('../controllers/sensor'); +const alarmController = require('../controllers/alarm'); +const voiceController = require('../controllers/voice'); + +// Function router - routes based on 'function' parameter +router.post('/', async (req, res) => { + const { function: func } = req.body; + + try { + switch (func) { + // Auth + case 'credentials': + return authController.credentials(req, res); + case 'new_user_form': + return authController.newUserForm(req, res); + case 'forgot_password': + return authController.forgotPassword(req, res); + case 'reset_password': + return authController.resetPassword(req, res); + + // Dashboard + case 'dashboard_list': + return dashboardController.list(req, res); + case 'dashboard_single': + return dashboardController.single(req, res); + + // Deployments + case 'deployments_list': + return deploymentController.list(req, res); + case 'get_deployment': + return deploymentController.get(req, res); + case 'deployment_form': + return deploymentController.form(req, res); + case 'deployment_delete': + return deploymentController.delete(req, res); + case 'set_deployment': + return deploymentController.set(req, res); + case 'find_deployments': + return deploymentController.find(req, res); + + // Devices + case 'device_list': + return deviceController.list(req, res); + case 'device_list_4_gui': + return deviceController.listForGui(req, res); + case 'device_list_by_deployment': + return deviceController.listByDeployment(req, res); + case 'get_device': + return deviceController.get(req, res); + case 'device_form': + return deviceController.form(req, res); + case 'device_set_group': + return deviceController.setGroup(req, res); + case 'device_get_live': + return deviceController.getLive(req, res); + case 'device_reboot': + return deviceController.reboot(req, res); + case 'device_set_well_id': + return deviceController.setWellId(req, res); + case 'device_set_network_id': + return deviceController.setNetworkId(req, res); + case 'request_devices': + return deviceController.requestDevices(req, res); + + // Beneficiaries + case 'beneficiaries_list': + return beneficiaryController.list(req, res); + case 'get_beneficiary': + return beneficiaryController.get(req, res); + case 'beneficiary_form': + return beneficiaryController.form(req, res); + + // Caretakers + case 'caretakers_list': + return caretakerController.list(req, res); + case 'get_caretaker': + return caretakerController.get(req, res); + case 'caretaker_form': + return caretakerController.form(req, res); + + // Sensor Data - PROXY TO OLD API + case 'get_presence_data': + case 'get_raw_data': + case 'get_sensor_data_by_deployment_id': + case 'get_sensor_bucketed_data_by_room_sensor': + case 'get_time_deltas': + case 'request_single_slice': + case 'request_single_radar_slice': + case 'request_proximity': + case 'activities_report_details': + return proxyToOldApi(req, res); + + // Alarms + case 'alarm_on_off': + return alarmController.onOff(req, res); + case 'get_alarm_state': + return alarmController.getState(req, res); + case 'store_alarms': + return alarmController.store(req, res); + case 'send_walarm': + return alarmController.sendWalarm(req, res); + case 'activity_detected': + return alarmController.activityDetected(req, res); + + // Maps/Layout + case 'get_floor_layout': + return deploymentController.getFloorLayout(req, res); + case 'set_floor_layout': + return deploymentController.setFloorLayout(req, res); + case 'request_deployment_map_new': + return deploymentController.requestMap(req, res); + case 'get_devices_locations': + return deviceController.getLocations(req, res); + + // Voice AI - PROXY TO OLD API + case 'voice_ask': + return proxyToOldApi(req, res); + + // Maps/Images/Downloads - PROXY TO OLD API + case 'get_image_file': + case 'download': + case 'get_full_location_map': + case 'get_sensors_map': + case 'request_deployment_map_new': + case 'get_photo': + return proxyToOldApi(req, res); + + // Messages + case 'messages_age': + return res.json({ success: true, messages: [] }); + + // Node-RED + case 'store_flow': + return res.json({ success: true }); + case 'get_node_red_port': + return res.json({ port: 1880 }); + case 'request_node_red': + return res.json({ success: true }); + + default: + // Unknown function - try old API + console.log(`Unknown function "${func}" - proxying to old API`); + return proxyToOldApi(req, res); + } + } catch (error) { + console.error(`Error in ${func}:`, error); + return res.status(500).json({ error: error.message }); + } +}); + +module.exports = router; diff --git a/backend/src/routes/stripe.js b/backend/src/routes/stripe.js new file mode 100644 index 0000000..f8a9ac7 --- /dev/null +++ b/backend/src/routes/stripe.js @@ -0,0 +1,186 @@ +const express = require('express'); +const router = express.Router(); +const Stripe = require('stripe'); +const { supabase } = require('../config/supabase'); + +const stripe = new Stripe(process.env.STRIPE_SECRET_KEY); + +/** + * POST /api/stripe/create-checkout-session + * Creates a Stripe Checkout session for purchasing Starter Kit + optional Premium subscription + */ +router.post('/create-checkout-session', async (req, res) => { + try { + const { + userId, + beneficiaryName, + beneficiaryAddress, + beneficiaryPhone, + beneficiaryNotes, + shippingAddress, + includePremium = true + } = req.body; + + if (!userId) { + return res.status(400).json({ error: 'userId is required' }); + } + + if (!beneficiaryName || !beneficiaryAddress) { + return res.status(400).json({ error: 'Beneficiary name and address are required' }); + } + + // Build line items + const lineItems = [ + { + price: process.env.STRIPE_PRICE_STARTER_KIT, + quantity: 1, + } + ]; + + if (includePremium) { + lineItems.push({ + price: process.env.STRIPE_PRICE_PREMIUM, + quantity: 1, + }); + } + + // Create checkout session + const sessionConfig = { + mode: includePremium ? 'subscription' : 'payment', + payment_method_types: ['card'], + line_items: lineItems, + success_url: `${process.env.FRONTEND_URL}/checkout/success?session_id={CHECKOUT_SESSION_ID}`, + cancel_url: `${process.env.FRONTEND_URL}/checkout/cancel`, + customer_email: req.body.email, + metadata: { + userId, + beneficiaryName, + beneficiaryAddress, + beneficiaryPhone: beneficiaryPhone || '', + beneficiaryNotes: beneficiaryNotes || '', + shippingAddress: JSON.stringify(shippingAddress), + includePremium: includePremium ? 'true' : 'false' + }, + shipping_address_collection: { + allowed_countries: ['US', 'CA'] + } + }; + + // Only add shipping options for payment mode (not subscription) + if (!includePremium) { + sessionConfig.shipping_options = [ + { + shipping_rate_data: { + type: 'fixed_amount', + fixed_amount: { amount: 0, currency: 'usd' }, + display_name: 'Standard shipping', + delivery_estimate: { + minimum: { unit: 'business_day', value: 5 }, + maximum: { unit: 'business_day', value: 7 }, + }, + }, + }, + { + shipping_rate_data: { + type: 'fixed_amount', + fixed_amount: { amount: 1500, currency: 'usd' }, + display_name: 'Express shipping', + delivery_estimate: { + minimum: { unit: 'business_day', value: 2 }, + maximum: { unit: 'business_day', value: 3 }, + }, + }, + }, + ]; + } + + const session = await stripe.checkout.sessions.create(sessionConfig); + + res.json({ + sessionId: session.id, + url: session.url + }); + + } catch (error) { + console.error('Checkout session error:', error); + res.status(500).json({ error: error.message }); + } +}); + +/** + * POST /api/stripe/create-portal-session + * Creates a Stripe Customer Portal session for managing subscriptions + */ +router.post('/create-portal-session', async (req, res) => { + try { + const { customerId } = req.body; + + if (!customerId) { + return res.status(400).json({ error: 'customerId is required' }); + } + + const session = await stripe.billingPortal.sessions.create({ + customer: customerId, + return_url: `${process.env.FRONTEND_URL}/settings`, + }); + + res.json({ url: session.url }); + + } catch (error) { + console.error('Portal session error:', error); + res.status(500).json({ error: error.message }); + } +}); + +/** + * GET /api/stripe/products + * Returns available products and prices for the frontend + */ +router.get('/products', async (req, res) => { + try { + res.json({ + starterKit: { + name: 'WellNuo Starter Kit', + description: '2x Motion Sensors + 1x Door Sensor + 1x Hub', + price: 249.00, + priceId: process.env.STRIPE_PRICE_STARTER_KIT + }, + premium: { + name: 'WellNuo Premium', + description: 'AI Julia assistant, 90-day history, invite up to 5 family members', + price: 9.99, + interval: 'month', + priceId: process.env.STRIPE_PRICE_PREMIUM + } + }); + } catch (error) { + res.status(500).json({ error: error.message }); + } +}); + +/** + * GET /api/stripe/session/:sessionId + * Get checkout session details (for success page) + */ +router.get('/session/:sessionId', async (req, res) => { + try { + const session = await stripe.checkout.sessions.retrieve(req.params.sessionId, { + expand: ['line_items', 'customer', 'subscription'] + }); + + res.json({ + id: session.id, + status: session.status, + paymentStatus: session.payment_status, + customerEmail: session.customer_email, + amountTotal: session.amount_total / 100, + metadata: session.metadata + }); + + } catch (error) { + console.error('Get session error:', error); + res.status(500).json({ error: error.message }); + } +}); + +module.exports = router; diff --git a/backend/src/routes/webhook.js b/backend/src/routes/webhook.js new file mode 100644 index 0000000..543e475 --- /dev/null +++ b/backend/src/routes/webhook.js @@ -0,0 +1,272 @@ +const express = require('express'); +const router = express.Router(); +const Stripe = require('stripe'); +const { supabase } = require('../config/supabase'); + +const stripe = new Stripe(process.env.STRIPE_SECRET_KEY); + +/** + * POST /api/webhook/stripe + * Handles Stripe webhook events + * + * IMPORTANT: This route uses raw body, configured in index.js + */ +router.post('/stripe', async (req, res) => { + const sig = req.headers['stripe-signature']; + const webhookSecret = process.env.STRIPE_WEBHOOK_SECRET; + + let event; + + try { + // If webhook secret is configured, verify signature + if (webhookSecret) { + event = stripe.webhooks.constructEvent(req.body, sig, webhookSecret); + } else { + // For local development without webhook secret + event = JSON.parse(req.body.toString()); + console.warn('⚠️ Webhook signature verification skipped (no STRIPE_WEBHOOK_SECRET)'); + } + } catch (err) { + console.error('Webhook signature verification failed:', err.message); + return res.status(400).send(`Webhook Error: ${err.message}`); + } + + console.log(`📩 Stripe webhook received: ${event.type}`); + + try { + switch (event.type) { + case 'checkout.session.completed': + await handleCheckoutComplete(event.data.object); + break; + + case 'invoice.paid': + await handleInvoicePaid(event.data.object); + break; + + case 'invoice.payment_failed': + await handlePaymentFailed(event.data.object); + break; + + case 'customer.subscription.deleted': + await handleSubscriptionCanceled(event.data.object); + break; + + case 'customer.subscription.updated': + await handleSubscriptionUpdated(event.data.object); + break; + + default: + console.log(`Unhandled event type: ${event.type}`); + } + + res.json({ received: true }); + + } catch (error) { + console.error(`Error handling ${event.type}:`, error); + res.status(500).json({ error: error.message }); + } +}); + +/** + * Handle checkout.session.completed + * Creates order and beneficiary in database + */ +async function handleCheckoutComplete(session) { + console.log('Processing checkout complete:', session.id); + + const metadata = session.metadata; + const userId = metadata.userId; + + // 1. Create beneficiary + const { data: beneficiary, error: beneficiaryError } = await supabase + .from('beneficiaries') + .insert({ + user_id: userId, + name: metadata.beneficiaryName, + address: metadata.beneficiaryAddress, + phone: metadata.beneficiaryPhone || null, + notes: metadata.beneficiaryNotes || null, + status: 'awaiting_sensors' + }) + .select() + .single(); + + if (beneficiaryError) { + console.error('Error creating beneficiary:', beneficiaryError); + throw beneficiaryError; + } + + console.log('✓ Beneficiary created:', beneficiary.id); + + // 2. Parse shipping address + let shippingAddress = {}; + try { + if (session.shipping_details) { + shippingAddress = session.shipping_details.address; + } else if (metadata.shippingAddress) { + shippingAddress = JSON.parse(metadata.shippingAddress); + } + } catch (e) { + console.warn('Could not parse shipping address'); + } + + // 3. Create order + const orderNumber = `WN-${new Date().getFullYear()}-${String(Date.now()).slice(-6)}`; + + const { data: order, error: orderError } = await supabase + .from('orders') + .insert({ + order_number: orderNumber, + user_id: userId, + beneficiary_id: beneficiary.id, + stripe_session_id: session.id, + stripe_customer_id: session.customer, + stripe_subscription_id: session.subscription || null, + status: 'paid', + amount_total: session.amount_total, + currency: session.currency, + shipping_address: shippingAddress, + shipping_name: session.shipping_details?.name || metadata.beneficiaryName, + items: [ + { type: 'starter_kit', name: 'WellNuo Starter Kit', price: 24900 }, + ...(metadata.includePremium === 'true' ? [{ type: 'subscription', name: 'Premium Monthly', price: 999 }] : []) + ] + }) + .select() + .single(); + + if (orderError) { + console.error('Error creating order:', orderError); + throw orderError; + } + + console.log('✓ Order created:', order.order_number); + + // 4. Create subscription record if Premium selected + if (metadata.includePremium === 'true' && session.subscription) { + const { error: subError } = await supabase + .from('subscriptions') + .insert({ + user_id: userId, + beneficiary_id: beneficiary.id, + stripe_subscription_id: session.subscription, + stripe_customer_id: session.customer, + plan: 'premium', + status: 'active', + current_period_start: new Date().toISOString(), + current_period_end: new Date(Date.now() + 30 * 24 * 60 * 60 * 1000).toISOString() + }); + + if (subError) { + console.error('Error creating subscription:', subError); + } else { + console.log('✓ Subscription created'); + } + } + + // 5. TODO: Send confirmation email via Brevo + console.log('TODO: Send order confirmation email'); + + return { order, beneficiary }; +} + +/** + * Handle invoice.paid + * Updates subscription period + */ +async function handleInvoicePaid(invoice) { + console.log('Invoice paid:', invoice.id); + + if (invoice.subscription) { + const { error } = await supabase + .from('subscriptions') + .update({ + status: 'active', + current_period_start: new Date(invoice.period_start * 1000).toISOString(), + current_period_end: new Date(invoice.period_end * 1000).toISOString(), + updated_at: new Date().toISOString() + }) + .eq('stripe_subscription_id', invoice.subscription); + + if (error) { + console.error('Error updating subscription:', error); + } else { + console.log('✓ Subscription period updated'); + } + } +} + +/** + * Handle invoice.payment_failed + * Marks subscription as past_due and notifies user + */ +async function handlePaymentFailed(invoice) { + console.log('Payment failed:', invoice.id); + + if (invoice.subscription) { + const { error } = await supabase + .from('subscriptions') + .update({ + status: 'past_due', + updated_at: new Date().toISOString() + }) + .eq('stripe_subscription_id', invoice.subscription); + + if (error) { + console.error('Error updating subscription:', error); + } + + // TODO: Send payment failed email + console.log('TODO: Send payment failed email'); + } +} + +/** + * Handle customer.subscription.deleted + * Downgrades user to free plan + */ +async function handleSubscriptionCanceled(subscription) { + console.log('Subscription canceled:', subscription.id); + + const { error } = await supabase + .from('subscriptions') + .update({ + status: 'canceled', + canceled_at: new Date().toISOString(), + updated_at: new Date().toISOString() + }) + .eq('stripe_subscription_id', subscription.id); + + if (error) { + console.error('Error updating subscription:', error); + } else { + console.log('✓ Subscription marked as canceled'); + } + + // TODO: Send cancellation email + console.log('TODO: Send cancellation email'); +} + +/** + * Handle customer.subscription.updated + * Updates subscription status + */ +async function handleSubscriptionUpdated(subscription) { + console.log('Subscription updated:', subscription.id); + + const { error } = await supabase + .from('subscriptions') + .update({ + status: subscription.status, + current_period_start: new Date(subscription.current_period_start * 1000).toISOString(), + current_period_end: new Date(subscription.current_period_end * 1000).toISOString(), + updated_at: new Date().toISOString() + }) + .eq('stripe_subscription_id', subscription.id); + + if (error) { + console.error('Error updating subscription:', error); + } +} + +module.exports = router; diff --git a/backend/src/services/email.js b/backend/src/services/email.js new file mode 100644 index 0000000..14ad5e6 --- /dev/null +++ b/backend/src/services/email.js @@ -0,0 +1,114 @@ +const BREVO_API_URL = 'https://api.brevo.com/v3/smtp/email'; + +/** + * Send email via Brevo API + */ +async function sendEmail({ to, subject, htmlContent, textContent }) { + const apiKey = process.env.BREVO_API_KEY; + + if (!apiKey) { + console.error('BREVO_API_KEY not configured'); + throw new Error('Email service not configured'); + } + + const payload = { + sender: { + name: process.env.BREVO_SENDER_NAME || 'WellNuo', + email: process.env.BREVO_SENDER_EMAIL || 'noreply@wellnuo.com' + }, + to: [{ email: to }], + subject, + htmlContent, + textContent + }; + + const response = await fetch(BREVO_API_URL, { + method: 'POST', + headers: { + 'accept': 'application/json', + 'api-key': apiKey, + 'content-type': 'application/json' + }, + body: JSON.stringify(payload) + }); + + if (!response.ok) { + const error = await response.text(); + console.error('Brevo API error:', error); + throw new Error('Failed to send email'); + } + + return await response.json(); +} + +/** + * Send password reset email + */ +async function sendPasswordResetEmail(email, resetToken) { + const frontendUrl = process.env.FRONTEND_URL || 'https://wellnuo.smartlaunchhub.com'; + const resetLink = `${frontendUrl}/reset-password?token=${resetToken}`; + + const htmlContent = ` + + + + + + +
+
+

WellNuo

+
+
+

Password Reset Request

+

We received a request to reset your password. Click the button below to create a new password:

+

+ Reset Password +

+

Or copy and paste this link into your browser:

+

${resetLink}

+

This link will expire in 1 hour.

+

If you didn't request a password reset, you can safely ignore this email.

+
+
+

© 2025 WellNuo - Elderly Care Monitoring

+
+
+ + + `; + + const textContent = ` +WellNuo - Password Reset + +We received a request to reset your password. + +Click this link to reset your password: +${resetLink} + +This link will expire in 1 hour. + +If you didn't request a password reset, you can safely ignore this email. + +WellNuo - Elderly Care Monitoring + `; + + return sendEmail({ + to: email, + subject: 'WellNuo - Password Reset Request', + htmlContent, + textContent + }); +} + +module.exports = { + sendEmail, + sendPasswordResetEmail +};