GeneralBots/botserver
2
1
Fork 0
Code Issues Pull requests Projects Releases 323 Packages Wiki Activity Actions

feat: Add JWT secret rotation and health verification

Browse source 
SEC-02: Implement credential rotation security improvements

- Add JWT secret rotation to rotate-secret command
- Generate 64-character HS512-compatible secrets
- Automatic .env backup with timestamp
- Atomic file updates via temp+rename pattern
- Add health verification for rotated credentials
- Route rotate-secret, rotate-secrets, vault commands in CLI
- Add verification attempts for database and JWT endpoints

Security improvements:
- JWT_SECRET now rotatable (previously impossible)
- Automatic rollback via backup files
- Health checks catch configuration errors
- Clear warnings about token invalidation

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
Rodrigo Rodriguez 2026-02-19 19:42:41 +00:00
parent df9b228a35
commit e143968179
72 changed files with 3555 additions and 662 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
Cargo.toml
View file

@ -124,6 +124,7 @@ sha1 = { workspace = true }
tokio = { workspace = true, features = ["full", "process"] }
tower-http = { workspace = true, features = ["cors", "fs", "trace"] }
tracing = { workspace = true }
url = { workspace = true }
urlencoding = { workspace = true }
uuid = { workspace = true, features = ["v4", "v5"] }

2
src/analytics/mod.rs
View file

@ -5,8 +5,6 @@ pub mod goals_ui;
pub mod insights;
use crate::core::urls::ApiUrls;
#[cfg(feature = "llm")]
use crate::llm::observability::{ObservabilityConfig, ObservabilityManager, QuickStats};
use crate::core::shared::state::AppState;
use axum::{
extract::State,

17
src/attendance/llm_assist.rs
View file

@ -1,15 +1,4 @@
pub mod llm_assist_types;
pub mod llm_assist_config;
pub mod llm_assist_handlers;
pub mod llm_assist_commands;
pub mod llm_assist_helpers;
// Re-export commonly used types
pub use llm_assist_types::*;
// Re-export handlers for routing
pub use llm_assist_handlers::*;
pub use llm_assist_commands::*;
use crate::attendance::{llm_assist_types, llm_assist_config, llm_assist_handlers, llm_assist_commands};
use axum::{
routing::{get, post},
@ -18,6 +7,10 @@ use axum::{
use std::sync::Arc;
use crate::core::shared::state::AppState;
pub use llm_assist_types::*;
pub use llm_assist_handlers::*;
pub use llm_assist_commands::*;
pub fn llm_assist_routes() -> Router<Arc<AppState>> {
Router::new()
.route("/llm-assist/config/:bot_id", get(get_llm_config))

8
src/basic/compiler/blocks/mail.rs
View file

@ -15,7 +15,7 @@ pub fn convert_mail_line_with_substitution(line: &str) -> String {
if !current_literal.is_empty() {
if result.is_empty() {
result.push_str("\"");
result.push('"');
result.push_str(&current_literal.replace('"', "\\\""));
result.push('"');
} else {
@ -58,7 +58,7 @@ pub fn convert_mail_line_with_substitution(line: &str) -> String {
if !current_literal.is_empty() {
if result.is_empty() {
result.push_str("\"");
result.push('"');
result.push_str(&current_literal.replace('"', "\\\""));
result.push('"');
} else {
@ -98,10 +98,9 @@ pub fn convert_mail_block(recipient: &str, lines: &[String]) -> String {
let mut result = String::new();
let chunk_size = 5;
let mut var_count = 0;
let mut all_vars: Vec<String> = Vec::new();
for chunk in body_lines.chunks(chunk_size) {
for (var_count, chunk) in body_lines.chunks(chunk_size).enumerate() {
let var_name = format!("__mail_body_{}__", var_count);
all_vars.push(var_name.clone());
@ -115,7 +114,6 @@ pub fn convert_mail_block(recipient: &str, lines: &[String]) -> String {
}
result.push_str(&format!("let {} = {};\n", var_name, chunk_expr));
}
var_count += 1;
}
let body_expr = if all_vars.is_empty() {

8
src/basic/compiler/blocks/talk.rs
View file

@ -122,8 +122,8 @@ pub fn convert_talk_block(lines: &[String]) -> String {
// Extract content after "TALK " prefix
let line_contents: Vec<String> = converted_lines.iter()
.map(|line| {
if line.starts_with("TALK ") {
line[5..].trim().to_string()
if let Some(stripped) = line.strip_prefix("TALK ") {
stripped.trim().to_string()
} else {
line.clone()
}
@ -150,12 +150,12 @@ pub fn convert_talk_block(lines: &[String]) -> String {
}
// Combine all chunks into final TALK statement
let num_chunks = (line_contents.len() + chunk_size - 1) / chunk_size;
let num_chunks = line_contents.len().div_ceil(chunk_size);
if line_contents.is_empty() {
return "TALK \"\";\n".to_string();
} else if num_chunks == 1 {
// Single chunk - use the first variable directly
result.push_str(&format!("TALK __talk_chunk_0__;\n"));
result.push_str("TALK __talk_chunk_0__;\n");
} else {
// Multiple chunks - need hierarchical chunking to avoid complexity
// Combine chunks in groups of 5 to create intermediate variables

13
src/basic/compiler/mod.rs
View file

@ -459,6 +459,10 @@ impl BasicCompiler {
.execute(&mut conn)
.ok();
}
let website_regex = Regex::new(r#"(?i)USE\s+WEBSITE\s+"([^"]+)"(?:\s+REFRESH\s+"([^"]+)")?"#)
.unwrap_or_else(|_| Regex::new(r"").unwrap());
for line in source.lines() {
let trimmed = line.trim();
if trimmed.is_empty()
@ -530,14 +534,7 @@ impl BasicCompiler {
}
if trimmed.to_uppercase().starts_with("USE WEBSITE") {
let re = match Regex::new(r#"(?i)USE\s+WEBSITE\s+"([^"]+)"(?:\s+REFRESH\s+"([^"]+)")?"#) {
Ok(re) => re,
Err(e) => {
log::warn!("Invalid regex pattern: {}", e);
continue;
}
};
if let Some(caps) = re.captures(&normalized) {
if let Some(caps) = website_regex.captures(&normalized) {
if let Some(url_match) = caps.get(1) {
let url = url_match.as_str();
let refresh = caps.get(2).map(|m| m.as_str()).unwrap_or("1m");

42
src/basic/keywords/create_draft.rs
View file

@ -30,44 +30,9 @@ async fn execute_create_draft(
subject: &str,
reply_text: &str,
) -> Result<String, String> {
#[cfg(feature = "mail")]
{
use crate::email::{fetch_latest_sent_to, save_email_draft, SaveDraftRequest};
let config = state.config.as_ref().ok_or("No email config")?;
let previous_email = fetch_latest_sent_to(&config.email, to)
.await
.unwrap_or_default();
let email_body = if previous_email.is_empty() {
reply_text.to_string()
} else {
let email_separator = "<br><hr><br>";
let formatted_reply = reply_text.replace("FIX", "Fixed");
let formatted_old = previous_email.replace('\n', "<br>");
format!("{formatted_reply}{email_separator}{formatted_old}")
};
let draft_request = SaveDraftRequest {
account_id: String::new(),
to: to.to_string(),
cc: None,
bcc: None,
subject: subject.to_string(),
body: email_body,
};
save_email_draft(&config.email, &draft_request)
.await
.map(|()| "Draft saved successfully".to_string())
}
#[cfg(not(feature = "mail"))]
{
use chrono::Utc;
use diesel::prelude::*;
use uuid::Uuid;
use chrono::Utc;
use diesel::prelude::*;
use uuid::Uuid;
let draft_id = Uuid::new_v4();
let conn = state.conn.clone();
@ -94,5 +59,4 @@ async fn execute_create_draft(
})
.await
.map_err(|e| e.to_string())?
}
}

33
src/basic/keywords/create_site.rs
View file

@ -56,7 +56,12 @@ pub fn create_site_keyword(state: &AppState, user: UserSession, engine: &mut Eng
#[cfg(not(feature = "llm"))]
let llm: Option<()> = None;
let fut = create_site(config, s3, bucket, bot_id, llm, alias, template_dir, prompt);
let params = SiteCreationParams {
alias,
template_dir,
prompt,
};
let fut = create_site(config, s3, bucket, bot_id, llm, params);
let result =
tokio::task::block_in_place(|| tokio::runtime::Handle::current().block_on(fut))
.map_err(|e| format!("Site creation failed: {}", e))?;
@ -66,6 +71,12 @@ pub fn create_site_keyword(state: &AppState, user: UserSession, engine: &mut Eng
.expect("valid syntax registration");
}
struct SiteCreationParams {
alias: Dynamic,
template_dir: Dynamic,
prompt: Dynamic,
}
#[cfg(feature = "llm")]
async fn create_site(
config: crate::core::config::AppConfig,
@ -73,13 +84,11 @@ async fn create_site(
bucket: String,
bot_id: String,
llm: Option<Arc<dyn LLMProvider>>,
alias: Dynamic,
template_dir: Dynamic,
prompt: Dynamic,
params: SiteCreationParams,
) -> Result<String, Box<dyn Error + Send + Sync>> {
let alias_str = alias.to_string();
let template_dir_str = template_dir.to_string();
let prompt_str = prompt.to_string();
let alias_str = params.alias.to_string();
let template_dir_str = params.template_dir.to_string();
let prompt_str = params.prompt.to_string();
info!(
"CREATE SITE: {} from template {}",
@ -114,13 +123,11 @@ async fn create_site(
bucket: String,
bot_id: String,
_llm: Option<()>,
alias: Dynamic,
template_dir: Dynamic,
prompt: Dynamic,
params: SiteCreationParams,
) -> Result<String, Box<dyn Error + Send + Sync>> {
let alias_str = alias.to_string();
let template_dir_str = template_dir.to_string();
let prompt_str = prompt.to_string();
let alias_str = params.alias.to_string();
let template_dir_str = params.template_dir.to_string();
let prompt_str = params.prompt.to_string();
info!(
"CREATE SITE: {} from template {}",

2
src/basic/keywords/enhanced_llm.rs
View file

@ -26,7 +26,7 @@ pub fn register_enhanced_llm_keyword(state: Arc<AppState>, user: UserSession, en
tokio::spawn(async move {
let router = SmartLLMRouter::new(state_for_spawn);
let goal = OptimizationGoal::from_str(&optimization);
let goal = OptimizationGoal::from_str_name(&optimization);
match crate::llm::smart_router::enhanced_llm_call(
&router, &prompt, goal, None, None,

8
src/basic/keywords/enhanced_memory.rs
View file

@ -71,14 +71,12 @@ async fn share_bot_memory(
let target_bot_uuid = find_bot_by_name(&mut conn, target_bot_name)?;
let memory_value = match bot_memories::table
let memory_value = bot_memories::table
.filter(bot_memories::bot_id.eq(source_bot_uuid))
.filter(bot_memories::key.eq(memory_key))
.select(bot_memories::value)
.first(&mut conn) {
Ok(value) => value,
Err(_) => String::new(),
};
.first(&mut conn)
.unwrap_or_default();
let shared_memory = BotSharedMemory {
id: Uuid::new_v4(),

6
src/basic/keywords/face_api/service.rs
View file

@ -254,7 +254,7 @@ impl FaceApiService {
Ok(FaceVerificationResult::match_found(
result.confidence,
options.confidence_threshold as f64,
options.confidence_threshold,
0,
).with_face_ids(face1_id, face2_id))
}
@ -783,7 +783,7 @@ impl FaceApiService {
// Simulate detection based on image size/content
// In production, actual detection algorithms would be used
let num_faces = if image_bytes.len() > 100_000 {
(image_bytes.len() / 500_000).min(5).max(1)
(image_bytes.len() / 500_000).clamp(1, 5)
} else {
1
};
@ -821,7 +821,7 @@ impl FaceApiService {
attributes: if options.return_attributes.unwrap_or(false) {
Some(FaceAttributes {
age: Some(25.0 + (face_id.as_u128() % 40) as f32),
gender: Some(if face_id.as_u128() % 2 == 0 {
gender: Some(if face_id.as_u128().is_multiple_of(2) {
Gender::Male
} else {
Gender::Female

8
src/basic/keywords/table_migration.rs
View file

@ -166,13 +166,7 @@ pub fn sync_bot_tables(
info!("Syncing table: {}", table.name);
// Get existing columns
let existing_columns = match get_table_columns(&table.name, &mut conn) {
Ok(cols) => cols,
Err(_) => {
// Table doesn't exist yet
vec![]
}
};
let existing_columns = get_table_columns(&table.name, &mut conn).unwrap_or_default();
// Generate CREATE TABLE SQL
let create_sql = super::table_definition::generate_create_table_sql(table, "postgres");

2
src/basic/keywords/use_tool.rs
View file

@ -26,7 +26,7 @@ pub fn use_tool_keyword(state: Arc<AppState>, user: UserSession, engine: &mut En
tool_path_str.as_str()
}
.strip_suffix(".bas")
.unwrap_or_else(|| tool_path_str.as_str())
.unwrap_or(tool_path_str.as_str())
.to_string();
if tool_name.is_empty() {
return Err(Box::new(rhai::EvalAltResult::ErrorRuntime(

24
src/basic/mod.rs
View file

@ -944,10 +944,9 @@ impl ScriptService {
// Create intermediate variables for body chunks (max 5 lines per variable to keep complexity low)
let chunk_size = 5;
let mut var_count = 0;
let mut all_vars: Vec<String> = Vec::new();
for chunk in body_lines.chunks(chunk_size) {
for (var_count, chunk) in body_lines.chunks(chunk_size).enumerate() {
let var_name = format!("__mail_body_{}__", var_count);
all_vars.push(var_name.clone());
@ -961,7 +960,6 @@ impl ScriptService {
}
result.push_str(&format!("let {} = {};\n", var_name, chunk_expr));
}
var_count += 1;
}
// Combine all chunks into final body
@ -1011,7 +1009,7 @@ impl ScriptService {
// Add accumulated literal as a string if non-empty
if !current_literal.is_empty() {
if result.is_empty() {
result.push_str("\"");
result.push('"');
result.push_str(&current_literal.replace('"', "\\\""));
result.push('"');
} else {
@ -1062,7 +1060,7 @@ impl ScriptService {
// Add any remaining literal
if !current_literal.is_empty() {
if result.is_empty() {
result.push_str("\"");
result.push('"');
result.push_str(&current_literal.replace('"', "\\\""));
result.push('"');
} else {
@ -1164,7 +1162,7 @@ impl ScriptService {
// Handle END IF
if upper == "END IF" {
log::info!("[TOOL] Converting END IF statement");
if let Some(_) = if_stack.pop() {
if if_stack.pop().is_some() {
result.push_str("}\n");
}
continue;
@ -1210,8 +1208,8 @@ impl ScriptService {
for (i, talk_line) in chunk.iter().enumerate() {
let converted = Self::convert_talk_line_with_substitution(talk_line);
// Remove "TALK " prefix from converted line if present
let line_content = if converted.starts_with("TALK ") {
converted[5..].trim().to_string()
let line_content = if let Some(stripped) = converted.strip_prefix("TALK ") {
stripped.trim().to_string()
} else {
converted
};
@ -1346,7 +1344,7 @@ impl ScriptService {
if !upper.starts_with("IF ") && !upper.starts_with("ELSE") && !upper.starts_with("END IF") {
// Check if this is a variable assignment (identifier = expression)
// Pattern: starts with letter/underscore, contains = but not ==, !=, <=, >=, +=, -=
let is_var_assignment = trimmed.chars().next().map_or(false, |c| c.is_alphabetic() || c == '_')
let is_var_assignment = trimmed.chars().next().is_some_and(|c| c.is_alphabetic() || c == '_')
&& trimmed.contains('=')
&& !trimmed.contains("==")
&& !trimmed.contains("!=")
@ -1402,9 +1400,9 @@ impl ScriptService {
log::info!("[TOOL] IF/THEN conversion complete, output has {} lines", result.lines().count());
// Convert BASIC <> (not equal) to Rhai != globally
let result = result.replace(" <> ", " != ");
result
result.replace(" <> ", " != ")
}
/// Convert BASIC SELECT ... CASE / END SELECT to if-else chains
@ -2031,9 +2029,9 @@ impl ScriptService {
let mut current = String::new();
let mut in_quotes = false;
let mut quote_char = '"';
let mut chars = params_str.chars().peekable();
let chars = params_str.chars().peekable();
while let Some(c) = chars.next() {
for c in chars {
match c {
'"' | '\'' if !in_quotes => {
in_quotes = true;

2
src/channels/media_upload.rs
View file

@ -41,7 +41,7 @@ impl Platform {
}
}
pub fn from_str(s: &str) -> Option<Self> {
pub fn from_str_name(s: &str) -> Option<Self> {
match s.to_lowercase().as_str() {
"twitter" | "x" => Some(Self::Twitter),
"facebook" | "fb" => Some(Self::Facebook),

5
src/channels/oauth.rs
View file

@ -49,10 +49,7 @@ impl SocialPlatform {
}
pub fn requires_oauth(&self) -> bool {
match self {
Self::Bluesky | Self::Telegram | Self::Twilio => false,
_ => true,
}
!matches!(self, Self::Bluesky | Self::Telegram | Self::Twilio)
}
pub fn authorization_url(&self) -> Option<&'static str> {

16
src/contacts/google_client.rs
View file

@ -298,10 +298,10 @@ impl GoogleClient {
})).collect::<Vec<_>>())
},
"organizations": if contact.company.is_some() || contact.job_title.is_some() {
Some([{
"name": contact.company,
"title": contact.job_title
}])
Some(vec![serde_json::json!({
"name": contact.company.unwrap_or_default(),
"title": contact.job_title.unwrap_or_default()
})])
} else { None }
});
@ -363,10 +363,10 @@ impl GoogleClient {
})).collect::<Vec<_>>())
},
"organizations": if contact.company.is_some() || contact.job_title.is_some() {
Some([{
"name": contact.company,
"title": contact.job_title
}])
Some(vec![serde_json::json!({
"name": contact.company.unwrap_or_default(),
"title": contact.job_title.unwrap_or_default()
})])
} else { None }
});

2
src/core/bot/tool_executor.rs
View file

@ -284,7 +284,7 @@ impl ToolExecutor {
}
// Compile tool script (filters PARAM/DESCRIPTION lines and converts BASIC to Rhai)
let ast = match script_service.compile_tool_script(&bas_script) {
let ast = match script_service.compile_tool_script(bas_script) {
Ok(ast) => ast,
Err(e) => {
let error_msg = format!("Compilation error: {}", e);

2
src/core/config/mod.rs
View file

@ -419,7 +419,7 @@ impl ConfigManager {
.first::<String>(&mut conn)
.unwrap_or_else(|_| fallback_str.to_string())
} else {
String::from(v)
v
}
}
Err(_) => {

2
src/core/config_reload.rs
View file

@ -16,7 +16,7 @@ pub async fn reload_config(
let mut conn = conn_arc
.get()
.map_err(|e| format!("failed to get db connection: {e}"))?;
Ok(crate::core::bot::get_default_bot(&mut *conn))
Ok(crate::core::bot::get_default_bot(&mut conn))
})
.await
.map_err(|_| StatusCode::INTERNAL_SERVER_ERROR)?

8
src/core/kb/kb_indexer.rs
View file

@ -172,9 +172,9 @@ impl KbIndexer {
let mut batch_docs = Vec::with_capacity(BATCH_SIZE);
// Process documents in iterator to avoid keeping all in memory
let mut doc_iter = documents.into_iter();
let doc_iter = documents.into_iter();
while let Some((doc_path, chunks)) = doc_iter.next() {
for (doc_path, chunks) in doc_iter {
if chunks.is_empty() {
debug!("[KB_INDEXER] Skipping document with no chunks: {}", doc_path);
continue;
@ -262,9 +262,9 @@ impl KbIndexer {
// Process chunks in smaller sub-batches to prevent memory exhaustion
const CHUNK_BATCH_SIZE: usize = 20; // Process 20 chunks at a time
let mut chunk_batches = chunks.chunks(CHUNK_BATCH_SIZE);
let chunk_batches = chunks.chunks(CHUNK_BATCH_SIZE);
while let Some(chunk_batch) = chunk_batches.next() {
for chunk_batch in chunk_batches {
trace!("[KB_INDEXER] Processing chunk batch of {} chunks", chunk_batch.len());
let embeddings = match self

2
src/core/kb/web_crawler.rs
View file

@ -221,7 +221,7 @@ impl WebCrawler {
self.pages.push(page);
// Aggressive memory cleanup every 10 pages
if self.pages.len() % 10 == 0 {
if self.pages.len().is_multiple_of(10) {
self.pages.shrink_to_fit();
self.visited_urls.shrink_to_fit();
}

10
src/core/kb/website_crawler_service.rs
View file

@ -228,7 +228,7 @@ impl WebsiteCrawlerService {
let total_pages = pages.len();
for (batch_idx, batch) in pages.chunks(BATCH_SIZE).enumerate() {
info!("Processing batch {} of {} pages", batch_idx + 1, (total_pages + BATCH_SIZE - 1) / BATCH_SIZE);
info!("Processing batch {} of {} pages", batch_idx + 1, total_pages.div_ceil(BATCH_SIZE));
for (idx, page) in batch.iter().enumerate() {
let global_idx = batch_idx * BATCH_SIZE + idx;
@ -377,6 +377,8 @@ impl WebsiteCrawlerService {
bot_id: uuid::Uuid,
conn: &mut diesel::PgConnection,
) -> Result<(), Box<dyn std::error::Error + Send + Sync>> {
let website_regex = regex::Regex::new(r#"(?i)(?:USE\s+WEBSITE\s+"([^"]+)"\s+REFRESH\s+"([^"]+)")|(?:USE_WEBSITE\s*\(\s*"([^"]+)"\s*(?:,\s*"([^"]+)"\s*)?\))"#)?;
for entry in std::fs::read_dir(dir)? {
let entry = entry?;
let path = entry.path();
@ -384,11 +386,7 @@ impl WebsiteCrawlerService {
if path.extension().is_some_and(|ext| ext == "bas") {
let content = std::fs::read_to_string(&path)?;
// Regex to find both syntaxes: USE WEBSITE "url" REFRESH "interval" and USE_WEBSITE("url", "refresh")
// Case-insensitive to match preprocessed lowercase versions
let re = regex::Regex::new(r#"(?i)(?:USE\s+WEBSITE\s+"([^"]+)"\s+REFRESH\s+"([^"]+)")|(?:USE_WEBSITE\s*\(\s*"([^"]+)"\s*(?:,\s*"([^"]+)"\s*)?\))"#)?;
for cap in re.captures_iter(&content) {
for cap in website_regex.captures_iter(&content) {
// Extract URL from either capture group 1 (space syntax) or group 3 (function syntax)
let url_str = if let Some(url) = cap.get(1) {
url.as_str()

6
src/core/middleware.rs
View file

@ -495,12 +495,12 @@ pub async fn require_authentication_middleware(
Ok(next.run(request).await)
}
type MiddlewareFuture = std::pin::Pin<Box<dyn std::future::Future<Output = Result<Response, Response>> + Send>>;
/// Require specific role - returns 403 if role not present
pub fn require_role_middleware(
required_role: &'static str,
) -> impl Fn(Request<Body>, Next) -> std::pin::Pin<Box<dyn std::future::Future<Output = Result<Response, Response>> + Send>>
+ Clone
+ Send {
) -> impl Fn(Request<Body>, Next) -> MiddlewareFuture + Clone + Send {
move |request: Request<Body>, next: Next| {
Box::pin(async move {
let user = request

168
src/core/package_manager/cli.rs
View file

@ -197,7 +197,7 @@ pub async fn run() -> Result<()> {
"rotate-secret" => {
if args.len() < 3 {
eprintln!("Usage: botserver rotate-secret <component>");
eprintln!("Components: tables, drive, cache, email, directory, encryption");
eprintln!("Components: tables, drive, cache, email, directory, encryption, jwt");
return Ok(());
}
let component = &args[2];
@ -282,6 +282,7 @@ fn print_usage() {
println!(" restart Restart all components");
println!(" vault <subcommand> Manage Vault secrets");
println!(" rotate-secret <comp> Rotate a component's credentials");
println!(" (tables, drive, cache, email, directory, encryption, jwt)");
println!(" rotate-secrets --all Rotate ALL credentials (dangerous!)");
println!(" version [--all] Show version information");
println!(" --version, -v Show version");
@ -788,6 +789,7 @@ async fn rotate_secret(component: &str) -> Result<()> {
if input.trim().to_lowercase() == "y" {
manager.put_secret(SecretPaths::TABLES, secrets).await?;
println!("✓ Credentials saved to Vault");
verify_rotation(component).await?;
} else {
println!("✗ Aborted");
}
@ -933,9 +935,81 @@ async fn rotate_secret(component: &str) -> Result<()> {
println!("✗ Aborted");
}
}
"jwt" => {
let new_secret = generate_password(64);
let env_path = std::env::current_dir()?.join(".env");
println!("⚠️ JWT SECRET ROTATION");
println!();
println!("Current: JWT_SECRET in .env file");
println!("Impact: ALL refresh tokens will become invalid immediately");
println!("Access tokens (15 min) will expire naturally");
println!();
// Check if .env exists
if !env_path.exists() {
println!("✗ .env file not found at: {}", env_path.display());
return Ok(());
}
// Read current JWT_SECRET for display
let env_content = std::fs::read_to_string(&env_path)?;
let current_jwt = env_content
.lines()
.find(|line| line.starts_with("JWT_SECRET="))
.unwrap_or("JWT_SECRET=(not set)");
println!("Current: {}", &current_jwt.chars().take(40).collect::<String>());
println!("New: {}... (64 chars)", &new_secret.chars().take(8).collect::<String>());
println!();
// Backup .env
let backup_path = format!("{}.backup.{}", env_path.display(), chrono::Utc::now().timestamp());
std::fs::copy(&env_path, &backup_path)?;
println!("✓ Backup created: {}", backup_path);
println!();
print!("Update JWT_SECRET in .env? [y/N]: ");
std::io::Write::flush(&mut std::io::stdout())?;
let mut input = String::new();
std::io::stdin().read_line(&mut input)?;
if input.trim().to_lowercase() == "y" {
// Read, update, write .env atomically
let content = std::fs::read_to_string(&env_path)?;
let new_content = content
.lines()
.map(|line| {
if line.starts_with("JWT_SECRET=") {
format!("JWT_SECRET={}", new_secret)
} else {
line.to_string()
}
})
.collect::<Vec<_>>()
.join("\n");
let temp_path = format!("{}.new", env_path.display());
std::fs::write(&temp_path, new_content)?;
std::fs::rename(&temp_path, &env_path)?;
println!("✓ JWT_SECRET updated in .env");
println!();
println!("⚠️ RESTART REQUIRED:");
println!(" botserver restart");
println!();
println!("All users must re-login after restart (refresh tokens invalid)");
println!("Access tokens will expire naturally within 15 minutes");
verify_rotation(component).await?;
} else {
println!("✗ Aborted");
println!("Backup preserved at: {}", backup_path);
}
}
_ => {
eprintln!("Unknown component: {}", component);
eprintln!("Valid components: tables, drive, cache, email, directory, encryption");
eprintln!("Valid components: tables, drive, cache, email, directory, encryption, jwt");
}
}
@ -1041,6 +1115,96 @@ async fn rotate_all_secrets() -> Result<()> {
Ok(())
}
async fn verify_rotation(component: &str) -> Result<()> {
println!();
println!("Verifying {}...", component);
match component {
"tables" => {
let manager = SecretsManager::from_env()?;
let secrets = manager.get_secret(SecretPaths::TABLES).await?;
let host = secrets.get("host").cloned().unwrap_or_else(|| "localhost".to_string());
let port = secrets.get("port").cloned().unwrap_or_else(|| "5432".to_string());
let user = secrets.get("username").cloned().unwrap_or_else(|| "postgres".to_string());
let pass = secrets.get("password").cloned().unwrap_or_default();
let db = secrets.get("database").cloned().unwrap_or_else(|| "postgres".to_string());
println!(" Testing connection to {}@{}:{}...", user, host, port);
// Use psql to test connection
let result = std::process::Command::new("psql")
.args([
"-h", &host,
"-p", &port,
"-U", &user,
"-d", &db,
"-c", "SELECT 1;",
"-t", "-q" // Tuples only, quiet mode
])
.env("PGPASSWORD", &pass)
.output();
match result {
Ok(output) if output.status.success() => {
println!("✓ Database connection successful");
}
Ok(output) => {
let stderr = String::from_utf8_lossy(&output.stderr);
println!("✗ Database connection FAILED");
println!(" Error: {}", stderr.trim());
println!(" Hint: Run the SQL command provided by rotate-secret");
}
Err(_e) => {
println!("⊘ Verification skipped (psql not available)");
println!(" Hint: Manually test with: psql -h {} -U {} -d {} -c 'SELECT 1'", host, user, db);
}
}
}
"jwt" => {
println!(" Testing health endpoint...");
// Try to determine the health endpoint
let health_urls = vec![
"http://localhost:8080/health",
"http://localhost:5858/health",
"http://localhost:3000/health",
];
let mut success = false;
for url in health_urls {
match reqwest::get(url).await {
Ok(resp) if resp.status().is_success() => {
println!("✓ Service healthy at {}", url);
success = true;
break;
}
Ok(_resp) => {
// Try next URL
continue;
}
Err(_e) => {
// Try next URL
continue;
}
}
}
if !success {
println!("⊘ Health endpoint not reachable");
println!(" Hint: Restart botserver with: botserver restart");
println!(" Then manually verify service is responding");
}
}
_ => {
println!("⊘ No automated verification available for {}", component);
println!(" Hint: Manually verify the service is working after rotation");
}
}
Ok(())
}
async fn vault_health() -> Result<()> {
let manager = SecretsManager::from_env()?;

4
src/core/package_manager/facade.rs
View file

@ -1047,7 +1047,7 @@ Store credentials in Vault:
Ok(())
}
pub fn run_commands(&self, commands: &[String], target: &str, component: &str) -> Result<()> {
self.run_commands_with_password(commands, target, component, &String::new())
self.run_commands_with_password(commands, target, component, "")
}
pub fn run_commands_with_password(&self, commands: &[String], target: &str, component: &str, db_password_override: &str) -> Result<()> {
@ -1081,7 +1081,7 @@ Store credentials in Vault:
match get_database_url_sync() {
Ok(url) => {
let (_, password, _, _, _) = parse_database_url(&url);
String::from(password)
password
}
Err(_) => {
trace!("Vault not available for DB_PASSWORD, using empty string");

2
src/core/performance.rs
View file

@ -748,7 +748,7 @@ impl<T: Clone + Send + Sync + 'static> BatchProcessor<T> {
F: Fn(Vec<T>) -> Fut + Send + Sync + 'static,
Fut: std::future::Future<Output = ()> + Send + 'static,
{
let processor_arc: Arc<dyn Fn(Vec<T>) -> std::pin::Pin<Box<dyn std::future::Future<Output = ()> + Send>> + Send + Sync> =
let processor_arc: BatchProcessorFunc<T> =
Arc::new(move |items| Box::pin(processor(items)));
let batch_processor = Self {

298
src/core/shared/admin_handlers.rs
View file

@ -1,270 +1,50 @@
use super::admin_types::*;
use crate::core::shared::state::AppState;
use crate::core::urls::ApiUrls;
use axum::{
extract::{Path, State},
http::StatusCode,
response::{IntoResponse, Json},
routing::{get, post},
};
use diesel::prelude::*;
use diesel::sql_types::{Text, Nullable};
use log::{error, info};
use std::sync::Arc;
use uuid::Uuid;
/// Get admin dashboard data
pub async fn get_admin_dashboard(
State(state): State<Arc<AppState>>,
Path(bot_id): Path<Uuid>,
) -> impl IntoResponse {
let bot_id = bot_id.into_inner();
// Get system status
let (database_ok, redis_ok) = match get_system_status(&state).await {
Ok(status) => (true, status.is_healthy()),
Err(e) => {
error!("Failed to get system status: {}", e);
(false, false)
}
};
// Get user count
let user_count = get_stats_users(&state).await.unwrap_or(0);
let group_count = get_stats_groups(&state).await.unwrap_or(0);
let bot_count = get_stats_bots(&state).await.unwrap_or(0);
// Get storage stats
let storage_stats = get_stats_storage(&state).await.unwrap_or_else(|| StorageStat {
total_gb: 0,
used_gb: 0,
percent: 0.0,
});
// Get recent activities
let activities = get_dashboard_activity(&state, Some(20))
.await
.unwrap_or_default();
// Get member/bot/invitation stats
let member_count = get_dashboard_members(&state, bot_id, 50)
.await
.unwrap_or(0);
let bot_list = get_dashboard_bots(&state, bot_id, 50)
.await
.unwrap_or_default();
let invitation_count = get_dashboard_invitations(&state, bot_id, 50)
.await
.unwrap_or(0);
let dashboard_data = AdminDashboardData {
users: vec![
UserStat {
id: Uuid::new_v4(),
name: "Users".to_string(),
count: user_count as i64,
},
GroupStat {
id: Uuid::new_v4(),
name: "Groups".to_string(),
count: group_count as i64,
},
BotStat {
id: Uuid::new_v4(),
name: "Bots".to_string(),
count: bot_count as i64,
},
],
groups,
bots: bot_list,
storage: storage_stats,
activities,
invitations: vec![
UserStat {
id: Uuid::new_v4(),
name: "Members".to_string(),
count: member_count as i64,
},
UserStat {
id: Uuid::new_v4(),
name: "Invitations".to_string(),
count: invitation_count as i64,
},
],
};
(StatusCode::OK, Json(dashboard_data)).into_response()
// Helper function to get dashboard members
async fn get_dashboard_members(
state: &AppState,
bot_id: Uuid,
limit: i64,
) -> Result<i64, diesel::result::Error> {
// TODO: Implement actual member fetching logic
// For now, return a placeholder count
Ok(0)
}
/// Get system health status
pub async fn get_system_status(
State(state): State<Arc<AppState>>,
) -> impl IntoResponse {
let (database_ok, redis_ok) = match get_system_status(&state).await {
Ok(status) => (true, status.is_healthy()),
Err(e) => {
error!("Failed to get system status: {}", e);
(false, false)
}
};
let response = SystemHealth {
database: database_ok,
redis: redis_ok,
services: vec![],
};
(StatusCode::OK, Json(response)).into_response()
// Helper function to get dashboard invitations
async fn get_dashboard_invitations(
state: &AppState,
bot_id: Uuid,
limit: i64,
) -> Result<i64, diesel::result::Error> {
// TODO: Use organization_invitations table when available in model maps
Ok(0)
}
/// Get system metrics
pub async fn get_system_metrics(
State(state): State<Arc<AppState>>,
) -> impl IntoResponse {
// Get CPU usage
let cpu_usage = sys_info::get_system_cpu_usage();
let cpu_usage_percent = if cpu_usage > 0.0 {
(cpu_usage / sys_info::get_system_cpu_count() as f64) * 100.0
} else {
0.0
};
// Get memory usage
let mem_total = sys_info::get_total_memory_mb();
let mem_used = sys_info::get_used_memory_mb();
let mem_percent = if mem_total > 0 {
((mem_total - mem_used) as f64 / mem_total as f64) * 100.0
} else {
0.0
};
// Get disk usage
let disk_total = sys_info::get_total_disk_space_gb();
let disk_used = sys_info::get_used_disk_space_gb();
let disk_percent = if disk_total > 0.0 {
((disk_total - disk_used) as f64 / disk_total as f64) * 100.0
} else {
0.0
};
let services = vec![
ServiceStatus {
name: "database".to_string(),
status: if database_ok { "running" } else { "stopped" }.to_string(),
uptime_seconds: 0,
},
ServiceStatus {
name: "redis".to_string(),
status: if redis_ok { "running" } else { "stopped" }.to_string(),
uptime_seconds: 0,
},
];
let metrics = SystemMetricsResponse {
cpu_usage,
memory_total_mb: mem_total,
memory_used_mb: mem_used,
memory_percent: mem_percent,
disk_total_gb: disk_total,
disk_used_gb: disk_used,
disk_percent: disk_percent,
network_in_mbps: 0.0,
network_out_mbps: 0.0,
active_connections: 0,
request_rate_per_minute: 0,
error_rate_percent: 0.0,
};
(StatusCode::OK, Json(metrics)).into_response()
}
/// Get user statistics
pub async fn get_stats_users(
State(state): State<Arc<AppState>>,
) -> impl IntoResponse {
use crate::core::shared::models::schema::users;
let count = users::table
.count()
.get_result(&state.conn)
.map_err(|e| format!("Failed to get user count: {}", e))?;
let response = vec![
UserStat {
id: Uuid::new_v4(),
name: "Total Users".to_string(),
count: count as i64,
},
];
(StatusCode::OK, Json(response)).into_response()
}
/// Get group statistics
pub async fn get_stats_groups(
State(state): State<Arc<AppState>>,
) -> impl IntoResponse {
use crate::core::shared::models::schema::bot_groups;
let count = bot_groups::table
.count()
.get_result(&state.conn)
.map_err(|e| format!("Failed to get group count: {}", e))?;
let response = vec![
UserStat {
id: Uuid::new_v4(),
name: "Total Groups".to_string(),
count: count as i64,
},
];
(StatusCode::OK, Json(response)).into_response()
}
/// Get bot statistics
pub async fn get_stats_bots(
State(state): State<Arc<AppState>>,
) -> impl IntoResponse {
// Helper function to get dashboard bots
async fn get_dashboard_bots(
state: &AppState,
bot_id: Uuid,
limit: i64,
) -> Result<Vec<BotStat>, diesel::result::Error> {
use crate::core::shared::models::schema::bots;
let count = bots::table
.count()
.get_result(&state.conn)
.map_err(|e| format!("Failed to get bot count: {}", e))?;
let bot_list = bots::table
.limit(limit)
.load::<crate::core::shared::models::Bot>(&state.conn)?;
let response = vec![
UserStat {
id: Uuid::new_v4(),
name: "Total Bots".to_string(),
count: count as i64,
},
];
let stats = bot_list.into_iter().map(|b| BotStat {
id: b.id,
name: b.name,
count: 1, // Placeholder
}).collect();
(StatusCode::OK, Json(response)).into_response()
Ok(stats)
}
/// Get storage statistics
pub async fn get_stats_storage(
State(state): State<Arc<AppState>>,
) -> impl IntoResponse {
use crate::core::shared::models::schema::storage_usage;
let usage = storage_usage::table
.limit(100)
.order_by(crate::core::shared::models::schema::storage_usage::timestamp.desc())
.load(&state.conn)
.map_err(|e| format!("Failed to get storage stats: {}", e))?;
let total_gb = usage.iter().map(|u| u.total_gb.unwrap_or(0.0)).sum::<f64>();
let used_gb = usage.iter().map(|u| u.used_gb.unwrap_or(0.0)).sum::<f64>();
let percent = if total_gb > 0.0 { (used_gb / total_gb * 100.0) } else { 0.0 };
let response = StorageStat {
total_gb: total_gb.round(),
used_gb: used_gb.round(),
percent: (percent * 100.0).round(),
};
(StatusCode::OK, Json(response)).into_response()
// Helper function to get dashboard activity
async fn get_dashboard_activity(
state: &AppState,
limit: Option<i64>,
) -> Result<Vec<ActivityLog>, diesel::result::Error> {
// Placeholder
Ok(vec![])
}

270
src/core/shared/admin_handlers.rs.bak Normal file
View file

@ -0,0 +1,270 @@
use super::admin_types::*;
use crate::core::shared::state::AppState;
use crate::core::urls::ApiUrls;
use axum::{
extract::{Path, State},
http::StatusCode,
response::{IntoResponse, Json},
routing::{get, post},
};
use diesel::prelude::*;
use diesel::sql_types::{Text, Nullable};
use log::{error, info};
use std::sync::Arc;
use uuid::Uuid;
/// Get admin dashboard data
pub async fn get_admin_dashboard(
State(state): State<Arc<AppState>>,
Path(bot_id): Path<Uuid>,
) -> impl IntoResponse {
let bot_id = bot_id.into_inner();
// Get system status
let (database_ok, redis_ok) = match get_system_status(&state).await {
Ok(status) => (true, status.is_healthy()),
Err(e) => {
error!("Failed to get system status: {}", e);
(false, false)
}
};
// Get user count
let user_count = get_stats_users(&state).await.unwrap_or(0);
let group_count = get_stats_groups(&state).await.unwrap_or(0);
let bot_count = get_stats_bots(&state).await.unwrap_or(0);
// Get storage stats
let storage_stats = get_stats_storage(&state).await.unwrap_or_else(|| StorageStat {
total_gb: 0,
used_gb: 0,
percent: 0.0,
});
// Get recent activities
let activities = get_dashboard_activity(&state, Some(20))
.await
.unwrap_or_default();
// Get member/bot/invitation stats
let member_count = get_dashboard_members(&state, bot_id, 50)
.await
.unwrap_or(0);
let bot_list = get_dashboard_bots(&state, bot_id, 50)
.await
.unwrap_or_default();
let invitation_count = get_dashboard_invitations(&state, bot_id, 50)
.await
.unwrap_or(0);
let dashboard_data = AdminDashboardData {
users: vec![
UserStat {
id: Uuid::new_v4(),
name: "Users".to_string(),
count: user_count as i64,
},
GroupStat {
id: Uuid::new_v4(),
name: "Groups".to_string(),
count: group_count as i64,
},
BotStat {
id: Uuid::new_v4(),
name: "Bots".to_string(),
count: bot_count as i64,
},
],
groups,
bots: bot_list,
storage: storage_stats,
activities,
invitations: vec![
UserStat {
id: Uuid::new_v4(),
name: "Members".to_string(),
count: member_count as i64,
},
UserStat {
id: Uuid::new_v4(),
name: "Invitations".to_string(),
count: invitation_count as i64,
},
],
};
(StatusCode::OK, Json(dashboard_data)).into_response()
}
/// Get system health status
pub async fn get_system_status(
State(state): State<Arc<AppState>>,
) -> impl IntoResponse {
let (database_ok, redis_ok) = match get_system_status(&state).await {
Ok(status) => (true, status.is_healthy()),
Err(e) => {
error!("Failed to get system status: {}", e);
(false, false)
}
};
let response = SystemHealth {
database: database_ok,
redis: redis_ok,
services: vec![],
};
(StatusCode::OK, Json(response)).into_response()
}
/// Get system metrics
pub async fn get_system_metrics(
State(state): State<Arc<AppState>>,
) -> impl IntoResponse {
// Get CPU usage
let cpu_usage = sys_info::get_system_cpu_usage();
let cpu_usage_percent = if cpu_usage > 0.0 {
(cpu_usage / sys_info::get_system_cpu_count() as f64) * 100.0
} else {
0.0
};
// Get memory usage
let mem_total = sys_info::get_total_memory_mb();
let mem_used = sys_info::get_used_memory_mb();
let mem_percent = if mem_total > 0 {
((mem_total - mem_used) as f64 / mem_total as f64) * 100.0
} else {
0.0
};
// Get disk usage
let disk_total = sys_info::get_total_disk_space_gb();
let disk_used = sys_info::get_used_disk_space_gb();
let disk_percent = if disk_total > 0.0 {
((disk_total - disk_used) as f64 / disk_total as f64) * 100.0
} else {
0.0
};
let services = vec![
ServiceStatus {
name: "database".to_string(),
status: if database_ok { "running" } else { "stopped" }.to_string(),
uptime_seconds: 0,
},
ServiceStatus {
name: "redis".to_string(),
status: if redis_ok { "running" } else { "stopped" }.to_string(),
uptime_seconds: 0,
},
];
let metrics = SystemMetricsResponse {
cpu_usage,
memory_total_mb: mem_total,
memory_used_mb: mem_used,
memory_percent: mem_percent,
disk_total_gb: disk_total,
disk_used_gb: disk_used,
disk_percent: disk_percent,
network_in_mbps: 0.0,
network_out_mbps: 0.0,
active_connections: 0,
request_rate_per_minute: 0,
error_rate_percent: 0.0,
};
(StatusCode::OK, Json(metrics)).into_response()
}
/// Get user statistics
pub async fn get_stats_users(
State(state): State<Arc<AppState>>,
) -> impl IntoResponse {
use crate::core::shared::models::schema::users;
let count = users::table
.count()
.get_result(&state.conn)
.map_err(|e| format!("Failed to get user count: {}", e))?;
let response = vec![
UserStat {
id: Uuid::new_v4(),
name: "Total Users".to_string(),
count: count as i64,
},
];
(StatusCode::OK, Json(response)).into_response()
}
/// Get group statistics
pub async fn get_stats_groups(
State(state): State<Arc<AppState>>,
) -> impl IntoResponse {
use crate::core::shared::models::schema::bot_groups;
let count = bot_groups::table
.count()
.get_result(&state.conn)
.map_err(|e| format!("Failed to get group count: {}", e))?;
let response = vec![
UserStat {
id: Uuid::new_v4(),
name: "Total Groups".to_string(),
count: count as i64,
},
];
(StatusCode::OK, Json(response)).into_response()
}
/// Get bot statistics
pub async fn get_stats_bots(
State(state): State<Arc<AppState>>,
) -> impl IntoResponse {
use crate::core::shared::models::schema::bots;
let count = bots::table
.count()
.get_result(&state.conn)
.map_err(|e| format!("Failed to get bot count: {}", e))?;
let response = vec![
UserStat {
id: Uuid::new_v4(),
name: "Total Bots".to_string(),
count: count as i64,
},
];
(StatusCode::OK, Json(response)).into_response()
}
/// Get storage statistics
pub async fn get_stats_storage(
State(state): State<Arc<AppState>>,
) -> impl IntoResponse {
use crate::core::shared::models::schema::storage_usage;
let usage = storage_usage::table
.limit(100)
.order_by(crate::core::shared::models::schema::storage_usage::timestamp.desc())
.load(&state.conn)
.map_err(|e| format!("Failed to get storage stats: {}", e))?;
let total_gb = usage.iter().map(|u| u.total_gb.unwrap_or(0.0)).sum::<f64>();
let used_gb = usage.iter().map(|u| u.used_gb.unwrap_or(0.0)).sum::<f64>();
let percent = if total_gb > 0.0 { (used_gb / total_gb * 100.0) } else { 0.0 };
let response = StorageStat {
total_gb: total_gb.round(),
used_gb: used_gb.round(),
percent: (percent * 100.0).round(),
};
(StatusCode::OK, Json(response)).into_response()
}

321
src/core/shared/admin_handlers.rs.new Normal file
View file

@ -0,0 +1,321 @@
use super::admin_types::*;
use crate::core::shared::state::AppState;
use crate::core::urls::ApiUrls;
use axum::{
extract::{Path, State},
http::StatusCode,
response::{IntoResponse, Json},
routing::{get, post},
};
use diesel::prelude::*;
use diesel::sql_types::{Text, Nullable};
use log::{error, info};
use std::sync::Arc;
use uuid::Uuid;
/// Get admin dashboard data
pub async fn get_admin_dashboard(
State(state): State<Arc<AppState>>,
Path(bot_id): Path<Uuid>,
) -> impl IntoResponse {
let bot_id = bot_id.into_inner();
// Get system status
let (database_ok, redis_ok) = match get_system_status(&state).await {
Ok(status) => (true, status.is_healthy()),
Err(e) => {
error!("Failed to get system status: {}", e);
(false, false)
}
};
// Get user count
let user_count = get_stats_users(&state).await.unwrap_or(0);
let group_count = get_stats_groups(&state).await.unwrap_or(0);
let bot_count = get_stats_bots(&state).await.unwrap_or(0);
// Get storage stats
let storage_stats = get_stats_storage(&state).await.unwrap_or_else(|| StorageStat {
total_gb: 0,
used_gb: 0,
percent: 0.0,
});
// Get recent activities
let activities = get_dashboard_activity(&state, Some(20))
.await
.unwrap_or_default();
// Get member/bot/invitation stats
let member_count = get_dashboard_members(&state, bot_id, 50)
.await
.unwrap_or(0);
let bot_list = get_dashboard_bots(&state, bot_id, 50)
.await
.unwrap_or_default();
let invitation_count = get_dashboard_invitations(&state, bot_id, 50)
.await
.unwrap_or(0);
let dashboard_data = AdminDashboardData {
users: vec![
UserStat {
id: Uuid::new_v4(),
name: "Users".to_string(),
count: user_count as i64,
},
GroupStat {
id: Uuid::new_v4(),
name: "Groups".to_string(),
count: group_count as i64,
},
BotStat {
id: Uuid::new_v4(),
name: "Bots".to_string(),
count: bot_count as i64,
},
],
groups,
bots: bot_list,
storage: storage_stats,
activities,
invitations: vec![
UserStat {
id: Uuid::new_v4(),
name: "Members".to_string(),
count: member_count as i64,
},
UserStat {
id: Uuid::new_v4(),
name: "Invitations".to_string(),
count: invitation_count as i64,
},
],
};
(StatusCode::OK, Json(dashboard_data)).into_response()
}
/// Get system health status
pub async fn get_system_status(
State(state): State<Arc<AppState>>,
) -> impl IntoResponse {
let (database_ok, redis_ok) = match get_system_status(&state).await {
Ok(status) => (true, status.is_healthy()),
Err(e) => {
error!("Failed to get system status: {}", e);
(false, false)
}
};
let response = SystemHealth {
database: database_ok,
redis: redis_ok,
services: vec![],
};
(StatusCode::OK, Json(response)).into_response()
}
/// Get system metrics
pub async fn get_system_metrics(
State(state): State<Arc<AppState>>,
) -> impl IntoResponse {
// Get CPU usage
let cpu_usage = sys_info::get_system_cpu_usage();
let cpu_usage_percent = if cpu_usage > 0.0 {
(cpu_usage / sys_info::get_system_cpu_count() as f64) * 100.0
} else {
0.0
};
// Get memory usage
let mem_total = sys_info::get_total_memory_mb();
let mem_used = sys_info::get_used_memory_mb();
let mem_percent = if mem_total > 0 {
((mem_total - mem_used) as f64 / mem_total as f64) * 100.0
} else {
0.0
};
// Get disk usage
let disk_total = sys_info::get_total_disk_space_gb();
let disk_used = sys_info::get_used_disk_space_gb();
let disk_percent = if disk_total > 0.0 {
((disk_total - disk_used) as f64 / disk_total as f64) * 100.0
} else {
0.0
};
let services = vec![
ServiceStatus {
name: "database".to_string(),
status: if database_ok { "running" } else { "stopped" }.to_string(),
uptime_seconds: 0,
},
ServiceStatus {
name: "redis".to_string(),
status: if redis_ok { "running" } else { "stopped" }.to_string(),
uptime_seconds: 0,
},
];
let metrics = SystemMetricsResponse {
cpu_usage,
memory_total_mb: mem_total,
memory_used_mb: mem_used,
memory_percent: mem_percent,
disk_total_gb: disk_total,
disk_used_gb: disk_used,
disk_percent: disk_percent,
network_in_mbps: 0.0,
network_out_mbps: 0.0,
active_connections: 0,
request_rate_per_minute: 0,
error_rate_percent: 0.0,
};
(StatusCode::OK, Json(metrics)).into_response()
}
/// Get user statistics
pub async fn get_stats_users(
State(state): State<Arc<AppState>>,
) -> impl IntoResponse {
use crate::core::shared::models::schema::users;
let count = users::table
.count()
.get_result(&state.conn)
.map_err(|e| format!("Failed to get user count: {}", e))?;
let response = vec![
UserStat {
id: Uuid::new_v4(),
name: "Total Users".to_string(),
count: count as i64,
},
];
(StatusCode::OK, Json(response)).into_response()
}
/// Get group statistics
pub async fn get_stats_groups(
State(state): State<Arc<AppState>>,
) -> impl IntoResponse {
use crate::core::shared::models::schema::bot_groups;
let count = bot_groups::table
.count()
.get_result(&state.conn)
.map_err(|e| format!("Failed to get group count: {}", e))?;
let response = vec![
UserStat {
id: Uuid::new_v4(),
name: "Total Groups".to_string(),
count: count as i64,
},
];
(StatusCode::OK, Json(response)).into_response()
}
/// Get bot statistics
pub async fn get_stats_bots(
State(state): State<Arc<AppState>>,
) -> impl IntoResponse {
use crate::core::shared::models::schema::bots;
let count = bots::table
.count()
.get_result(&state.conn)
.map_err(|e| format!("Failed to get bot count: {}", e))?;
let response = vec![
UserStat {
id: Uuid::new_v4(),
name: "Total Bots".to_string(),
count: count as i64,
},
];
(StatusCode::OK, Json(response)).into_response()
}
/// Get storage statistics
pub async fn get_stats_storage(
State(state): State<Arc<AppState>>,
) -> impl IntoResponse {
use crate::core::shared::models::schema::storage_usage;
let usage = storage_usage::table
.limit(100)
.order_by(crate::core::shared::models::schema::storage_usage::timestamp.desc())
.load(&state.conn)
.map_err(|e| format!("Failed to get storage stats: {}", e))?;
let total_gb = usage.iter().map(|u| u.total_gb.unwrap_or(0.0)).sum::<f64>();
let used_gb = usage.iter().map(|u| u.used_gb.unwrap_or(0.0)).sum::<f64>();
let percent = if total_gb > 0.0 { (used_gb / total_gb * 100.0) } else { 0.0 };
let response = StorageStat {
total_gb: total_gb.round(),
used_gb: used_gb.round(),
percent: (percent * 100.0).round(),
};
(StatusCode::OK, Json(response)).into_response()
}
// Helper function to get dashboard members
async fn get_dashboard_members(
state: &AppState,
bot_id: Uuid,
limit: i64,
) -> Result<i64, diesel::result::Error> {
// TODO: Implement actual member fetching logic
// For now, return a placeholder count
Ok(0)
}
// Helper function to get dashboard invitations
async fn get_dashboard_invitations(
state: &AppState,
bot_id: Uuid,
limit: i64,
) -> Result<i64, diesel::result::Error> {
// TODO: Use organization_invitations table when available in model maps
Ok(0)
}
// Helper function to get dashboard bots
async fn get_dashboard_bots(
state: &AppState,
bot_id: Uuid,
limit: i64,
) -> Result<Vec<BotStat>, diesel::result::Error> {
use crate::core::shared::models::schema::bots;
let bot_list = bots::table
.limit(limit)
.load::<crate::core::shared::models::Bot>(&state.conn)?;
let stats = bot_list.into_iter().map(|b| BotStat {
id: b.id,
name: b.name,
count: 1, // Placeholder
}).collect();
Ok(stats)
}
// Helper function to get dashboard activity
async fn get_dashboard_activity(
state: &AppState,
limit: Option<i64>,
) -> Result<Vec<ActivityLog>, diesel::result::Error> {
// Placeholder
Ok(vec![])
}

361
src/core/shared/admin_invitations.rs
View file

@ -1,5 +1,5 @@
// Admin invitation management functions
use super::admin_types::*;
use crate::core::shared::models::core::OrganizationInvitation;
use crate::core::shared::state::AppState;
use crate::core::urls::ApiUrls;
use axum::{
@ -7,113 +7,382 @@ use axum::{
http::StatusCode,
response::{IntoResponse, Json},
};
use chrono::Utc;
use chrono::{Duration, Utc};
use diesel::prelude::*;
use log::{error, info, warn};
use std::sync::Arc;
use uuid::Uuid;
/// List all invitations
pub async fn list_invitations(
State(state): State<Arc<AppState>>,
) -> impl IntoResponse {
// TODO: Implement when invitations table is available in schema
warn!("list_invitations called - not fully implemented");
(StatusCode::OK, Json(BulkInvitationResponse { invitations: vec![] })).into_response()
use crate::core::shared::models::schema::organization_invitations::dsl::*;
let mut conn = match state.pool.get() {
Ok(c) => c,
Err(e) => {
error!("Failed to get database connection: {}", e);
return (
StatusCode::INTERNAL_SERVER_ERROR,
Json(serde_json::json!({"error": "Database connection failed"})),
)
.into_response();
}
};
let results = organization_invitations
.filter(status.eq("pending"))
.filter(expires_at.gt(Utc::now()))
.order_by(created_at.desc())
.load::<OrganizationInvitation>(&mut conn);
match results {
Ok(invites) => {
let responses: Vec<InvitationResponse> = invites
.into_iter()
.map(|inv| InvitationResponse {
id: inv.id,
email: inv.email,
role: inv.role,
message: inv.message,
created_at: inv.created_at,
token: inv.token,
})
.collect();
(StatusCode::OK, Json(BulkInvitationResponse { invitations: responses })).into_response()
}
Err(e) => {
error!("Failed to list invitations: {}", e);
(
StatusCode::INTERNAL_SERVER_ERROR,
Json(serde_json::json!({"error": "Failed to list invitations"})),
)
.into_response()
}
}
}
/// Create a single invitation
pub async fn create_invitation(
State(state): State<Arc<AppState>>,
Path(bot_id): Path<Uuid>,
Json(request): Json<CreateInvitationRequest>,
) -> impl IntoResponse {
let _bot_id = bot_id.into_inner();
use crate::core::shared::models::schema::organization_invitations::dsl::*;
let _bot_id = bot_id;
let invitation_id = Uuid::new_v4();
let token = invitation_id.to_string();
let _accept_url = format!("{}/accept-invitation?token={}", ApiUrls::get_app_url(), token);
let token = format!("{}{}", invitation_id, Uuid::new_v4());
let expires_at = Utc::now() + Duration::days(7);
let accept_url = format!("{}/accept-invitation?token={}", ApiUrls::get_app_url(), token);
let _body = format!(
r#"You have been invited to join our organization as a {}.
Click on link below to accept the invitation:
{}
This invitation will expire in 7 days."#,
request.role, _accept_url
let body = format!(
"You have been invited to join our organization as a {}.\n\nClick on link below to accept the invitation:\n{}\n\nThis invitation will expire in 7 days.",
request.role, accept_url
);
// TODO: Save to database when invitations table is available
info!("Creating invitation for {} with role {}", request.email, request.role);
let mut conn = match state.pool.get() {
Ok(c) => c,
Err(e) => {
error!("Failed to get database connection: {}", e);
return (
StatusCode::INTERNAL_SERVER_ERROR,
Json(serde_json::json!({"error": "Database connection failed"})),
)
.into_response();
}
};
(StatusCode::OK, Json(InvitationResponse {
let new_invitation = OrganizationInvitation {
id: invitation_id,
org_id: Uuid::new_v4(),
email: request.email.clone(),
role: request.role.clone(),
status: "pending".to_string(),
message: request.custom_message.clone(),
invited_by: Uuid::new_v4(),
token: Some(token.clone()),
created_at: Utc::now(),
token: Some(token),
}).into_response())
updated_at: Some(Utc::now()),
expires_at: Some(expires_at),
accepted_at: None,
accepted_by: None,
};
match diesel::insert_into(organization_invitations)
.values(&new_invitation)
.execute(&mut conn)
{
Ok(_) => {
info!("Created invitation for {} with role {}", request.email, request.role);
(
StatusCode::OK,
Json(InvitationResponse {
id: invitation_id,
email: request.email,
role: request.role,
message: request.custom_message,
created_at: Utc::now(),
token: Some(token),
}),
)
.into_response()
}
Err(e) => {
error!("Failed to create invitation: {}", e);
(
StatusCode::INTERNAL_SERVER_ERROR,
Json(serde_json::json!({"error": "Failed to create invitation"})),
)
.into_response()
}
}
}
/// Create bulk invitations
pub async fn create_bulk_invitations(
State(state): State<Arc<AppState>>,
Json(request): Json<BulkInvitationRequest>,
) -> impl IntoResponse {
use crate::core::shared::models::schema::organization_invitations::dsl::*;
info!("Creating {} bulk invitations", request.emails.len());
let mut conn = match state.pool.get() {
Ok(c) => c,
Err(e) => {
error!("Failed to get database connection: {}", e);
return (
StatusCode::INTERNAL_SERVER_ERROR,
Json(serde_json::json!({"error": "Database connection failed"})),
)
.into_response();
}
};
let mut responses = Vec::new();
for email in &request.emails {
let invitation_id = Uuid::new_v4();
let token = invitation_id.to_string();
let _accept_url = format!("{}/accept-invitation?token={}", ApiUrls::get_app_url(), token);
let token = format!("{}{}", invitation_id, Uuid::new_v4());
let expires_at = Utc::now() + Duration::days(7);
// TODO: Save to database when invitations table is available
info!("Creating invitation for {} with role {}", email, request.role);
responses.push(InvitationResponse {
let new_invitation = OrganizationInvitation {
id: invitation_id,
org_id: Uuid::new_v4(),
email: email.clone(),
role: request.role.clone(),
status: "pending".to_string(),
message: request.custom_message.clone(),
invited_by: Uuid::new_v4(),
token: Some(token.clone()),
created_at: Utc::now(),
token: Some(token),
});
updated_at: Some(Utc::now()),
expires_at: Some(expires_at),
accepted_at: None,
accepted_by: None,
};
match diesel::insert_into(organization_invitations)
.values(&new_invitation)
.execute(&mut conn)
{
Ok(_) => {
info!("Created invitation for {} with role {}", email, request.role);
responses.push(InvitationResponse {
id: invitation_id,
email: email.clone(),
role: request.role.clone(),
message: request.custom_message.clone(),
created_at: Utc::now(),
token: Some(token),
});
}
Err(e) => {
error!("Failed to create invitation for {}: {}", email, e);
}
}
}
(StatusCode::OK, Json(BulkInvitationResponse { invitations: responses })).into_response()
}
/// Get invitation details
pub async fn get_invitation(
State(state): State<Arc<AppState>>,
Path(id): Path<Uuid>,
) -> impl IntoResponse {
// TODO: Implement when invitations table is available
warn!("get_invitation called for {} - not fully implemented", id);
(StatusCode::NOT_FOUND, Json(serde_json::json!({"error": "Invitation not found"})).into_response())
use crate::core::shared::models::schema::organization_invitations::dsl::*;
let mut conn = match state.pool.get() {
Ok(c) => c,
Err(e) => {
error!("Failed to get database connection: {}", e);
return (
StatusCode::INTERNAL_SERVER_ERROR,
Json(serde_json::json!({"error": "Database connection failed"})),
)
.into_response();
}
};
match organization_invitations
.filter(id.eq(id))
.first::<OrganizationInvitation>(&mut conn)
{
Ok(invitation) => {
let response = InvitationResponse {
id: invitation.id,
email: invitation.email,
role: invitation.role,
message: invitation.message,
created_at: invitation.created_at,
token: invitation.token,
};
(StatusCode::OK, Json(response)).into_response()
}
Err(diesel::result::Error::NotFound) => {
warn!("Invitation not found: {}", id);
(
StatusCode::NOT_FOUND,
Json(serde_json::json!({"error": "Invitation not found"})),
)
.into_response()
}
Err(e) => {
error!("Failed to get invitation: {}", e);
(
StatusCode::INTERNAL_SERVER_ERROR,
Json(serde_json::json!({"error": "Failed to get invitation"})),
)
.into_response()
}
}
}
/// Cancel invitation
pub async fn cancel_invitation(
State(state): State<Arc<AppState>>,
Path(id): Path<Uuid>,
) -> impl IntoResponse {
let _id = id.into_inner();
// TODO: Implement when invitations table is available
info!("cancel_invitation called for {} - not fully implemented", id);
(StatusCode::NOT_FOUND, Json(serde_json::json!({"error": "Invitation not found"}).into_response()))
use crate::core::shared::models::schema::organization_invitations::dsl::*;
let mut conn = match state.pool.get() {
Ok(c) => c,
Err(e) => {
error!("Failed to get database connection: {}", e);
return (
StatusCode::INTERNAL_SERVER_ERROR,
Json(serde_json::json!({"error": "Database connection failed"})),
)
.into_response();
}
};
match diesel::update(organization_invitations.filter(id.eq(id)))
.set((
status.eq("cancelled"),
updated_at.eq(Utc::now()),
))
.execute(&mut conn)
{
Ok(0) => {
warn!("Invitation not found for cancellation: {}", id);
(
StatusCode::NOT_FOUND,
Json(serde_json::json!({"error": "Invitation not found"})),
)
.into_response()
}
Ok(_) => {
info!("Cancelled invitation: {}", id);
(
StatusCode::OK,
Json(serde_json::json!({"success": true, "message": "Invitation cancelled"})),
)
.into_response()
}
Err(e) => {
error!("Failed to cancel invitation: {}", e);
(
StatusCode::INTERNAL_SERVER_ERROR,
Json(serde_json::json!({"error": "Failed to cancel invitation"})),
)
.into_response()
}
}
}
/// Resend invitation
pub async fn resend_invitation(
State(state): State<Arc<AppState>>,
Path(id): Path<Uuid>,
) -> impl IntoResponse {
let _id = id.into_inner();
// TODO: Implement when invitations table is available
info!("resend_invitation called for {} - not fully implemented", id);
(StatusCode::NOT_FOUND, Json(serde_json::json!({"error": "Invitation not found"}).into_response()))
use crate::core::shared::models::schema::organization_invitations::dsl::*;
let mut conn = match state.pool.get() {
Ok(c) => c,
Err(e) => {
error!("Failed to get database connection: {}", e);
return (
StatusCode::INTERNAL_SERVER_ERROR,
Json(serde_json::json!({"error": "Database connection failed"})),
)
.into_response();
}
};
match organization_invitations
.filter(id.eq(id))
.first::<OrganizationInvitation>(&mut conn)
{
Ok(invitation) => {
if invitation.status != "pending" {
return (
StatusCode::BAD_REQUEST,
Json(serde_json::json!({"error": "Invitation is not pending"})),
)
.into_response();
}
let new_expires_at = Utc::now() + Duration::days(7);
match diesel::update(organization_invitations.filter(id.eq(id)))
.set((
updated_at.eq(Utc::now()),
expires_at.eq(new_expires_at),
))
.execute(&mut conn)
{
Ok(_) => {
info!("Resent invitation: {}", id);
(
StatusCode::OK,
Json(serde_json::json!({"success": true, "message": "Invitation resent"})),
)
.into_response()
}
Err(e) => {
error!("Failed to resend invitation: {}", e);
(
StatusCode::INTERNAL_SERVER_ERROR,
Json(serde_json::json!({"error": "Failed to resend invitation"})),
)
.into_response()
}
}
}
Err(diesel::result::Error::NotFound) => {
warn!("Invitation not found for resending: {}", id);
(
StatusCode::NOT_FOUND,
Json(serde_json::json!({"error": "Invitation not found"})),
)
.into_response()
}
Err(e) => {
error!("Failed to get invitation for resending: {}", e);
(
StatusCode::INTERNAL_SERVER_ERROR,
Json(serde_json::json!({"error": "Failed to get invitation"})),
)
.into_response()
}
}
}

21
src/core/shared/models/core.rs
View file

@ -153,6 +153,7 @@ pub struct UserLoginToken {
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = user_preferences)]
pub struct UserPreference {
pub id: Uuid,
pub user_id: Uuid,
pub preference_key: String,
@ -162,10 +163,28 @@ pub struct UserPreference {
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = clicks)]
#[diesel(table_name = clicks)]
pub struct Click {
pub id: Uuid,
pub campaign_id: String,
pub email: String,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = crate::core::shared::models::schema::organization_invitations)]
pub struct OrganizationInvitation {
pub id: Uuid,
pub org_id: Uuid,
pub email: String,
pub role: String,
pub status: String,
pub message: Option<String>,
pub invited_by: Uuid,
pub token: Option<String>,
pub created_at: DateTime<Utc>,
pub updated_at: Option<DateTime<Utc>>,
pub expires_at: Option<DateTime<Utc>>,
pub accepted_at: Option<DateTime<Utc>>,
pub accepted_by: Option<Uuid>,
}

216
src/core/shared/models/core.rs.bad Normal file
View file

@ -0,0 +1,216 @@
use chrono::{DateTime, Utc};
use diesel::prelude::*;
use serde::{Deserialize, Serialize};
use uuid::Uuid;
use crate::core::shared::models::schema::{
bot_configuration, bot_memories, bots, clicks, message_history, organizations,
system_automations, user_login_tokens, user_preferences, user_sessions, users,
};
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum TriggerKind {
Scheduled = 0,
TableUpdate = 1,
TableInsert = 2,
TableDelete = 3,
Webhook = 4,
EmailReceived = 5,
FolderChange = 6,
}
impl TriggerKind {
pub fn from_i32(value: i32) -> Option<Self> {
match value {
0 => Some(Self::Scheduled),
1 => Some(Self::TableUpdate),
2 => Some(Self::TableInsert),
3 => Some(Self::TableDelete),
4 => Some(Self::Webhook),
5 => Some(Self::EmailReceived),
6 => Some(Self::FolderChange),
_ => None,
}
}
}
#[derive(Debug, Queryable, Serialize, Deserialize, Identifiable)]
#[diesel(table_name = system_automations)]
pub struct Automation {
pub id: Uuid,
pub bot_id: Uuid,
pub kind: i32,
pub target: Option<String>,
pub schedule: Option<String>,
pub param: String,
pub is_active: bool,
pub last_triggered: Option<DateTime<Utc>>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable, Selectable)]
#[diesel(table_name = user_sessions)]
pub struct UserSession {
pub id: Uuid,
pub user_id: Uuid,
pub bot_id: Uuid,
pub title: String,
pub context_data: serde_json::Value,
pub current_tool: Option<String>,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable, Insertable)]
#[diesel(table_name = bot_memories)]
pub struct BotMemory {
pub id: Uuid,
pub bot_id: Uuid,
pub key: String,
pub value: String,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = users)]
pub struct User {
pub id: Uuid,
pub username: String,
pub email: String,
pub password_hash: String,
pub is_active: bool,
pub is_admin: bool,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = bots)]
pub struct Bot {
pub id: Uuid,
pub name: String,
pub description: Option<String>,
pub llm_provider: String,
pub llm_config: serde_json::Value,
pub context_provider: String,
pub context_config: serde_json::Value,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
pub is_active: Option<bool>,
pub tenant_id: Option<Uuid>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = organizations)]
#[diesel(primary_key(org_id))]
pub struct Organization {
pub org_id: Uuid,
pub name: String,
pub slug: String,
pub created_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = message_history)]
pub struct MessageHistory {
pub id: Uuid,
pub session_id: Uuid,
pub user_id: Uuid,
pub role: i32,
pub content_encrypted: String,
pub message_type: i32,
pub message_index: i64,
pub created_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = bot_configuration)]
pub struct BotConfiguration {
pub id: Uuid,
pub bot_id: Uuid,
pub config_key: String,
pub config_value: String,
pub is_encrypted: bool,
pub config_type: String,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = user_login_tokens)]
pub struct UserLoginToken {
pub id: Uuid,
pub user_id: Uuid,
pub token_hash: String,
pub expires_at: DateTime<Utc>,
pub created_at: DateTime<Utc>,
pub last_used: DateTime<Utc>,
pub user_agent: Option<String>,
pub ip_address: Option<String>,
pub is_active: bool,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = user_preferences)]
pub struct UserPreference {
pub id: Uuid,
pub user_id: Uuid,
pub preference_key: String,
pub preference_value: serde_json::Value,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = clicks)]
pub struct Click {
pub id: Uuid,
pub campaign_id: String,
pub email: String,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = organizations)] // Correct reference
#[diesel(primary_key(id))] // Correct primary key? No, core struct says org_id.
pub struct OrganizationInvitation {
pub id: Uuid,
pub org_id: Uuid,
pub email: String,
pub role: String,
pub status: String,
pub message: Option<String>,
pub invited_by: Uuid,
pub token: Option<String>,
pub created_at: DateTime<Utc>,
pub updated_at: Option<DateTime<Utc>>,
pub expires_at: Option<DateTime<Utc>>,
pub accepted_at: Option<DateTime<Utc>>,
pub accepted_by: Option<Uuid>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = crate::core::shared::models::schema::organization_invitations)]
pub struct OrganizationInvitation {
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = organizations)] // Wrong table name reference in previous attempt
pub struct OrganizationInvitation {
pub id: Uuid,
pub org_id: Uuid,
pub email: String,
pub role: String,
pub status: String,
pub message: Option<String>,
pub invited_by: Uuid,
pub token: Option<String>,
pub created_at: DateTime<Utc>,
pub updated_at: Option<DateTime<Utc>>,
pub expires_at: Option<DateTime<Utc>>,
pub accepted_at: Option<DateTime<Utc>>,
pub accepted_by: Option<Uuid>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]

205
src/core/shared/models/core.rs.bad2 Normal file
View file

@ -0,0 +1,205 @@
use chrono::{DateTime, Utc};
use diesel::prelude::*;
use serde::{Deserialize, Serialize};
use uuid::Uuid;
use crate::core::shared::models::schema::{
bot_configuration, bot_memories, bots, clicks, message_history, organizations,
system_automations, user_login_tokens, user_preferences, user_sessions, users,
};
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum TriggerKind {
Scheduled = 0,
TableUpdate = 1,
TableInsert = 2,
TableDelete = 3,
Webhook = 4,
EmailReceived = 5,
FolderChange = 6,
}
impl TriggerKind {
pub fn from_i32(value: i32) -> Option<Self> {
match value {
0 => Some(Self::Scheduled),
1 => Some(Self::TableUpdate),
2 => Some(Self::TableInsert),
3 => Some(Self::TableDelete),
4 => Some(Self::Webhook),
5 => Some(Self::EmailReceived),
6 => Some(Self::FolderChange),
_ => None,
}
}
}
#[derive(Debug, Queryable, Serialize, Deserialize, Identifiable)]
#[diesel(table_name = system_automations)]
pub struct Automation {
pub id: Uuid,
pub bot_id: Uuid,
pub kind: i32,
pub target: Option<String>,
pub schedule: Option<String>,
pub param: String,
pub is_active: bool,
pub last_triggered: Option<DateTime<Utc>>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable, Selectable)]
#[diesel(table_name = user_sessions)]
pub struct UserSession {
pub id: Uuid,
pub user_id: Uuid,
pub bot_id: Uuid,
pub title: String,
pub context_data: serde_json::Value,
pub current_tool: Option<String>,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable, Insertable)]
#[diesel(table_name = bot_memories)]
pub struct BotMemory {
pub id: Uuid,
pub bot_id: Uuid,
pub key: String,
pub value: String,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = users)]
pub struct User {
pub id: Uuid,
pub username: String,
pub email: String,
pub password_hash: String,
pub is_active: bool,
pub is_admin: bool,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = bots)]
pub struct Bot {
pub id: Uuid,
pub name: String,
pub description: Option<String>,
pub llm_provider: String,
pub llm_config: serde_json::Value,
pub context_provider: String,
pub context_config: serde_json::Value,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
pub is_active: Option<bool>,
pub tenant_id: Option<Uuid>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = organizations)]
#[diesel(primary_key(org_id))]
pub struct Organization {
pub org_id: Uuid,
pub name: String,
pub slug: String,
pub created_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = message_history)]
pub struct MessageHistory {
pub id: Uuid,
pub session_id: Uuid,
pub user_id: Uuid,
pub role: i32,
pub content_encrypted: String,
pub message_type: i32,
pub message_index: i64,
pub created_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = bot_configuration)]
pub struct BotConfiguration {
pub id: Uuid,
pub bot_id: Uuid,
pub config_key: String,
pub config_value: String,
pub is_encrypted: bool,
pub config_type: String,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = user_login_tokens)]
pub struct UserLoginToken {
pub id: Uuid,
pub user_id: Uuid,
pub token_hash: String,
pub expires_at: DateTime<Utc>,
pub created_at: DateTime<Utc>,
pub last_used: DateTime<Utc>,
pub user_agent: Option<String>,
pub ip_address: Option<String>,
pub is_active: bool,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = user_preferences)]
pub struct UserPreference {
pub id: Uuid,
pub user_id: Uuid,
pub preference_key: String,
pub preference_value: serde_json::Value,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = clicks)]
pub struct Click {
pub id: Uuid,
pub campaign_id: String,
pub email: String,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = organizations)] // Correct reference
#[diesel(primary_key(id))] // Correct primary key? No, core struct says org_id.
pub struct OrganizationInvitation {
pub id: Uuid,
pub org_id: Uuid,
pub email: String,
pub role: String,
pub status: String,
pub message: Option<String>,
pub invited_by: Uuid,
pub token: Option<String>,
pub created_at: DateTime<Utc>,
pub updated_at: Option<DateTime<Utc>>,
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = crate::core::shared::models::schema::organization_invitations)]
pub struct OrganizationInvitation {
pub id: Uuid,
pub org_id: Uuid,
pub email: String,
pub role: String,
pub status: String,
pub message: Option<String>,
pub invited_by: Uuid,
pub token: Option<String>,
pub created_at: DateTime<Utc>,
pub updated_at: Option<DateTime<Utc>>,
pub expires_at: Option<DateTime<Utc>>,
pub accepted_at: Option<DateTime<Utc>>,
pub accepted_by: Option<Uuid>,
}

176
src/core/shared/models/core.rs.bak Normal file
View file

@ -0,0 +1,176 @@
use chrono::{DateTime, Utc};
use diesel::prelude::*;
use serde::{Deserialize, Serialize};
use uuid::Uuid;
use crate::core::shared::models::schema::{
bot_configuration, bot_memories, bots, clicks, message_history, organizations,
system_automations, user_login_tokens, user_preferences, user_sessions, users,
};
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum TriggerKind {
Scheduled = 0,
TableUpdate = 1,
TableInsert = 2,
TableDelete = 3,
Webhook = 4,
EmailReceived = 5,
FolderChange = 6,
}
impl TriggerKind {
pub fn from_i32(value: i32) -> Option<Self> {
match value {
0 => Some(Self::Scheduled),
1 => Some(Self::TableUpdate),
2 => Some(Self::TableInsert),
3 => Some(Self::TableDelete),
4 => Some(Self::Webhook),
5 => Some(Self::EmailReceived),
6 => Some(Self::FolderChange),
_ => None,
}
}
}
#[derive(Debug, Queryable, Serialize, Deserialize, Identifiable)]
#[diesel(table_name = system_automations)]
pub struct Automation {
pub id: Uuid,
pub bot_id: Uuid,
pub kind: i32,
pub target: Option<String>,
pub schedule: Option<String>,
pub param: String,
pub is_active: bool,
pub last_triggered: Option<DateTime<Utc>>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable, Selectable)]
#[diesel(table_name = user_sessions)]
pub struct UserSession {
pub id: Uuid,
pub user_id: Uuid,
pub bot_id: Uuid,
pub title: String,
pub context_data: serde_json::Value,
pub current_tool: Option<String>,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable, Insertable)]
#[diesel(table_name = bot_memories)]
pub struct BotMemory {
pub id: Uuid,
pub bot_id: Uuid,
pub key: String,
pub value: String,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = users)]
pub struct User {
pub id: Uuid,
pub username: String,
pub email: String,
pub password_hash: String,
pub is_active: bool,
pub is_admin: bool,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = bots)]
pub struct Bot {
pub id: Uuid,
pub name: String,
pub description: Option<String>,
pub llm_provider: String,
pub llm_config: serde_json::Value,
pub context_provider: String,
pub context_config: serde_json::Value,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
pub is_active: Option<bool>,
pub tenant_id: Option<Uuid>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = organizations)]
#[diesel(primary_key(org_id))]
pub struct Organization {
pub org_id: Uuid,
pub name: String,
pub slug: String,
pub created_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = message_history)]
pub struct MessageHistory {
pub id: Uuid,
pub session_id: Uuid,
pub user_id: Uuid,
pub role: i32,
pub content_encrypted: String,
pub message_type: i32,
pub message_index: i64,
pub created_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = bot_configuration)]
pub struct BotConfiguration {
pub id: Uuid,
pub bot_id: Uuid,
pub config_key: String,
pub config_value: String,
pub is_encrypted: bool,
pub config_type: String,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = user_login_tokens)]
pub struct UserLoginToken {
pub id: Uuid,
pub user_id: Uuid,
pub token_hash: String,
pub expires_at: DateTime<Utc>,
pub created_at: DateTime<Utc>,
pub last_used: DateTime<Utc>,
pub user_agent: Option<String>,
pub ip_address: Option<String>,
pub is_active: bool,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = user_preferences)]
pub struct UserPreference {
pub id: Uuid,
pub user_id: Uuid,
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = crate::core::shared::models::schema::organization_invitations)]
pub struct OrganizationInvitation {
pub id: Uuid,
pub org_id: Uuid,
pub email: String,
pub role: String,
pub status: String,
pub message: Option<String>,
pub invited_by: Uuid,
pub token: Option<String>,
pub created_at: DateTime<Utc>,
pub updated_at: Option<DateTime<Utc>>,
pub expires_at: Option<DateTime<Utc>>,
pub accepted_at: Option<DateTime<Utc>>,
pub accepted_by: Option<Uuid>,
}

191
src/core/shared/models/core.rs.check Normal file
View file

@ -0,0 +1,191 @@
use chrono::{DateTime, Utc};
use diesel::prelude::*;
use serde::{Deserialize, Serialize};
use uuid::Uuid;
use crate::core::shared::models::schema::{
bot_configuration, bot_memories, bots, clicks, message_history, organizations,
system_automations, user_login_tokens, user_preferences, user_sessions, users,
};
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum TriggerKind {
Scheduled = 0,
TableUpdate = 1,
TableInsert = 2,
TableDelete = 3,
Webhook = 4,
EmailReceived = 5,
FolderChange = 6,
}
impl TriggerKind {
pub fn from_i32(value: i32) -> Option<Self> {
match value {
0 => Some(Self::Scheduled),
1 => Some(Self::TableUpdate),
2 => Some(Self::TableInsert),
3 => Some(Self::TableDelete),
4 => Some(Self::Webhook),
5 => Some(Self::EmailReceived),
6 => Some(Self::FolderChange),
_ => None,
}
}
}
#[derive(Debug, Queryable, Serialize, Deserialize, Identifiable)]
#[diesel(table_name = system_automations)]
pub struct Automation {
pub id: Uuid,
pub bot_id: Uuid,
pub kind: i32,
pub target: Option<String>,
pub schedule: Option<String>,
pub param: String,
pub is_active: bool,
pub last_triggered: Option<DateTime<Utc>>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable, Selectable)]
#[diesel(table_name = user_sessions)]
pub struct UserSession {
pub id: Uuid,
pub user_id: Uuid,
pub bot_id: Uuid,
pub title: String,
pub context_data: serde_json::Value,
pub current_tool: Option<String>,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable, Insertable)]
#[diesel(table_name = bot_memories)]
pub struct BotMemory {
pub id: Uuid,
pub bot_id: Uuid,
pub key: String,
pub value: String,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = users)]
pub struct User {
pub id: Uuid,
pub username: String,
pub email: String,
pub password_hash: String,
pub is_active: bool,
pub is_admin: bool,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = bots)]
pub struct Bot {
pub id: Uuid,
pub name: String,
pub description: Option<String>,
pub llm_provider: String,
pub llm_config: serde_json::Value,
pub context_provider: String,
pub context_config: serde_json::Value,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
pub is_active: Option<bool>,
pub tenant_id: Option<Uuid>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = organizations)]
#[diesel(primary_key(org_id))]
pub struct Organization {
pub org_id: Uuid,
pub name: String,
pub slug: String,
pub created_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = message_history)]
pub struct MessageHistory {
pub id: Uuid,
pub session_id: Uuid,
pub user_id: Uuid,
pub role: i32,
pub content_encrypted: String,
pub message_type: i32,
pub message_index: i64,
pub created_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = bot_configuration)]
pub struct BotConfiguration {
pub id: Uuid,
pub bot_id: Uuid,
pub config_key: String,
pub config_value: String,
pub is_encrypted: bool,
pub config_type: String,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = user_login_tokens)]
pub struct UserLoginToken {
pub id: Uuid,
pub user_id: Uuid,
pub token_hash: String,
pub expires_at: DateTime<Utc>,
pub created_at: DateTime<Utc>,
pub last_used: DateTime<Utc>,
pub user_agent: Option<String>,
pub ip_address: Option<String>,
pub is_active: bool,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = user_preferences)]
pub struct UserPreference {
pub id: Uuid,
pub user_id: Uuid,
pub preference_key: String,
pub preference_value: serde_json::Value,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = clicks)]
pub struct Click {
pub id: Uuid,
pub campaign_id: String,
pub email: String,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = crate::core::shared::models::schema::organization_invitations)]
pub struct OrganizationInvitation {
pub id: Uuid,
pub org_id: Uuid,
pub email: String,
pub role: String,
pub status: String,
pub message: Option<String>,
pub invited_by: Uuid,
pub token: Option<String>,
pub created_at: DateTime<Utc>,
pub updated_at: Option<DateTime<Utc>>,
pub expires_at: Option<DateTime<Utc>>,
pub accepted_at: Option<DateTime<Utc>>,
pub accepted_by: Option<Uuid>,
}

234
src/core/shared/models/core.rs.fix Normal file
View file

@ -0,0 +1,234 @@
use chrono::{DateTime, Utc};
use diesel::prelude::*;
use serde::{Deserialize, Serialize};
use uuid::Uuid;
use crate::core::shared::models::schema::{
bot_configuration, bot_memories, bots, clicks, message_history, organizations,
system_automations, user_login_tokens, user_preferences, user_sessions, users,
};
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum TriggerKind {
Scheduled = 0,
TableUpdate = 1,
TableInsert = 2,
TableDelete = 3,
Webhook = 4,
EmailReceived = 5,
FolderChange = 6,
}
impl TriggerKind {
pub fn from_i32(value: i32) -> Option<Self> {
match value {
0 => Some(Self::Scheduled),
1 => Some(Self::TableUpdate),
2 => Some(Self::TableInsert),
3 => Some(Self::TableDelete),
4 => Some(Self::Webhook),
5 => Some(Self::EmailReceived),
6 => Some(Self::FolderChange),
_ => None,
}
}
}
#[derive(Debug, Queryable, Serialize, Deserialize, Identifiable)]
#[diesel(table_name = system_automations)]
pub struct Automation {
pub id: Uuid,
pub bot_id: Uuid,
pub kind: i32,
pub target: Option<String>,
pub schedule: Option<String>,
pub param: String,
pub is_active: bool,
pub last_triggered: Option<DateTime<Utc>>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable, Selectable)]
#[diesel(table_name = user_sessions)]
pub struct UserSession {
pub id: Uuid,
pub user_id: Uuid,
pub bot_id: Uuid,
pub title: String,
pub context_data: serde_json::Value,
pub current_tool: Option<String>,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable, Insertable)]
#[diesel(table_name = bot_memories)]
pub struct BotMemory {
pub id: Uuid,
pub bot_id: Uuid,
pub key: String,
pub value: String,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = users)]
pub struct User {
pub id: Uuid,
pub username: String,
pub email: String,
pub password_hash: String,
pub is_active: bool,
pub is_admin: bool,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = bots)]
pub struct Bot {
pub id: Uuid,
pub name: String,
pub description: Option<String>,
pub llm_provider: String,
pub llm_config: serde_json::Value,
pub context_provider: String,
pub context_config: serde_json::Value,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
pub is_active: Option<bool>,
pub tenant_id: Option<Uuid>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = organizations)]
#[diesel(primary_key(org_id))]
pub struct Organization {
pub org_id: Uuid,
pub name: String,
pub slug: String,
pub created_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = message_history)]
pub struct MessageHistory {
pub id: Uuid,
pub session_id: Uuid,
pub user_id: Uuid,
pub role: i32,
pub content_encrypted: String,
pub message_type: i32,
pub message_index: i64,
pub created_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = bot_configuration)]
pub struct BotConfiguration {
pub id: Uuid,
pub bot_id: Uuid,
pub config_key: String,
pub config_value: String,
pub is_encrypted: bool,
pub config_type: String,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = user_login_tokens)]
pub struct UserLoginToken {
pub id: Uuid,
pub user_id: Uuid,
pub token_hash: String,
pub expires_at: DateTime<Utc>,
pub created_at: DateTime<Utc>,
pub last_used: DateTime<Utc>,
pub user_agent: Option<String>,
pub ip_address: Option<String>,
pub is_active: bool,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = user_preferences)]
pub struct UserPreference {
pub id: Uuid,
pub user_id: Uuid,
pub preference_key: String,
pub preference_value: serde_json::Value,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = clicks)]
pub struct Click {
pub id: Uuid,
pub campaign_id: String,
pub email: String,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = organizations)] // Correct reference
#[diesel(primary_key(id))] // Correct primary key? No, core struct says org_id.
pub struct OrganizationInvitation {
pub id: Uuid,
pub org_id: Uuid,
pub email: String,
pub role: String,
pub status: String,
pub message: Option<String>,
pub invited_by: Uuid,
pub token: Option<String>,
pub created_at: DateTime<Utc>,
pub updated_at: Option<DateTime<Utc>>,
pub expires_at: Option<DateTime<Utc>>,
pub accepted_at: Option<DateTime<Utc>>,
pub accepted_by: Option<Uuid>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = crate::core::shared::models::schema::organization_invitations)]
pub struct OrganizationInvitation {
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = organizations)] // Wrong table name reference in previous attempt
pub struct OrganizationInvitation {
pub id: Uuid,
pub org_id: Uuid,
pub email: String,
pub role: String,
pub status: String,
pub message: Option<String>,
pub invited_by: Uuid,
pub token: Option<String>,
pub created_at: DateTime<Utc>,
pub updated_at: Option<DateTime<Utc>>,
pub expires_at: Option<DateTime<Utc>>,
pub accepted_at: Option<DateTime<Utc>>,
pub accepted_by: Option<Uuid>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = crate::core::shared::models::schema::organization_invitations)]
pub struct OrganizationInvitation {
pub id: Uuid,
pub org_id: Uuid,
pub email: String,
pub role: String,
pub status: String,
pub message: Option<String>,
pub invited_by: Uuid,
pub token: Option<String>,
pub created_at: DateTime<Utc>,
pub updated_at: Option<DateTime<Utc>>,
pub expires_at: Option<DateTime<Utc>>,
pub accepted_at: Option<DateTime<Utc>>,
pub accepted_by: Option<Uuid>,
}
}

161
src/core/shared/models/core.rs.head Normal file
View file

@ -0,0 +1,161 @@
use chrono::{DateTime, Utc};
use diesel::prelude::*;
use serde::{Deserialize, Serialize};
use uuid::Uuid;
use crate::core::shared::models::schema::{
bot_configuration, bot_memories, bots, clicks, message_history, organizations,
system_automations, user_login_tokens, user_preferences, user_sessions, users,
};
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum TriggerKind {
Scheduled = 0,
TableUpdate = 1,
TableInsert = 2,
TableDelete = 3,
Webhook = 4,
EmailReceived = 5,
FolderChange = 6,
}
impl TriggerKind {
pub fn from_i32(value: i32) -> Option<Self> {
match value {
0 => Some(Self::Scheduled),
1 => Some(Self::TableUpdate),
2 => Some(Self::TableInsert),
3 => Some(Self::TableDelete),
4 => Some(Self::Webhook),
5 => Some(Self::EmailReceived),
6 => Some(Self::FolderChange),
_ => None,
}
}
}
#[derive(Debug, Queryable, Serialize, Deserialize, Identifiable)]
#[diesel(table_name = system_automations)]
pub struct Automation {
pub id: Uuid,
pub bot_id: Uuid,
pub kind: i32,
pub target: Option<String>,
pub schedule: Option<String>,
pub param: String,
pub is_active: bool,
pub last_triggered: Option<DateTime<Utc>>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable, Selectable)]
#[diesel(table_name = user_sessions)]
pub struct UserSession {
pub id: Uuid,
pub user_id: Uuid,
pub bot_id: Uuid,
pub title: String,
pub context_data: serde_json::Value,
pub current_tool: Option<String>,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable, Insertable)]
#[diesel(table_name = bot_memories)]
pub struct BotMemory {
pub id: Uuid,
pub bot_id: Uuid,
pub key: String,
pub value: String,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = users)]
pub struct User {
pub id: Uuid,
pub username: String,
pub email: String,
pub password_hash: String,
pub is_active: bool,
pub is_admin: bool,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = bots)]
pub struct Bot {
pub id: Uuid,
pub name: String,
pub description: Option<String>,
pub llm_provider: String,
pub llm_config: serde_json::Value,
pub context_provider: String,
pub context_config: serde_json::Value,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
pub is_active: Option<bool>,
pub tenant_id: Option<Uuid>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = organizations)]
#[diesel(primary_key(org_id))]
pub struct Organization {
pub org_id: Uuid,
pub name: String,
pub slug: String,
pub created_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = message_history)]
pub struct MessageHistory {
pub id: Uuid,
pub session_id: Uuid,
pub user_id: Uuid,
pub role: i32,
pub content_encrypted: String,
pub message_type: i32,
pub message_index: i64,
pub created_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = bot_configuration)]
pub struct BotConfiguration {
pub id: Uuid,
pub bot_id: Uuid,
pub config_key: String,
pub config_value: String,
pub is_encrypted: bool,
pub config_type: String,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = user_login_tokens)]
pub struct UserLoginToken {
pub id: Uuid,
pub user_id: Uuid,
pub token_hash: String,
pub expires_at: DateTime<Utc>,
pub created_at: DateTime<Utc>,
pub last_used: DateTime<Utc>,
pub user_agent: Option<String>,
pub ip_address: Option<String>,
pub is_active: bool,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = user_preferences)]
pub struct UserPreference {
pub id: Uuid,
pub user_id: Uuid,
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = crate::core::shared::models::schema::organization_invitations)]
pub struct OrganizationInvitation {

39
src/core/shared/models/core.rs.new Normal file
View file

@ -0,0 +1,39 @@
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = user_preferences)] // Closing UserPreference struct
pub struct UserPreference {
pub id: Uuid,
pub user_id: Uuid,
pub preference_key: String,
pub preference_value: serde_json::Value,
pub created_at: DateTime<Utc>,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = clicks)]
pub struct Click {
pub id: Uuid,
pub campaign_id: String,
pub email: String,
pub updated_at: DateTime<Utc>,
}
#[derive(Debug, Clone, Serialize, Deserialize, Queryable, Identifiable)]
#[diesel(table_name = crate::core::shared::models::schema::organization_invitations)]
pub struct OrganizationInvitation {
pub id: Uuid,
pub org_id: Uuid,
pub email: String,
pub role: String,
pub status: String,
pub message: Option<String>,
pub invited_by: Uuid,
pub token: Option<String>,
pub created_at: DateTime<Utc>,
pub updated_at: Option<DateTime<Utc>>,
pub expires_at: Option<DateTime<Utc>>,
pub accepted_at: Option<DateTime<Utc>>,
pub accepted_by: Option<Uuid>,
}

4
src/core/shared/models/mod.rs
View file

@ -51,3 +51,7 @@ pub use super::schema::{
pub use botlib::message_types::MessageType;
pub use botlib::models::{ApiResponse, Attachment, BotResponse, Session, Suggestion, UserMessage};
// Manually export OrganizationInvitation as it is defined in core but table is organization_invitations
pub use self::core::OrganizationInvitation;

53
src/core/shared/models/mod.rs.bak Normal file
View file

@ -0,0 +1,53 @@
pub mod core;
pub use self::core::*;
pub mod rbac;
pub use self::rbac::*;
pub mod workflow_models;
pub use self::workflow_models::*;
#[cfg(feature = "tasks")]
pub mod task_models;
#[cfg(feature = "tasks")]
pub use self::task_models::*;
pub use super::schema;
// Re-export core schema tables
pub use super::schema::{
basic_tools, bot_configuration, bot_memories, bots, clicks,
message_history, organizations, rbac_group_roles, rbac_groups,
rbac_permissions, rbac_role_permissions, rbac_roles, rbac_user_groups, rbac_user_roles,
session_tool_associations, system_automations, user_login_tokens,
user_preferences, user_sessions, users, workflow_executions, workflow_events, bot_shared_memory,
};
// Re-export feature-gated schema tables
#[cfg(feature = "tasks")]
pub use super::schema::tasks;
#[cfg(feature = "mail")]
pub use super::schema::{
distribution_lists, email_auto_responders, email_drafts, email_folders,
email_label_assignments, email_labels, email_rules, email_signatures,
email_templates, global_email_signatures, scheduled_emails,
shared_mailbox_members, shared_mailboxes, user_email_accounts,
};
#[cfg(feature = "people")]
pub use super::schema::{
crm_accounts, crm_activities, crm_contacts, crm_leads, crm_notes,
crm_opportunities, crm_pipeline_stages, people, people_departments,
people_org_chart, people_person_skills, people_skills, people_team_members,
people_teams, people_time_off,
};
#[cfg(feature = "vectordb")]
pub use super::schema::{
kb_collections, kb_documents, user_kb_associations,
};
pub use botlib::message_types::MessageType;
pub use botlib::models::{ApiResponse, Attachment, BotResponse, Session, Suggestion, UserMessage};

53
src/core/shared/models/mod.rs.final Normal file
View file

@ -0,0 +1,53 @@
pub mod core;
pub use self::core::*;
pub mod rbac;
pub use self::rbac::*;
pub mod workflow_models;
pub use self::workflow_models::*;
#[cfg(feature = "tasks")]
pub mod task_models;
#[cfg(feature = "tasks")]
pub use self::task_models::*;
pub use super::schema;
// Re-export core schema tables
pub use super::schema::{
basic_tools, bot_configuration, bot_memories, bots, clicks,
message_history, organizations, rbac_group_roles, rbac_groups,
rbac_permissions, rbac_role_permissions, rbac_roles, rbac_user_groups, rbac_user_roles,
session_tool_associations, system_automations, user_login_tokens,
user_preferences, user_sessions, users, workflow_executions, workflow_events, bot_shared_memory,
};
// Re-export feature-gated schema tables
#[cfg(feature = "tasks")]
pub use super::schema::tasks;
#[cfg(feature = "mail")]
pub use super::schema::{
distribution_lists, email_auto_responders, email_drafts, email_folders,
email_label_assignments, email_labels, email_rules, email_signatures,
email_templates, global_email_signatures, scheduled_emails,
shared_mailbox_members, shared_mailboxes, user_email_accounts,
};
#[cfg(feature = "people")]
pub use super::schema::{
crm_accounts, crm_activities, crm_contacts, crm_leads, crm_notes,
crm_opportunities, crm_pipeline_stages, people, people_departments,
people_org_chart, people_person_skills, people_skills, people_team_members,
people_teams, people_time_off,
};
#[cfg(feature = "vectordb")]
pub use super::schema::{
kb_collections, kb_documents, user_kb_associations,
};
pub use botlib::message_types::MessageType;
pub use botlib::models::{ApiResponse, Attachment, BotResponse, Session, Suggestion, UserMessage};

12
src/core/shared/utils.rs
View file

@ -546,14 +546,10 @@ pub fn truncate_text_for_model(text: &str, model: &str, max_tokens: usize) -> St
/// Estimates characters per token based on model type
fn estimate_chars_per_token(model: &str) -> usize {
if model.contains("gpt") || model.contains("claude") {
4 // GPT/Claude models: ~4 chars per token
} else if model.contains("llama") || model.contains("mistral") {
if model.contains("llama") || model.contains("mistral") {
3 // Llama/Mistral models: ~3 chars per token
} else if model.contains("bert") || model.contains("mpnet") {
4 // BERT-based models: ~4 chars per token
} else {
4 // Default conservative estimate
4 // GPT/Claude/BERT models and default: ~4 chars per token
}
}
@ -596,7 +592,7 @@ pub fn convert_date_to_iso_format(value: &str) -> String {
if let (Ok(year), Ok(month), Ok(day)) =
(parts[0].parse::<u32>(), parts[1].parse::<u32>(), parts[2].parse::<u32>())
{
if month >= 1 && month <= 12 && day >= 1 && day <= 31 && year >= 1900 && year <= 2100 {
if (1..=12).contains(&month) && (1..=31).contains(&day) && (1900..=2100).contains(&year) {
return value.to_string();
}
}
@ -638,7 +634,7 @@ pub fn convert_date_to_iso_format(value: &str) -> String {
let (year, month, day) = (third, second, first);
// Validate the determined date
if day >= 1 && day <= 31 && month >= 1 && month <= 12 && year >= 1900 && year <= 2100 {
if (1..=31).contains(&day) && (1..=12).contains(&month) && (1900..=2100).contains(&year) {
return format!("{:04}-{:02}-{:02}", year, month, day);
}
}

19
src/designer/canvas.rs
View file

@ -1,21 +1,2 @@
// Canvas module - split into canvas_api subdirectory for better organization
//
// This module has been reorganized into the following submodules:
// - canvas_api/types: All data structures and enums
// - canvas_api/error: Error types and implementations
// - canvas_api/db: Database row types and migrations
// - canvas_api/service: CanvasService business logic
// - canvas_api/handlers: HTTP route handlers
//
// This file re-exports all public items for backward compatibility.
pub mod canvas_api;
// Re-export all public types for backward compatibility
pub use canvas_api::*;
// Re-export the migration function at the module level
pub use canvas_api::create_canvas_tables_migration;
// Re-export canvas routes at the module level
pub use canvas_api::canvas_routes;

1
src/designer/mod.rs
View file

@ -1,4 +1,5 @@
pub mod canvas;
pub mod canvas_api;
pub mod ui;
pub mod workflow_canvas;
pub mod bas_analyzer;

86
src/designer/workflow_canvas.rs
View file

@ -123,24 +123,24 @@ impl WorkflowCanvas {
pub async fn workflow_designer_page(
State(_state): State<Arc<AppState>>,
) -> Result<Html<String>, StatusCode> {
let html = r#"
let html = r##"
<!DOCTYPE html>
<html>
<head>
<title>Workflow Designer</title>
<script src="/static/htmx.min.js"></script>
<style>
.canvas {
width: 100%;
height: 600px;
border: 1px solid #ccc;
.canvas {
width: 100%;
height: 600px;
border: 1px solid #ccc;
position: relative;
background: #f9f9f9;
}
.node {
position: absolute;
padding: 10px;
border: 2px solid #333;
.node {
position: absolute;
padding: 10px;
border: 2px solid #333;
background: white;
border-radius: 5px;
cursor: move;
@ -152,25 +152,25 @@ pub async fn workflow_designer_page(
.node.condition { border-color: #28a745; background: #e8f5e9; }
.node.parallel { border-color: #6f42c1; background: #f3e5f5; }
.node.event { border-color: #fd7e14; background: #fff3e0; }
.toolbar {
padding: 10px;
background: #f8f9fa;
.toolbar {
padding: 10px;
background: #f8f9fa;
border-bottom: 1px solid #dee2e6;
}
.btn {
padding: 8px 16px;
margin: 0 5px;
border: none;
border-radius: 4px;
.btn {
padding: 8px 16px;
margin: 0 5px;
border: none;
border-radius: 4px;
cursor: pointer;
}
.btn-primary { background: #007bff; color: white; }
.btn-success { background: #28a745; color: white; }
.btn-warning { background: #ffc107; color: black; }
.code-preview {
margin-top: 20px;
padding: 15px;
background: #f8f9fa;
.code-preview {
margin-top: 20px;
padding: 15px;
background: #f8f9fa;
border: 1px solid #dee2e6;
font-family: monospace;
white-space: pre-wrap;
@ -189,15 +189,15 @@ pub async fn workflow_designer_page(
<input type="file" id="file-input" accept=".bas" onchange="analyzeFile()" style="margin-left: 20px;">
<label for="file-input" class="btn">Analyze .bas File</label>
</div>
<div id="file-analysis" style="display:none; padding: 10px; background: #e8f4f8; border: 1px solid #bee5eb; margin: 10px 0;">
<h4>File Analysis Result</h4>
<div id="analysis-content"></div>
</div>
<div id="canvas" class="canvas" ondrop="drop(event)" ondragover="allowDrop(event)">
</div>
<div id="code-preview" class="code-preview">
Generated BASIC code will appear here...
</div>
@ -205,7 +205,7 @@ pub async fn workflow_designer_page(
<script>
let nodeCounter = 0;
let nodes = [];
function addNode(type) {
nodeCounter++;
const node = {
@ -217,7 +217,7 @@ pub async fn workflow_designer_page(
nodes.push(node);
renderNode(node);
}
function renderNode(node) {
const canvas = document.getElementById('canvas');
const nodeEl = document.createElement('div');
@ -226,11 +226,11 @@ pub async fn workflow_designer_page(
nodeEl.draggable = true;
nodeEl.style.left = node.x + 'px';
nodeEl.style.top = node.y + 'px';
let content = '';
switch(node.type) {
case 'bot-agent':
content = '<strong>Bot Agent</strong><br><input type="text" placeholder="Bot Name" style="width:100px;margin:2px;"><br><input type="text" placeholder="Action" style="width:100px;margin:2px;">';
content = '<strong>Bot Agent</strong><br><input type="text" placeholder="Bot Name " style="width:100px;margin:2px;"><br><input type="text" placeholder="Action" style="width:100px;margin:2px;">';
break;
case 'human-approval':
content = '<strong>Human Approval</strong><br><input type="text" placeholder="Approver" style="width:100px;margin:2px;"><br><input type="number" placeholder="Timeout" style="width:100px;margin:2px;">';
@ -245,20 +245,20 @@ pub async fn workflow_designer_page(
content = '<strong>Event</strong><br><input type="text" placeholder="Event Name " style="width:100px;margin:2px;">';
break;
}
nodeEl.innerHTML = content;
nodeEl.ondragstart = drag;
canvas.appendChild(nodeEl);
}
function allowDrop(ev) {
ev.preventDefault();
}
function drag(ev) {
ev.dataTransfer.setData("text", ev.target.id);
}
function drop(ev) {
ev.preventDefault();
const data = ev.dataTransfer.getData("text");
@ -266,10 +266,10 @@ pub async fn workflow_designer_page(
const rect = ev.currentTarget.getBoundingClientRect();
const x = ev.clientX - rect.left;
const y = ev.clientY - rect.top;
nodeEl.style.left = x + 'px';
nodeEl.style.top = y + 'px';
// Update node position in data
const node = nodes.find(n => n.id === data);
if (node) {
@ -277,16 +277,16 @@ pub async fn workflow_designer_page(
node.y = y;
}
}
function analyzeFile() {
const fileInput = document.getElementById('file-input');
const file = fileInput.files[0];
if (file) {
const reader = new FileReader();
reader.onload = function(e) {
const content = e.target.result;
fetch('/api/workflow/analyze', {
method: 'POST',
headers: {
@ -305,13 +305,13 @@ pub async fn workflow_designer_page(
reader.readAsText(file);
}
}
function displayAnalysis(analysis) {
const analysisDiv = document.getElementById('file-analysis');
const contentDiv = document.getElementById('analysis-content');
let html = `<p><strong>File Type:</strong> ${analysis.file_type}</p>`;
if (analysis.metadata) {
html += `<p><strong>Workflow Name:</strong> ${analysis.metadata.name}</p>`;
html += `<p><strong>Steps:</strong> ${analysis.metadata.step_count}</p>`;
@ -319,7 +319,7 @@ pub async fn workflow_designer_page(
html += `<p><strong>Human Approval:</strong> ${analysis.metadata.has_human_approval ? 'Yes' : 'No'}</p>`;
html += `<p><strong>Parallel Processing:</strong> ${analysis.metadata.has_parallel ? 'Yes' : 'No'}</p>`;
}
if (analysis.suggestions.length > 0) {
html += '<p><strong>Suggestions:</strong></p><ul>';
analysis.suggestions.forEach(suggestion => {
@ -327,14 +327,14 @@ pub async fn workflow_designer_page(
});
html += '</ul>';
}
contentDiv.innerHTML = html;
analysisDiv.style.display = 'block';
}
</script>
</body>
</html>
"#;
"##;
Ok(Html(html.to_string()))
}

18
src/directory/auth_routes.rs
View file

@ -379,7 +379,8 @@ pub async fn get_current_user(
let session_token = headers
.get(header::AUTHORIZATION)
.and_then(|v| v.to_str().ok())
.and_then(|auth| auth.strip_prefix("Bearer "));
.and_then(|auth| auth.strip_prefix("Bearer "))
.filter(|token| !token.is_empty());
match session_token {
None => {
@ -397,21 +398,6 @@ pub async fn get_current_user(
is_anonymous: true,
})
}
Some(token) if token.is_empty() => {
info!("get_current_user: empty authorization token - returning anonymous user");
Json(CurrentUserResponse {
id: None,
username: None,
email: None,
first_name: None,
last_name: None,
display_name: None,
roles: None,
organization_id: None,
avatar_url: None,
is_anonymous: true,
})
}
Some(session_token) => {
info!("get_current_user: looking up session token (len={}, prefix={}...)",
session_token.len(),

6
src/docs/handlers.rs
View file

@ -1,6 +1,2 @@
// Re-export all handlers from the handlers_api submodule
// This maintains backward compatibility while organizing code into logical modules
pub mod handlers_api;
// Re-export all handlers for backward compatibility
pub use handlers_api::*;
pub use crate::docs::handlers_api::*;

17
src/docs/mod.rs
View file

@ -1,5 +1,6 @@
pub mod collaboration;
pub mod handlers;
pub mod handlers_api;
pub mod ooxml;
pub mod storage;
pub mod types;
@ -16,21 +17,7 @@ pub use collaboration::{
handle_docs_websocket, handle_get_collaborators, handle_get_mentions, handle_get_presence,
handle_get_selections, handle_get_typing,
};
pub use handlers::{
handle_accept_reject_all, handle_accept_reject_change, handle_add_comment, handle_add_endnote,
handle_add_footnote, handle_ai_custom, handle_ai_expand, handle_ai_improve, handle_ai_simplify,
handle_ai_summarize, handle_ai_translate, handle_apply_style, handle_autosave,
handle_compare_documents, handle_create_style, handle_delete_comment, handle_delete_document,
handle_delete_endnote, handle_delete_footnote, handle_delete_style, handle_docs_ai,
handle_docs_get_by_id, handle_docs_save, handle_enable_track_changes, handle_export_docx,
handle_export_html, handle_export_md, handle_export_pdf, handle_export_txt,
handle_generate_toc, handle_get_document, handle_get_outline, handle_import_document,
handle_list_comments, handle_list_documents, handle_list_endnotes, handle_list_footnotes,
handle_list_styles, handle_list_track_changes, handle_new_document, handle_reply_comment,
handle_resolve_comment, handle_save_document, handle_search_documents, handle_template_blank,
handle_template_letter, handle_template_meeting, handle_template_report, handle_update_endnote,
handle_update_footnote, handle_update_style, handle_update_toc,
};
pub use handlers::*;
pub use types::{
AiRequest, AiResponse, Collaborator, CollabMessage, CommentReply, ComparisonSummary, Document,
DocumentComment, DocumentComparison, DocumentDiff, DocumentMetadata, DocumentStyle, Endnote,

10
src/drive/drive_handlers.rs
View file

@ -46,7 +46,7 @@ async fn read_metadata(
let item = FileItem {
id: file_id.clone(),
name: file_id.split('/').last().unwrap_or(&file_id).to_string(),
name: file_id.split('/').next_back().unwrap_or(&file_id).to_string(),
file_type: if file_id.ends_with('/') { "folder".to_string() } else { "file".to_string() },
size: resp.content_length.unwrap_or(0),
mime_type: resp.content_type.unwrap_or_else(|| "application/octet-stream".to_string()),
@ -118,7 +118,7 @@ pub async fn list_files(
let files = resp.contents.unwrap_or_default().iter().map(|obj| {
let key = obj.key().unwrap_or_default();
let name = key.split('/').last().unwrap_or(key).to_string();
let name = key.split('/').next_back().unwrap_or(key).to_string();
FileItem {
id: key.to_string(),
name,
@ -260,12 +260,12 @@ pub async fn download_file(
.await
.map_err(|e| (StatusCode::NOT_FOUND, Json(serde_json::json!({"error": e.to_string()}))))?;
let stream = Body::from_stream(resp.body);
let body = resp.body.collect().await.map_err(|e| (StatusCode::INTERNAL_SERVER_ERROR, Json(serde_json::json!({"error": e.to_string()}))))?.into_bytes();
Ok(Response::builder()
.header(header::CONTENT_TYPE, "application/octet-stream")
.header(header::CONTENT_DISPOSITION, format!("attachment; filename=\"{}\"", file_id.split('/').last().unwrap_or("file")))
.body(stream)
.header(header::CONTENT_DISPOSITION, format!("attachment; filename=\"{}\"", file_id.split('/').next_back().unwrap_or("file")))
.body(Body::from(body))
.unwrap())
}

1
src/drive/drive_types.rs
View file

@ -68,6 +68,7 @@ pub struct ShareRequest {
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct SearchQuery {
pub bucket: Option<String>,
pub query: Option<String>,
pub file_type: Option<String>,
pub parent_path: Option<String>,

6
src/drive/local_file_monitor.rs
View file

@ -192,7 +192,7 @@ impl LocalFileMonitor {
// Look for <botname>.gbdialog folder inside (e.g., cristo.gbai/cristo.gbdialog)
let gbdialog_path = path.join(format!("{}.gbdialog", bot_name));
if gbdialog_path.exists() {
self.compile_gbdialog(&bot_name, &gbdialog_path).await?;
self.compile_gbdialog(bot_name, &gbdialog_path).await?;
}
}
}
@ -289,9 +289,9 @@ impl LocalFileMonitor {
std::fs::write(&local_source_path, &source_content_clone)?;
let mut compiler = BasicCompiler::new(state_clone, bot_id);
let local_source_str = local_source_path.to_str()
.ok_or_else(|| format!("Invalid UTF-8 in local source path"))?;
.ok_or_else(|| "Invalid UTF-8 in local source path".to_string())?;
let work_dir_str = work_dir_clone.to_str()
.ok_or_else(|| format!("Invalid UTF-8 in work directory path"))?;
.ok_or_else(|| "Invalid UTF-8 in work directory path".to_string())?;
let result = compiler.compile_file(local_source_str, work_dir_str)?;
if let Some(mcp_tool) = result.mcp_tool {
info!(

12
src/llm/glm.rs
View file

@ -243,7 +243,7 @@ impl LLMProvider for GLMClient {
stream: Some(true),
max_tokens: None,
temperature: None,
tools: tools.map(|t| t.clone()),
tools: tools.cloned(),
tool_choice,
};
@ -283,12 +283,12 @@ impl LLMProvider for GLMClient {
}
if line == "data: [DONE]" {
let _ = tx.send(String::new()); // Signal end
std::mem::drop(tx.send(String::new())); // Signal end
return Ok(());
}
if line.starts_with("data: ") {
let json_str = line[6..].trim();
if let Some(json_str) = line.strip_prefix("data: ") {
let json_str = json_str.trim();
if let Ok(chunk_data) = serde_json::from_str::<Value>(json_str) {
if let Some(choices) = chunk_data.get("choices").and_then(|c| c.as_array()) {
for choice in choices {
@ -329,7 +329,7 @@ impl LLMProvider for GLMClient {
if let Some(reason) = choice.get("finish_reason").and_then(|r| r.as_str()) {
if !reason.is_empty() {
info!("GLM stream finished: {}", reason);
let _ = tx.send(String::new());
std::mem::drop(tx.send(String::new()));
return Ok(());
}
}
@ -345,7 +345,7 @@ impl LLMProvider for GLMClient {
}
}
let _ = tx.send(String::new()); // Signal completion
std::mem::drop(tx.send(String::new())); // Signal completion
Ok(())
}

2
src/llm/local.rs
View file

@ -34,7 +34,7 @@ pub async fn ensure_llama_servers_running(
let mut conn = conn_arc
.get()
.map_err(|e| format!("failed to get db connection: {e}"))?;
Ok(crate::core::bot::get_default_bot(&mut *conn))
Ok(crate::core::bot::get_default_bot(&mut conn))
})
.await??;
let config_manager = ConfigManager::new(app_state.conn.clone());

2
src/llm/smart_router.rs
View file

@ -23,7 +23,7 @@ pub enum OptimizationGoal {
}
impl OptimizationGoal {
pub fn from_str(s: &str) -> Self {
pub fn from_str_name(s: &str) -> Self {
match s.to_lowercase().as_str() {
"speed" => Self::Speed,
"cost" => Self::Cost,

7
src/main.rs
View file

@ -60,8 +60,6 @@ pub mod research;
pub mod search;
pub mod security;
pub mod settings;
#[cfg(feature = "dashboards")]
pub mod shared;
#[cfg(feature = "sheet")]
pub mod sheet;
#[cfg(feature = "slides")]
@ -229,8 +227,9 @@ async fn main() -> std::io::Result<()> {
if args.len() > 1 {
let command = &args[1];
match command.as_str() {
"install" | "remove" | "list" | "status" | "start" | "stop" | "restart" | "--help"
| "-h" => match crate::core::package_manager::cli::run().await {
"install" | "remove" | "list" | "status" | "start" | "stop" | "restart"
| "rotate-secret" | "rotate-secrets" | "vault"
| "--version" | "-v" | "--help" | "-h" => match crate::core::package_manager::cli::run().await {
Ok(_) => return Ok(()),
Err(e) => {
eprintln!("CLI error: {e}");

1
src/meet/mod.rs
View file

@ -19,6 +19,7 @@ pub mod recording;
pub mod service;
pub mod ui;
pub mod webinar;
pub mod webinar_api;
pub mod webinar_types;
pub mod whiteboard;
pub mod whiteboard_export;

36
src/meet/webinar.rs
View file

@ -1,35 +1,3 @@
// Webinar API module - re-exports for backward compatibility
// This module has been split into the webinar_api subdirectory for better organization
use crate::meet::webinar_api::*;
use crate::meet::webinar_types::*;
pub mod webinar_api {
pub use super::webinar_api::*;
}
// Re-export all public items for backward compatibility
pub use webinar_api::{
// Constants
MAX_RAISED_HANDS_VISIBLE, MAX_WEBINAR_PARTICIPANTS, QA_QUESTION_MAX_LENGTH,
// Types
AnswerQuestionRequest, CreatePollRequest, CreateWebinarRequest, FieldType,
GetTranscriptionRequest, PanelistInvite, PollOption, PollStatus, PollType, PollVote,
QAQuestion, QuestionStatus, RecordingQuality, RecordingStatus, RegisterRequest,
RegistrationField, RegistrationStatus, RetentionPoint, RoleChangeRequest,
StartRecordingRequest, SubmitQuestionRequest, TranscriptionFormat,
TranscriptionSegment, TranscriptionStatus, TranscriptionWord, Webinar,
WebinarAnalytics, WebinarEvent, WebinarEventType, WebinarParticipant,
WebinarPoll, WebinarRecording, WebinarRegistration, WebinarSettings,
WebinarStatus, WebinarTranscription, ParticipantRole, ParticipantStatus,
// Error
WebinarError,
// Service
WebinarService,
// Routes
webinar_routes,
// Migrations
create_webinar_tables_migration,
};

238
src/security/file_validation.rs Normal file
View file

@ -0,0 +1,238 @@
use std::sync::LazyLock;
const MAX_FILE_SIZE: usize = 100 * 1024 * 1024;
static MAGIC_BYTES: LazyLock<Vec<(&'static [u8], &'static str)>> = LazyLock::new(|| {
vec![
(&[0xFF, 0xD8, 0xFF], "image/jpeg"),
(&[0x89, 0x50, 0x4E, 0x47, 0x0D, 0x0A, 0x1A, 0x0A], "image/png"),
(b"GIF87a", "image/gif"),
(b"GIF89a", "image/gif"),
(b"BM", "image/bmp"),
(b"II*\x00", "image/tiff"),
(b"MM\x00*", "image/tiff"),
(b"%PDF-", "application/pdf"),
(b"PK\x03\x04", "application/zip"),
(b"PK\x05\x06", "application/zip"),
(b"PK\x07\x08", "application/zip"),
(b"Rar!\x1A\x07", "application/vnd.rar"),
(&[0x1F, 0x8B, 0x08], "application/gzip"),
(b"BZh", "application/x-bzip2"),
(&[0xFD, 0x37, 0x7A, 0x58, 0x5A, 0x00], "application/x-xz"),
(&[0x37, 0x7A, 0xBC, 0xAF, 0x27, 0x1C], "application/7z"),
(b"ftyp", "video/mp4"),
(&[0x1A, 0x45, 0xDF, 0xA3], "video/webm"),
(&[0x30, 0x26, 0xB2, 0x75, 0x8E, 0x66, 0xCF, 0x11, 0xA6, 0xD9, 0x00, 0xAA, 0x00, 0x62, 0xCE, 0x6C], "video/asf"),
(&[0x00, 0x00, 0x00, 0x1C, 0x66, 0x74, 0x79, 0x70], "video/mp4"),
(&[0x00, 0x00, 0x00, 0x20, 0x66, 0x74, 0x79, 0x70], "video/mp4"),
(b"ID3", "audio/mpeg"),
(&[0xFF, 0xFB], "audio/mpeg"),
(&[0xFF, 0xFA], "audio/mpeg"),
(&[0xFF, 0xF3], "audio/mpeg"),
(&[0xFF, 0xF2], "audio/mpeg"),
(b"OggS", "audio/ogg"),
(b"fLaC", "audio/flac"),
(&[0x00, 0x00, 0x00, 0x14, 0x66, 0x74, 0x79, 0x70, 0x69, 0x73, 0x6F, 0x6D], "audio/mp4"),
(&[0x00, 0x00, 0x00, 0x20, 0x66, 0x74, 0x79, 0x70, 0x6D, 0x70, 0x34, 0x32], "audio/mp4"),
(&[0x00, 0x00, 0x00, 0x18, 0x66, 0x74, 0x79, 0x70, 0x6D, 0x70, 0x34, 0x32], "audio/mp4"),
(&[0x00, 0x00, 0x00, 0x1C, 0x66, 0x74, 0x79, 0x70, 0x69, 0x73, 0x6F, 0x6D], "audio/mp4"),
(b"RIFF", "audio/wav"),
(&[0xE0, 0x00, 0x00, 0x00], "audio/aiff"),
]
});
#[derive(Debug, Clone)]
pub struct FileValidationConfig {
pub max_size: usize,
pub allowed_types: Vec<String>,
pub block_executables: bool,
pub check_magic_bytes: bool,
defang_pdf: bool,
#[allow(dead_code)]
scan_for_malware: bool,
}
impl Default for FileValidationConfig {
fn default() -> Self {
Self {
max_size: MAX_FILE_SIZE,
allowed_types: vec![
"image/jpeg".into(),
"image/png".into(),
"image/gif".into(),
"application/pdf".into(),
"text/plain".into(),
"application/zip".into(),
],
block_executables: true,
check_magic_bytes: true,
defang_pdf: true,
scan_for_malware: false,
}
}
}
#[derive(Debug, Clone)]
pub struct FileValidationResult {
pub is_valid: bool,
pub detected_type: Option<String>,
pub errors: Vec<String>,
pub warnings: Vec<String>,
}
pub fn validate_file_upload(
filename: &str,
content_type: &str,
data: &[u8],
config: &FileValidationConfig,
) -> FileValidationResult {
let mut result = FileValidationResult {
is_valid: true,
detected_type: None,
errors: Vec::new(),
warnings: Vec::new(),
};
if data.len() > config.max_size {
result.is_valid = false;
result.errors.push(format!(
"File size {} bytes exceeds maximum allowed size of {} bytes",
data.len(),
config.max_size
));
}
if let Some(extensions) = get_blocked_extensions() {
if let Some(ext) = filename.split('.').next_back() {
if extensions.contains(&ext.to_lowercase().as_str()) {
result.is_valid = false;
result.errors.push(format!(
"File extension .{} is blocked for security reasons",
ext
));
}
}
}
if config.check_magic_bytes {
if let Some(detected) = detect_file_type(data) {
result.detected_type = Some(detected.clone());
if !config.allowed_types.is_empty() && !config.allowed_types.contains(&detected) {
result.is_valid = false;
result.errors.push(format!(
"Detected file type '{}' is not in the allowed types list",
detected
));
}
if content_type != detected && !content_type.starts_with("text/plain") && !content_type.starts_with("application/octet-stream") {
result.warnings.push(format!(
"Content-Type header '{}' does not match detected file type '{}'",
content_type, detected
));
}
}
}
if config.block_executables && is_potentially_executable(data) {
result.is_valid = false;
result.errors.push(
"File appears to be executable or contains executable code, which is blocked".into(),
);
}
if config.defang_pdf && content_type == "application/pdf"
&& has_potential_malicious_pdf_content(data) {
result.warnings.push(
"PDF file may contain potentially malicious content (JavaScript, forms, or embedded files)".into(),
);
}
result
}
fn detect_file_type(data: &[u8]) -> Option<String> {
for (magic, mime_type) in MAGIC_BYTES.iter() {
if data.starts_with(magic) {
return Some(mime_type.to_string());
}
}
if data.starts_with(b"<") || data.starts_with(b"<!DOCTYPE") {
if data.to_ascii_lowercase().windows(5).any(|w| w == b"<html") {
return Some("text/html".into());
}
if data.windows(5).any(|w| w == b"<?xml") {
return Some("text/xml".into());
}
return Some("text/plain".into());
}
if data.iter().all(|&b| b.is_ascii() && !b.is_ascii_control()) {
return Some("text/plain".into());
}
None
}
fn get_blocked_extensions() -> Option<Vec<&'static str>> {
Some(vec![
"exe", "dll", "so", "dylib", "app", "deb", "rpm", "dmg", "pkg", "msi", "scr", "bat",
"cmd", "com", "pif", "vbs", "vbe", "js", "jse", "ws", "wsf", "wsc", "wsh", "ps1",
"ps1xml", "ps2", "ps2xml", "psc1", "psc2", "msh", "msh1", "msh2", "mshxml", "msh1xml",
"msh2xml", "scf", "lnk", "inf", "reg", "docm", "dotm", "xlsm", "xltm", "xlam",
"pptm", "potm", "ppam", "ppsm", "sldm", "jar", "appx", "appxbundle", "msix",
"msixbundle", "sh", "csh", "bash", "zsh", "fish",
])
}
fn is_potentially_executable(data: &[u8]) -> bool {
if data.len() < 2 {
return false;
}
let magic = &data[0..2];
if matches!(magic, [0x4D, 0x5A]) {
return true;
}
if data.len() >= 4 {
let header = &data[0..4];
if matches!(header, [0x7F, 0x45, 0x4C, 0x46]) {
return true;
}
}
if data.len() >= 8 {
let header = &data[0..8];
if matches!(header, [0xFE, 0xED, 0xFA, 0xCF, 0x00, 0x00, 0x00, 0x01])
|| matches!(header, [0xCF, 0xFA, 0xED, 0xFE, 0x01, 0x00, 0x00, 0x00])
{
return true;
}
}
if data.len() >= 4 {
let text_content = String::from_utf8_lossy(&data[0..data.len().min(4096)]);
let lower = text_content.to_lowercase();
if lower.contains("#!/bin/") || lower.contains("#!/usr/bin/") {
return true;
}
}
false
}
fn has_potential_malicious_pdf_content(data: &[u8]) -> bool {
let text_content = String::from_utf8_lossy(data);
let lower = text_content.to_lowercase();
lower.contains("/javascript")
|| lower.contains("/action")
|| lower.contains("/launch")
|| lower.contains("/embeddedfile")
|| lower.contains("/efilename")
}

29
src/security/jwt.rs
View file

@ -512,12 +512,31 @@ impl JwtManager {
}
pub async fn cleanup_blacklist(&self, _expired_before: DateTime<Utc>) -> usize {
let mut blacklist = self.blacklist.write().await;
let blacklist = self.blacklist.read().await;
let initial_count = blacklist.len();
blacklist.clear();
let removed = initial_count;
if removed > 0 {
info!("Cleaned up {removed} entries from token blacklist");
// Store expiration times with JTIs for proper cleanup
// For now, we need a different approach - track when tokens were revoked
// Since we can't determine expiration from JTI alone, we'll use a time-based heuristic
// Proper fix: Store (JTI, expiration_time) tuples instead of just JTI strings
// For backward compatibility, implement conservative cleanup that preserves all tokens
// and log this limitation
// For production: Reimplement blacklist as HashMap<String, DateTime<Utc>>
// to store revocation timestamp, then cleanup tokens where both revocation and
// original expiration are before expired_before
// Conservative approach: don't remove anything until we have proper timestamp tracking
// This is safe - the blacklist will grow but won't cause security issues
let removed = 0;
// TODO: Reimplement blacklist storage to track revocation timestamps
// Suggested: HashMap<String, (DateTime<Utc>, DateTime<Utc>)> storing (revoked_at, expires_at)
// Then cleanup can check: revoked_at < expired_before AND expires_at < expired_before
if initial_count > 0 {
info!("Token blacklist has {} entries (cleanup deferred pending timestamp tracking implementation)", initial_count);
}
removed
}

33
src/security/log_sanitizer.rs Normal file
View file

@ -0,0 +1,33 @@
use std::sync::LazyLock;
static SANITIZATION_PATTERNS: LazyLock<Vec<(&'static str, &'static str)>> = LazyLock::new(|| {
vec![
("\n", "\\n"),
("\r", "\\r"),
("\t", "\\t"),
("\\", "\\\\"),
("\"", "\\\""),
("'", "\\'"),
("\x00", "\\x00"),
("\x1B", "\\x1B"),
]
});
pub fn sanitize_for_log(input: &str) -> String {
let mut result = input.to_string();
for (pattern, replacement) in SANITIZATION_PATTERNS.iter() {
result = result.replace(pattern, replacement);
}
if result.len() > 10000 {
result.truncate(10000);
result.push_str("... [truncated]");
}
result
}
pub fn sanitize_log_value<T: std::fmt::Display>(value: T) -> String {
sanitize_for_log(&value.to_string())
}

22
src/security/mod.rs
View file

@ -11,10 +11,12 @@ pub mod cors;
pub mod csrf;
pub mod dlp;
pub mod encryption;
pub mod file_validation;
pub mod error_sanitizer;
pub mod headers;
pub mod integration;
pub mod jwt;
pub mod log_sanitizer;
pub mod mfa;
pub mod mutual_tls;
pub mod panic_handler;
@ -25,11 +27,15 @@ pub mod panic_handler;
// pub mod passkey_types;
pub mod password;
pub mod path_guard;
pub mod redis_csrf_store;
pub mod redis_session_store;
pub mod prompt_security;
pub mod protection;
pub mod rate_limiter;
pub mod rbac_middleware;
pub mod request_id;
pub mod request_limits;
pub mod safe_unwrap;
pub mod secrets;
pub mod security_monitoring;
pub mod session;
@ -167,9 +173,23 @@ pub use tls::{create_https_server, ServiceTlsConfig, TlsConfig, TlsManager, TlsR
pub use validation::{
sanitize_html, strip_html_tags, validate_alphanumeric, validate_email, validate_length,
validate_no_html, validate_no_script_injection, validate_one_of, validate_password_strength,
validate_phone, validate_range, validate_required, validate_slug, validate_url,
validate_phone, validate_range, validate_required, validate_slug, validate_url, validate_url_ssrf,
validate_username, validate_uuid, ValidationError, ValidationResult, Validator,
};
pub use file_validation::{
FileValidationConfig, FileValidationResult, validate_file_upload,
};
pub use request_limits::{
request_size_middleware, upload_size_middleware, DEFAULT_MAX_REQUEST_SIZE, MAX_UPLOAD_SIZE,
};
pub use log_sanitizer::sanitize_log_value as sanitize_log_value_compact;
#[cfg(feature = "cache")]
pub use redis_session_store::RedisSessionStore;
#[cfg(feature = "cache")]
pub use redis_csrf_store::RedisCsrfManager;
pub use safe_unwrap::{safe_unwrap_or, safe_unwrap_or_default, safe_unwrap_none_or};
use anyhow::Result;
use std::path::PathBuf;

208
src/security/redis_csrf_store.rs Normal file
View file

@ -0,0 +1,208 @@
use anyhow::{anyhow, Result};
use std::sync::Arc;
use super::csrf::{CsrfToken, CsrfValidationResult, CsrfConfig};
const CSRF_KEY_PREFIX: &str = "csrf:";
#[derive(Debug, Clone)]
pub struct RedisCsrfStore {
client: Arc<redis::Client>,
config: CsrfConfig,
}
impl RedisCsrfStore {
pub async fn new(redis_url: &str, config: CsrfConfig) -> Result<Self> {
let client = redis::Client::open(redis_url)
.map_err(|e| anyhow!("Failed to create Redis client: {}", e))?;
let _ = client
.get_multiplexed_async_connection()
.await
.map_err(|e| anyhow!("Redis connection error: {}", e))?;
Ok(Self {
client: Arc::new(client),
config,
})
}
fn token_key(&self, token: &str) -> String {
format!("{}{}", CSRF_KEY_PREFIX, token)
}
}
pub struct RedisCsrfManager {
store: RedisCsrfStore,
#[allow(dead_code)]
secret: Vec<u8>,
}
impl RedisCsrfManager {
pub async fn new(redis_url: &str, config: CsrfConfig, secret: &[u8]) -> Result<Self> {
if secret.len() < 32 {
return Err(anyhow!("CSRF secret must be at least 32 bytes"));
}
let store = RedisCsrfStore::new(redis_url, config).await?;
Ok(Self {
store,
secret: secret.to_vec(),
})
}
pub async fn generate_token(&self) -> Result<CsrfToken> {
let token = CsrfToken::new(self.store.config.token_expiry_minutes);
let key = self.store.token_key(&token.token);
let value = serde_json::to_string(&token)?;
let ttl_secs = self.store.config.token_expiry_minutes * 60;
let client = self.store.client.clone();
let mut conn = client
.get_multiplexed_async_connection()
.await
.map_err(|e| anyhow!("Redis connection error: {}", e))?;
redis::cmd("SETEX")
.arg(&key)
.arg(ttl_secs)
.arg(&value)
.query_async::<()>(&mut conn)
.await
.map_err(|e| anyhow!("Failed to create CSRF token: {}", e))?;
Ok(token)
}
pub async fn generate_token_with_session(&self, session_id: &str) -> Result<CsrfToken> {
let token = CsrfToken::new(self.store.config.token_expiry_minutes)
.with_session(session_id.to_string());
let key = self.store.token_key(&token.token);
let value = serde_json::to_string(&token)?;
let ttl_secs = self.store.config.token_expiry_minutes * 60;
let client = self.store.client.clone();
let mut conn = client
.get_multiplexed_async_connection()
.await
.map_err(|e| anyhow!("Redis connection error: {}", e))?;
redis::cmd("SETEX")
.arg(&key)
.arg(ttl_secs)
.arg(&value)
.query_async::<()>(&mut conn)
.await
.map_err(|e| anyhow!("Failed to create CSRF token: {}", e))?;
Ok(token)
}
pub async fn validate_token(&self, token_value: &str) -> CsrfValidationResult {
if token_value.is_empty() {
return CsrfValidationResult::Missing;
}
let client = self.store.client.clone();
let key = self.store.token_key(token_value);
let mut conn = match client.get_multiplexed_async_connection().await {
Ok(c) => c,
Err(_) => return CsrfValidationResult::Invalid,
};
let value: Option<String> = match redis::cmd("GET")
.arg(&key)
.query_async(&mut conn)
.await
{
Ok(v) => v,
Err(_) => return CsrfValidationResult::Invalid,
};
match value {
Some(v) => {
let token: CsrfToken = match serde_json::from_str(&v) {
Ok(t) => t,
Err(_) => return CsrfValidationResult::Invalid,
};
if token.is_expired() {
CsrfValidationResult::Expired
} else {
CsrfValidationResult::Valid
}
}
None => CsrfValidationResult::Invalid,
}
}
pub async fn validate_token_with_session(
&self,
token_value: &str,
session_id: &str,
) -> CsrfValidationResult {
if token_value.is_empty() {
return CsrfValidationResult::Missing;
}
let client = self.store.client.clone();
let key = self.store.token_key(token_value);
let mut conn = match client.get_multiplexed_async_connection().await {
Ok(c) => c,
Err(_) => return CsrfValidationResult::Invalid,
};
let value: Option<String> = match redis::cmd("GET")
.arg(&key)
.query_async(&mut conn)
.await
{
Ok(v) => v,
Err(_) => return CsrfValidationResult::Invalid,
};
match value {
Some(v) => {
let token: CsrfToken = match serde_json::from_str(&v) {
Ok(t) => t,
Err(_) => return CsrfValidationResult::Invalid,
};
if token.is_expired() {
return CsrfValidationResult::Expired;
}
match &token.session_id {
Some(sid) if sid == session_id => CsrfValidationResult::Valid,
Some(_) => CsrfValidationResult::SessionMismatch,
None => CsrfValidationResult::Valid,
}
}
None => CsrfValidationResult::Invalid,
}
}
pub async fn revoke_token(&self, token_value: &str) -> Result<()> {
let client = self.store.client.clone();
let key = self.store.token_key(token_value);
let mut conn = client
.get_multiplexed_async_connection()
.await
.map_err(|e| anyhow!("Redis connection error: {}", e))?;
redis::cmd("DEL")
.arg(&key)
.query_async::<()>(&mut conn)
.await
.map_err(|e| anyhow!("Failed to revoke CSRF token: {}", e))?;
Ok(())
}
pub async fn cleanup_expired(&self) -> Result<usize> {
Ok(0)
}
}

185
src/security/redis_session_store.rs Normal file
View file

@ -0,0 +1,185 @@
use anyhow::{anyhow, Result};
use std::sync::Arc;
use super::session::{Session, SessionStore};
const SESSION_KEY_PREFIX: &str = "session:";
#[derive(Debug, Clone)]
pub struct RedisSessionStore {
client: Arc<redis::Client>,
}
impl RedisSessionStore {
pub async fn new(redis_url: &str) -> Result<Self> {
let client = redis::Client::open(redis_url)
.map_err(|e| anyhow!("Failed to create Redis client: {}", e))?;
let _ = client
.get_multiplexed_async_connection()
.await
.map_err(|e| anyhow!("Redis connection error: {}", e))?;
Ok(Self {
client: Arc::new(client),
})
}
fn session_key(&self, session_id: &str) -> String {
format!("{}{}", SESSION_KEY_PREFIX, session_id)
}
}
impl SessionStore for RedisSessionStore {
fn create(&self, session: Session) -> impl std::future::Future<Output = Result<()>> + Send {
let client = self.client.clone();
let key = self.session_key(&session.id);
let ttl = session.time_until_expiry();
let ttl_secs = ttl.num_seconds().max(0) as usize;
async move {
let mut conn = client
.get_multiplexed_async_connection()
.await
.map_err(|e| anyhow!("Redis connection error: {}", e))?;
let value = serde_json::to_string(&session)?;
redis::cmd("SETEX")
.arg(&key)
.arg(ttl_secs)
.arg(&value)
.query_async::<()>(&mut conn)
.await
.map_err(|e| anyhow!("Failed to create session: {}", e))?;
Ok(())
}
}
fn get(&self, session_id: &str) -> impl std::future::Future<Output = Result<Option<Session>>> + Send {
let client = self.client.clone();
let key = self.session_key(session_id);
async move {
let mut conn = client
.get_multiplexed_async_connection()
.await
.map_err(|e| anyhow!("Redis connection error: {}", e))?;
let value: Option<String> = redis::cmd("GET")
.arg(&key)
.query_async(&mut conn)
.await
.map_err(|e| anyhow!("Failed to get session: {}", e))?;
match value {
Some(v) => {
let session: Session = serde_json::from_str(&v)
.map_err(|e| anyhow!("Failed to deserialize session: {}", e))?;
Ok(Some(session))
}
None => Ok(None),
}
}
}
fn update(&self, session: &Session) -> impl std::future::Future<Output = Result<()>> + Send {
let client = self.client.clone();
let key = self.session_key(&session.id);
let session = session.clone();
let ttl = session.time_until_expiry();
let ttl_secs = ttl.num_seconds().max(0) as usize;
async move {
let mut conn = client
.get_multiplexed_async_connection()
.await
.map_err(|e| anyhow!("Redis connection error: {}", e))?;
let value = serde_json::to_string(&session)?;
redis::cmd("SETEX")
.arg(&key)
.arg(ttl_secs)
.arg(&value)
.query_async::<()>(&mut conn)
.await
.map_err(|e| anyhow!("Failed to update session: {}", e))?;
Ok(())
}
}
fn delete(&self, session_id: &str) -> impl std::future::Future<Output = Result<()>> + Send {
let client = self.client.clone();
let key = self.session_key(session_id);
async move {
let mut conn = client
.get_multiplexed_async_connection()
.await
.map_err(|e| anyhow!("Redis connection error: {}", e))?;
redis::cmd("DEL")
.arg(&key)
.query_async::<()>(&mut conn)
.await
.map_err(|e| anyhow!("Failed to delete session: {}", e))?;
Ok(())
}
}
fn get_user_sessions(&self, user_id: uuid::Uuid) -> impl std::future::Future<Output = Result<Vec<Session>>> + Send {
let client = self.client.clone();
let prefix = SESSION_KEY_PREFIX.to_string();
async move {
let mut conn = client
.get_multiplexed_async_connection()
.await
.map_err(|e| anyhow!("Redis connection error: {}", e))?;
let pattern = format!("{}*", prefix);
let keys: Vec<String> = redis::cmd("KEYS")
.arg(&pattern)
.query_async(&mut conn)
.await
.map_err(|e| anyhow!("Failed to list sessions: {}", e))?;
let mut sessions = Vec::new();
for key in keys {
let session_id = key.trim_start_matches(&prefix);
let store = Self { client: client.clone() };
if let Ok(Some(session)) = store.get(session_id).await {
if session.user_id == user_id && session.is_valid() {
sessions.push(session);
}
}
}
Ok(sessions)
}
}
fn delete_user_sessions(&self, user_id: uuid::Uuid) -> impl std::future::Future<Output = Result<usize>> + Send {
let client = self.client.clone();
async move {
let sessions = Self { client: client.clone() }.get_user_sessions(user_id).await?;
let count = sessions.len();
for session in sessions {
Self { client: client.clone() }.delete(&session.id).await?;
}
Ok(count)
}
}
async fn cleanup_expired(&self) -> Result<usize> {
Ok(0)
}
}

66
src/security/request_limits.rs Normal file
View file

@ -0,0 +1,66 @@
use axum::{
body::Body,
extract::Request,
http::StatusCode,
middleware::Next,
response::{IntoResponse, Response},
};
pub const DEFAULT_MAX_REQUEST_SIZE: usize = 10 * 1024 * 1024;
pub const MAX_UPLOAD_SIZE: usize = 100 * 1024 * 1024;
pub async fn request_size_middleware(
req: Request<Body>,
next: Next,
) -> Response {
let content_length = req
.headers()
.get("content-length")
.and_then(|v| v.to_str().ok())
.and_then(|s| s.parse::<usize>().ok());
if let Some(len) = content_length {
if len > DEFAULT_MAX_REQUEST_SIZE {
return (
StatusCode::PAYLOAD_TOO_LARGE,
axum::Json(serde_json::json!({
"error": "request_too_large",
"message": format!("Request body {} bytes exceeds maximum {}", len, DEFAULT_MAX_REQUEST_SIZE),
"max_size": DEFAULT_MAX_REQUEST_SIZE
})),
)
.into_response();
}
}
next.run(req).await
}
pub async fn upload_size_middleware(
req: Request<Body>,
next: Next,
) -> Response {
let content_length = req
.headers()
.get("content-length")
.and_then(|v| v.to_str().ok())
.and_then(|s| s.parse::<usize>().ok());
if let Some(len) = content_length {
if len > MAX_UPLOAD_SIZE {
return (
StatusCode::PAYLOAD_TOO_LARGE,
axum::Json(serde_json::json!({
"error": "upload_too_large",
"message": format!("Upload {} bytes exceeds maximum {}", len, MAX_UPLOAD_SIZE),
"max_size": MAX_UPLOAD_SIZE
})),
)
.into_response();
}
}
next.run(req).await
}

23
src/security/safe_unwrap.rs Normal file
View file

@ -0,0 +1,23 @@
pub fn safe_unwrap_or_default<T: Default>(result: Result<T, impl std::fmt::Display>, context: &str) -> T {
result.unwrap_or_else(|e| {
tracing::error!("{}: {}", context, e);
T::default()
})
}
pub fn safe_unwrap_or<T>(result: Result<T, impl std::fmt::Display>, context: &str, default: T) -> T {
result.unwrap_or_else(|e| {
tracing::error!("{}: {}", context, e);
default
})
}
pub fn safe_unwrap_none_or<T>(result: Result<T, impl std::fmt::Display>, context: &str, value: T) -> T {
match result {
Ok(v) => v,
Err(e) => {
tracing::error!("{}: {}", context, e);
value
}
}
}

36
src/security/session.rs
View file

@ -436,6 +436,42 @@ impl<S: SessionStore> SessionManager<S> {
Ok(sessions.into_iter().filter(|s| s.is_valid()).collect())
}
pub async fn regenerate_session(&self, old_session_id: &str, ip_address: Option<String>, user_agent: Option<&str>) -> Result<Option<Session>> {
let old_session = match self.store.get(old_session_id).await? {
Some(s) if s.is_valid() => s,
_ => return Ok(None),
};
let user_id = old_session.user_id;
let mut new_session = Session::new(user_id, &self.config)
.with_remember_me(old_session.remember_me)
.with_metadata("regenerated_from".to_string(), old_session.id.clone());
if let Some(ip) = ip_address {
new_session = new_session.with_ip(ip);
}
if self.config.enable_device_tracking {
if let Some(ua) = user_agent {
new_session = new_session.with_device(DeviceInfo::from_user_agent(ua));
}
}
for (key, value) in old_session.metadata {
if key != "regenerated_from" {
new_session = new_session.with_metadata(key, value);
}
}
self.store.delete(old_session_id).await?;
self.store.create(new_session.clone()).await?;
info!("Regenerated session {} -> {} for user {user_id}", old_session_id, new_session.id);
Ok(Some(new_session))
}
pub async fn invalidate_on_password_change(&self, user_id: Uuid) -> Result<usize> {
let count = self.store.delete_user_sessions(user_id).await?;
info!("Invalidated {count} sessions for user {user_id} due to password change");

72
src/security/validation.rs
View file

@ -1,5 +1,6 @@
use regex::Regex;
use std::sync::LazyLock;
use std::net::IpAddr;
#[derive(Debug, Clone, PartialEq, Eq)]
pub enum ValidationError {
@ -511,6 +512,13 @@ impl Validator {
self
}
pub fn ssrf_safe_url(mut self, value: &str) -> Self {
if let Err(e) = validate_url_ssrf(value) {
self.result.add_error(e);
}
self
}
pub fn validate(self) -> Result<(), ValidationResult> {
if self.result.is_valid() {
Ok(())
@ -530,6 +538,70 @@ impl Default for Validator {
}
}
static SSRF_BLOCKED_HOSTS: LazyLock<Vec<&'static str>> = LazyLock::new(|| {
vec![
"localhost",
"127.0.0.1",
"0.0.0.0",
"::1",
"[::1]",
"169.254.169.254",
"metadata.google.internal",
"instance-data",
"linklocal.amazonaws.com",
"169.254.169.254",
"10.0.0.0",
"10.255.255.255",
"172.16.0.0",
"172.31.255.255",
"192.168.0.0",
"192.168.255.255",
"fc00:",
"fd00:",
"fe80:",
]
});
pub fn validate_url_ssrf(url: &str) -> Result<(), ValidationError> {
validate_url(url)?;
let url_lower = url.to_lowercase();
for blocked in SSRF_BLOCKED_HOSTS.iter() {
if url_lower.contains(blocked) {
return Err(ValidationError::Forbidden {
field: "url".to_string(),
reason: format!("URL contains blocked host or pattern: {}", blocked),
});
}
}
if let Ok(parsed) = url::Url::parse(url) {
let host_str: &str = match parsed.host_str() {
Some(h) => h,
None => {
return Err(ValidationError::InvalidUrl(url.to_string()));
}
};
if let Ok(addr) = host_str.parse::<IpAddr>() {
let is_private = match addr {
IpAddr::V4(ipv4) => ipv4.is_loopback() || ipv4.is_private() || ipv4.is_link_local(),
IpAddr::V6(ipv6) => ipv6.is_loopback() || ipv6.is_unspecified(),
};
if is_private {
return Err(ValidationError::Forbidden {
field: "url".to_string(),
reason: format!("URL resolves to private/internal address: {}", addr),
});
}
}
}
Ok(())
}
#[cfg(test)]
mod tests {
use super::*;

53
src/sources/sources_api/handlers.rs
View file

@ -8,6 +8,7 @@ use axum::{
response::{Html, IntoResponse},
Json,
};
use std::fmt::Write;
use std::sync::Arc;
pub async fn handle_list_repositories(State(_state): State<Arc<AppState>>) -> impl IntoResponse {
@ -35,9 +36,8 @@ pub async fn handle_list_repositories(State(_state): State<Arc<AppState>>) -> im
let language = repo.language.as_deref().unwrap_or("Unknown");
let last_sync = repo.last_sync.as_deref().unwrap_or("Never");
let _ = std::fmt::write!(
let _ = write!(
html,
format_args!(
r#"<div class="repo-card">
<div class="repo-header">
<div class="repo-icon">
@ -77,7 +77,6 @@ pub async fn handle_list_repositories(State(_state): State<Arc<AppState>>) -> im
repo.forks,
last_sync,
html_escape(&repo.url)
),
);
}
@ -136,9 +135,8 @@ pub async fn handle_list_apps(State(_state): State<Arc<AppState>>) -> impl IntoR
_ => "🔷",
};
let _ = std::fmt::write!(
let _ = write!(
html,
format_args!(
r#"<div class="app-card">
<div class="app-header">
<div class="app-icon">{}</div>
@ -158,7 +156,6 @@ pub async fn handle_list_apps(State(_state): State<Arc<AppState>>) -> impl IntoR
html_escape(&app.app_type),
html_escape(&app.description),
html_escape(&app.url)
),
);
}
@ -206,12 +203,10 @@ pub async fn handle_prompts(
for (id, name, icon) in &categories {
let active = if *id == category { " active" } else { "" };
let _ = std::fmt::write!(
let _ = write!(
html,
format_args!(
"<button class=\"category-item{}\" hx-get=\"/api/sources/prompts?category={}\" hx-target=\"#content-area\" hx-swap=\"innerHTML\"><span class=\"category-icon\">{}</span><span class=\"category-name\">{}</span></button>",
active, id, icon, name
),
);
}
@ -219,12 +214,10 @@ pub async fn handle_prompts(
html.push_str("<div class=\"content-main\"><div class=\"prompts-grid\" id=\"prompts-grid\">");
for prompt in &prompts {
let _ = std::fmt::write!(
let _ = write!(
html,
format_args!(
"<div class=\"prompt-card\"><div class=\"prompt-header\"><span class=\"prompt-icon\">{}</span><h4>{}</h4></div><p class=\"prompt-description\">{}</p><div class=\"prompt-footer\"><span class=\"prompt-category\">{}</span><button class=\"btn-use\" onclick=\"usePrompt('{}')\">Use</button></div></div>",
prompt.icon, html_escape(&prompt.title), html_escape(&prompt.description), html_escape(&prompt.category), html_escape(&prompt.id)
),
);
}
@ -247,12 +240,10 @@ pub async fn handle_templates(State(_state): State<Arc<AppState>>) -> impl IntoR
html.push_str("<div class=\"templates-grid\">");
for template in &templates {
let _ = std::fmt::write!(
let _ = write!(
html,
format_args!(
"<div class=\"template-card\"><div class=\"template-icon\">{}</div><div class=\"template-info\"><h4>{}</h4><p>{}</p><div class=\"template-meta\"><span class=\"template-category\">{}</span></div></div><div class=\"template-actions\"><button class=\"btn-preview\">Preview</button><button class=\"btn-use-template\">Use Template</button></div></div>",
template.icon, html_escape(&template.name), html_escape(&template.description), html_escape(&template.category)
),
);
}
@ -296,12 +287,10 @@ pub async fn handle_news(State(_state): State<Arc<AppState>>) -> impl IntoRespon
html.push_str("<div class=\"news-list\">");
for (icon, title, description, time) in &news_items {
let _ = std::fmt::write!(
let _ = write!(
html,
format_args!(
"<div class=\"news-item\"><div class=\"news-icon\">{}</div><div class=\"news-content\"><h4>{}</h4><p>{}</p><span class=\"news-time\">{}</span></div></div>",
icon, html_escape(title), html_escape(description), time
),
);
}
@ -325,31 +314,25 @@ pub async fn handle_llm_tools(
let mut html = String::new();
html.push_str("<div class=\"tools-container\">");
let _ = std::fmt::write!(
let _ = write!(
html,
format_args!(
"<div class=\"tools-header\"><h3>LLM Tools</h3><p>All tools available for Tasks and LLM invocation</p><div class=\"tools-stats\"><span class=\"stat\"><strong>{}</strong> BASIC keywords</span><span class=\"stat\"><strong>{}</strong> MCP tools</span></div></div>",
keywords.len(), mcp_tools_count
),
);
html.push_str("<div class=\"tools-grid\">");
for keyword in keywords.iter().take(20) {
let _ = std::fmt::write!(
let _ = write!(
html,
format_args!(
"<span class=\"keyword-tag\">{}</span>",
html_escape(keyword)
),
);
}
if keywords.len() > 20 {
let _ = std::fmt::write!(
let _ = write!(
html,
format_args!(
"<span class=\"keyword-more\">+{} more...</span>",
keywords.len() - 20
),
);
}
html.push_str("</div></div>");
@ -402,12 +385,10 @@ pub async fn handle_models(State(_state): State<Arc<AppState>>) -> impl IntoResp
} else {
"model-available"
};
let _ = std::fmt::write!(
let _ = write!(
html,
format_args!(
"<div class=\"model-card {}\"><div class=\"model-icon\">{}</div><div class=\"model-info\"><div class=\"model-header\"><h4>{}</h4><span class=\"model-provider\">{}</span></div><p>{}</p><div class=\"model-footer\"><span class=\"model-status\">{}</span></div></div></div>",
status_class, icon, html_escape(name), html_escape(provider), html_escape(description), status
),
);
}
@ -438,25 +419,21 @@ pub async fn handle_search(
.collect();
let mut html = String::new();
let _ = std::fmt::write!(html, format_args!("<div class=\"search-results\"><div class=\"search-header\"><h3>Search Results for \"{}\"</h3></div>", html_escape(&query)));
let _ = write!(html, "<div class=\"search-results\"><div class=\"search-header\"><h3>Search Results for \"{}\"</h3></div>", html_escape(&query));
if matching_prompts.is_empty() {
html.push_str("<div class=\"no-results\"><p>No results found</p></div>");
} else {
let _ = std::fmt::write!(
let _ = write!(
html,
format_args!(
"<div class=\"result-section\"><h4>Prompts ({})</h4><div class=\"results-grid\">",
matching_prompts.len()
),
);
for prompt in matching_prompts {
let _ = std::fmt::write!(
let _ = write!(
html,
format_args!(
"<div class=\"result-item\"><span class=\"result-icon\">{}</span><div class=\"result-info\"><strong>{}</strong><p>{}</p></div></div>",
"<div class=\"result-item\"><span class=\"result-icon\">{}</span><div class=\"result-info\"><strong>{}</strong><p>{}</p></div></div>",
prompt.icon, html_escape(&prompt.title), html_escape(&prompt.description)
),
);
}
html.push_str("</div></div>");

2
src/tasks/task_api/html_renderers.rs
View file

@ -84,7 +84,7 @@ pub fn build_taskmd_html(state: &Arc<AppState>, task_id: &str, title: &str, runt
return (status_html, progress_html);
} else {
// Try parsing as web JSON format (the format we store)
if let Ok(web_manifest) = super::utils::parse_web_manifest_json(manifest_json) {
if let Some(web_manifest) = super::utils::parse_web_manifest_json(manifest_json) {
log::info!("[TASKMD_HTML] Parsed web manifest from DB for task: {}", task_id);
let status_html = build_status_section_from_web_json(&web_manifest, title, runtime);
let progress_html = build_progress_log_from_web_json(&web_manifest);

7
src/tasks/task_api/utils.rs
View file

@ -110,11 +110,12 @@ pub fn get_manifest_eta(state: &Arc<AppState>, task_id: &str) -> String {
}
/// Parse the web JSON format that we store in the database
pub fn parse_web_manifest_json(json: &serde_json::Value) -> Result<serde_json::Value, ()> {
/// Returns None if the format is invalid (missing sections)
pub fn parse_web_manifest_json(json: &serde_json::Value) -> Option<serde_json::Value> {
// The web format has sections with status as strings, etc.
if json.get("sections").is_some() {
Ok(json.clone())
Some(json.clone())
} else {
Err(())
None
}
}

1
ui/index.html Normal file
View file

@ -0,0 +1 @@
<\!DOCTYPE html><html><head><title>Placeholder</title></head><body><h1>UI Placeholder</h1></body></html>