mirror of
https://github.com/HeyPuter/puter.git
synced 2026-05-03 08:00:32 +00:00
Daniel Salazar
d4d78ac7db
* fix: dynamodb health checks and client recreation (#2789) * wip: no nanoServices groundwork * feat: data clients in new shape * wip: auth and perms in new system * more wip * middlewaters mainly done * wip: fsv2 in new layout * old fs v2 migration * driver system * driver and old fs fixes * ai drivers wip * stream support * metering in ai chat driver * wip: new auth * rate limit and auth routes * captcha and anti csrf * fix: types * auth store * app logic * wip most other dricvers * fs * mostly kill all legacy stuff * fs finish * fix: redis usage * ai controller * driver cleanup * socket io in v2 * broadcast and crudq stuff * subdomains * notifcations and shares * fix bad syntaxes * auth wip Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * extensions * extension setup * more routes * sql migrations and default services * home router * tier 7 * everything else * everything else * remaining missing bits * server health * logs * cleanup * deps * cleanup 2 * more cleanup 2 * boot * fix launch * config fix * move file * fix: tsconfig things * fix: extension loading * launching * fix: drivers * fix: others * fix: icons * fix: file uploads * fs fixes * fix: fs api * fix: dev-center * config * add back telemetry * lint stuff * husky hooks * fix: fs oss * fix: config migration * config migration * migrate scripts + replicate * runner * fix: merge defafult config * fix: default region * fix: api domain * fix paths in readfile * fix fs entry default s3 * NS: Remove Referral && Entri Service * dep cleanups * fix: static assets * fix: kv and perms * fix: driver registrations * fix: home mapping * fix: rao * adding back 500 alarm * fix: build paths * fix: fs and kv shapes * fix: kv shape * more kv coercing and ai chat matching format as prior * fix: private app gates * private app caches * fix: whole bunch of legacy shape issues * update template jsonc * fix caching partial oidc and fs signed paths * more oidc fixes * fix: wip * fix: private apps * admin route fixes * fix: last few things hopefully * claude uploads * fix security for app only routes * fix kv system namespace * stuff * fix: app and kv and suggested apps * fix:open item * fix: FS operations * fix: default app icons * add back token-read and WSL support * metering fixes * fix: fsEntry * perm scanners and implicators * proper download endpoint * fix: download * fix anti csrft on v2 * fix file extensions, app icons * fold in v1 fixes from origin/main into v2 equivalents Re-applies the v1 fixes that landed on origin/main into their v2 counterparts since the v1 files were deleted on DS/wip during the v2 migration. v1 commits referenced below. - SQLBatcher: flush immediately when queue hits maxBatchSize instead of racing the timer (v1 12f48238). - RedisClient: drop maxRetriesPerRequest from 2 to 1 to shrink failure window (v1b6776ab4). - ChatCompletionDriver: default minimumCredits to 1 when unset/zero so zero-cost precheck doesn't auto-pass (v136bd6073). - OpenAiImageProvider: add gpt-image-2 support — open-ended size rules, token-based cost estimator, arbitrary-size normalizer, isGpt prefix broadened to gpt-image- (v1f14f1bf4). models.ts auto-merged via rename detection. - AppStore: bump row cache TTL from 5m to 24h (v16b3196ed). Not ported: v1 app-object Redis cache (bdfa12b5/b886dde3) — v2's #toClient recomputes filetype_associations/created_from_origin per read; adding a second cache layer is a larger change for a follow-up. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> * remoe anti-csrf from auth routes that had not used them * more icon fixes * fix worker functionality * fix: app and subdomain es Co-authored-by: Copilot <copilot@github.com> * fix PUT-761 * fix: PUT-748 * fix: rename fsService * Add security back to WorkerDriver * Migrate worker from fsEntry to fs. Fix cache issue * remove ability to create symlinks * strict webdav acl * require auth for wisp * chore: service renames * Add metering back to puter peer api * fix: PUT-760 PUT-749 * fix: PUT-746 * fix: peer cost Co-authored-by: Copilot <copilot@github.com> * fix: 771 * change order of peer controller * fix: create appdata folder for app on get auth token * fix: align delete site and list sites * delete: putility * fix subdomains * Add support for tilde in subdomains, fix subdomain update * cleanup PeerController.ts and fix billing oversight (#2844) * fix: PUT-786 * fix: bugs * fix: issues with multiple subdomain queries, or permission checks * fix: harden response shapes to not contain uneeded fields * fix: move state to redis * fix: missing kv methods + better sec Co-authored-by: Copilot <copilot@github.com> * fix: subdomainStore limit * fix: missing path resolution Co-authored-by: Copilot <copilot@github.com> * fs fixes * fix: undef error * fix fs + cleanup * fix: npm audit fixes * heal path entries where missing Co-authored-by: Copilot <copilot@github.com> * fix: caching Co-authored-by: Copilot <copilot@github.com> * fix: cache inconsistencies Co-authored-by: Copilot <copilot@github.com> * fix: app driver metadata Co-authored-by: Copilot <copilot@github.com> * remove extraneous comma * fix: associated app icons * fix: bad tool call * Add validation to WorkerDriver#getFilePaths * misc fs and auth issues Co-authored-by: Copilot <copilot@github.com> * fix: oidc errors Co-authored-by: Copilot <copilot@github.com> * fix: PUT-797 * fix: legacy appdata_app Co-authored-by: Copilot <copilot@github.com> * fix: add alert logs Co-authored-by: Copilot <copilot@github.com> * fix: error handling * Disable sharecontroller * fix: remove private user identifier for ai * fix: private app fixes * Add backback signup_server * fix: completionId size Co-authored-by: Copilot <copilot@github.com> * fix: revalidate path for oidc * fix: revalidate path for oidc * fix: email validation Co-authored-by: Copilot <copilot@github.com> * fix: user create query * fix: middleware extensions Co-authored-by: Copilot <copilot@github.com> * use x-forwarded-for for req ip forwarded * fix: missing last_activity ts * feat: add cache broadcast to subdomains * fix: update config typing --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: ProgrammerIn-wonderland <3838shah@gmail.com> Co-authored-by: Copilot <copilot@github.com> Co-authored-by: Nariman Jelveh <nj@puter.com> Co-authored-by: velzie <velzie@velzie.rip>
121 lines
4.0 KiB
TypeScript
121 lines
4.0 KiB
TypeScript
import { Context } from '@heyputer/backend/src/core';
|
|
import { HttpError } from '@heyputer/backend/src/core/http';
|
|
import { extension } from '@heyputer/backend/src/extensions';
|
|
|
|
const clients = extension.import('client');
|
|
const stores = extension.import('store');
|
|
const services = extension.import('service');
|
|
|
|
const DEFAULT_LIMIT = 100;
|
|
const MAX_LIMIT = 1000;
|
|
const MAX_OFFSET = 100_000;
|
|
|
|
const parseIntParam = (
|
|
value: unknown,
|
|
{
|
|
key,
|
|
min,
|
|
max,
|
|
fallback,
|
|
}: { key: string; min: number; max: number; fallback: number },
|
|
): number => {
|
|
if (value === undefined || value === null) return fallback;
|
|
const parsed =
|
|
typeof value === 'number'
|
|
? value
|
|
: typeof value === 'string' && value.trim() !== ''
|
|
? Number(value)
|
|
: NaN;
|
|
if (
|
|
!Number.isFinite(parsed) ||
|
|
!Number.isInteger(parsed) ||
|
|
parsed < min ||
|
|
parsed > max
|
|
) {
|
|
throw new HttpError(
|
|
400,
|
|
`${key} must be an integer between ${min} and ${max}`,
|
|
);
|
|
}
|
|
return parsed;
|
|
};
|
|
|
|
extension.get(
|
|
'/app-telemetry/users',
|
|
{ subdomain: 'api', requireAuth: true },
|
|
async (req, res) => {
|
|
const { app_uuid } = req.query as Record<string, string>;
|
|
if (!app_uuid) throw new HttpError(400, 'Missing `app_uuid`');
|
|
|
|
const safeLimit = parseIntParam(req.query.limit, {
|
|
key: 'limit',
|
|
min: 1,
|
|
max: MAX_LIMIT,
|
|
fallback: DEFAULT_LIMIT,
|
|
});
|
|
const safeOffset = parseIntParam(req.query.offset, {
|
|
key: 'offset',
|
|
min: 0,
|
|
max: MAX_OFFSET,
|
|
fallback: 0,
|
|
});
|
|
|
|
const app = await stores.app.getByUid(app_uuid);
|
|
if (!app) throw new HttpError(404, 'App not found');
|
|
|
|
// `apps-of-user:<uuid>:write` — the implicator keys on the owner's
|
|
// UUID, not the numeric id. Look up the owner explicitly. v1 got
|
|
// this for free because its entity-storage layer eager-joined the
|
|
// owner row; v2's AppStore.getByUid returns the raw row with only
|
|
// `owner_user_id` populated.
|
|
const ownerId = (app as { owner_user_id?: number }).owner_user_id;
|
|
if (!ownerId) throw new HttpError(404, 'App owner not found');
|
|
const owner = (await stores.user.getById(ownerId)) as {
|
|
uuid?: string;
|
|
} | null;
|
|
if (!owner?.uuid) throw new HttpError(404, 'App owner not found');
|
|
|
|
const actor = Context.get('actor');
|
|
const ownsApp = await services.permission
|
|
.check(actor!, `apps-of-user:${owner.uuid}:write`)
|
|
.catch(() => false);
|
|
if (!ownsApp) throw new HttpError(403, 'Permission denied');
|
|
|
|
const users = await clients.db.read(
|
|
`SELECT u.username, u.uuid FROM user_to_app_permissions p
|
|
INNER JOIN user u ON p.user_id = u.id
|
|
WHERE p.permission = 'flag:app-is-authenticated' AND p.app_id = ?
|
|
ORDER BY (p.dt IS NOT NULL), p.dt, p.user_id
|
|
LIMIT ? OFFSET ?`,
|
|
[(app as Record<string, unknown>).id, safeLimit, safeOffset],
|
|
);
|
|
|
|
res.json(
|
|
(users as Array<{ username: string; uuid: string }>).map((e) => ({
|
|
user: e.username,
|
|
user_uuid: e.uuid,
|
|
})),
|
|
);
|
|
},
|
|
);
|
|
|
|
extension.get(
|
|
'/app-telemetry/user-count',
|
|
{ subdomain: 'api', requireAuth: true },
|
|
async (req, res) => {
|
|
const { app_uuid } = req.query as Record<string, string>;
|
|
if (!app_uuid) throw new HttpError(400, 'Missing `app_uuid`');
|
|
|
|
const app = await stores.app.getByUid(app_uuid);
|
|
if (!app) throw new HttpError(404, 'App not found');
|
|
|
|
const [row] = (await clients.db.read(
|
|
`SELECT COUNT(*) AS n FROM user_to_app_permissions
|
|
WHERE permission = 'flag:app-is-authenticated' AND app_id = ?`,
|
|
[(app as Record<string, unknown>).id],
|
|
)) as Array<{ n: number }>;
|
|
|
|
res.json({ count: row?.n ?? 0 });
|
|
},
|
|
);
|