marco/buildmymcpserver
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
c62fcd07ef
buildmymcpserver/packages/db/src/schema.ts

265 lines
9.2 KiB
TypeScript
Raw Normal View History

feat(db): drizzle schema and client (orgs, servers, builds, oauth, metrics, audit)
2026-05-19 00:21:18 +02:00
import {
bigint,
boolean,
index,
integer,
jsonb,
pgEnum,
pgTable,
text,
timestamp,
uuid,
varchar,
} from 'drizzle-orm/pg-core';
export const planEnum = pgEnum('plan', ['hobby', 'pro', 'team', 'enterprise']);
export const serverStatusEnum = pgEnum('server_status', [
'draft',
'queued',
'generating',
'building',
'deploying',
'live',
'failed',
'paused',
]);
export const buildStatusEnum = pgEnum('build_status', [
'queued',
'generating',
'building',
'deploying',
'success',
'failed',
'cancelled',
]);
export const organizations = pgTable('organizations', {
id: uuid('id').defaultRandom().primaryKey(),
slug: varchar('slug', { length: 64 }).notNull().unique(),
name: varchar('name', { length: 128 }).notNull(),
plan: planEnum('plan').default('hobby').notNull(),
stripeCustomerId: varchar('stripe_customer_id', { length: 128 }),
stripeSubscriptionId: varchar('stripe_subscription_id', { length: 128 }),
monthlyCallQuota: bigint('monthly_call_quota', { mode: 'number' }).default(100_000).notNull(),
callsThisPeriod: bigint('calls_this_period', { mode: 'number' }).default(0).notNull(),
periodStartsAt: timestamp('period_starts_at').defaultNow().notNull(),
feat(admin): password-auth admin panel with 8 pages + 15 API endpoints Schema migrations: - users.is_admin boolean - users.password_hash text (scrypt N=16384, 16-byte salt) - users.last_login_at timestamp - organizations.suspended + suspended_reason - admin_settings table (DB-stored prompt override + future settings) Auth (@bmm/auth): - hashPassword + verifyPassword via node:crypto scrypt (no extra dep) - loginWithPassword: scrypt-verifies, issues 30-day session, updates last_login_at - seedAdmin: idempotent upsert keyed on email; creates org + membership on first run - AuthedUser now carries isAdmin flag API: - POST /v1/auth/admin/login (email + password) — 300ms throttle on failure - requireAdmin preHandler — 401 if no session, 403 if non-admin - Bootstrap: api on boot calls seedAdmin(ADMIN_EMAIL, ADMIN_PASSWORD, ADMIN_NAME) if env present. Idempotent. Admin API routes (all gated by requireAdmin): - GET /v1/admin/overview (totals, trends 7d, server-status breakdown, builds 24h, recent activity) - GET /v1/admin/users (search, per-row org + plan + serverCount) - PATCH /v1/admin/users/:id (isAdmin, name) - DELETE /v1/admin/users/:id (self-delete blocked) - GET /v1/admin/orgs (member + server counts) - PATCH /v1/admin/orgs/:id (plan, quota, suspended; cascades to mcp_servers.status=paused on suspend) - GET /v1/admin/servers (cross-org with status filter) - POST /v1/admin/servers/:id/rebuild (re-queues build using last prompt) - DELETE /v1/admin/servers/:id - GET /v1/admin/builds (status filter, error messages, prompt previews) - GET /v1/admin/builds/:id/logs - GET /v1/admin/audit (system-wide with user email join) - GET /v1/admin/system (DB ping, Redis ping, BullMQ queue depth, docker ps count) - GET /v1/admin/prompt (builtin + override + updatedAt) - PATCH /v1/admin/prompt (value: string | null) — saves DB override or drops it UI (apps/web/app/admin/*): - /admin/login — password form, separate from /login magic-link - AdminLayout — Linear-style sidebar (8 nav items), bottom panel with user email + 'user view' shortcut + logout, client-side requireAdmin guard with redirect - /admin — overview dashboard with 4 metric cards, 2 panels (status + 24h builds), recent activity table linking to full audit - /admin/users — search + admin toggle + delete (self-delete blocked) - /admin/orgs — plan/quota/suspend actions via prompts - /admin/servers — cross-org table with rebuild + delete actions, status filter - /admin/builds — every build cross-fleet with error vs prompt preview - /admin/audit — system-wide log + CSV export + filter dropdowns - /admin/system — auto-refreshing 5s health probes for Postgres, Redis, queue, Docker - /admin/prompt — live editor for the LLM system prompt with built-in baseline, override-state badge, drop-override action, diff preview, save-as-override End-to-end verified: login as marco.frangiskatos@gmail.com + Melusa112233.*, every admin page returns 200, admin login + overview tested via screenshot, docker probe returns true count of running MCP containers.
2026-05-19 23:01:26 +02:00
suspended: boolean('suspended').default(false).notNull(),
suspendedReason: text('suspended_reason'),
feat(db): drizzle schema and client (orgs, servers, builds, oauth, metrics, audit)
2026-05-19 00:21:18 +02:00
createdAt: timestamp('created_at').defaultNow().notNull(),
});
feat(admin): password-auth admin panel with 8 pages + 15 API endpoints Schema migrations: - users.is_admin boolean - users.password_hash text (scrypt N=16384, 16-byte salt) - users.last_login_at timestamp - organizations.suspended + suspended_reason - admin_settings table (DB-stored prompt override + future settings) Auth (@bmm/auth): - hashPassword + verifyPassword via node:crypto scrypt (no extra dep) - loginWithPassword: scrypt-verifies, issues 30-day session, updates last_login_at - seedAdmin: idempotent upsert keyed on email; creates org + membership on first run - AuthedUser now carries isAdmin flag API: - POST /v1/auth/admin/login (email + password) — 300ms throttle on failure - requireAdmin preHandler — 401 if no session, 403 if non-admin - Bootstrap: api on boot calls seedAdmin(ADMIN_EMAIL, ADMIN_PASSWORD, ADMIN_NAME) if env present. Idempotent. Admin API routes (all gated by requireAdmin): - GET /v1/admin/overview (totals, trends 7d, server-status breakdown, builds 24h, recent activity) - GET /v1/admin/users (search, per-row org + plan + serverCount) - PATCH /v1/admin/users/:id (isAdmin, name) - DELETE /v1/admin/users/:id (self-delete blocked) - GET /v1/admin/orgs (member + server counts) - PATCH /v1/admin/orgs/:id (plan, quota, suspended; cascades to mcp_servers.status=paused on suspend) - GET /v1/admin/servers (cross-org with status filter) - POST /v1/admin/servers/:id/rebuild (re-queues build using last prompt) - DELETE /v1/admin/servers/:id - GET /v1/admin/builds (status filter, error messages, prompt previews) - GET /v1/admin/builds/:id/logs - GET /v1/admin/audit (system-wide with user email join) - GET /v1/admin/system (DB ping, Redis ping, BullMQ queue depth, docker ps count) - GET /v1/admin/prompt (builtin + override + updatedAt) - PATCH /v1/admin/prompt (value: string | null) — saves DB override or drops it UI (apps/web/app/admin/*): - /admin/login — password form, separate from /login magic-link - AdminLayout — Linear-style sidebar (8 nav items), bottom panel with user email + 'user view' shortcut + logout, client-side requireAdmin guard with redirect - /admin — overview dashboard with 4 metric cards, 2 panels (status + 24h builds), recent activity table linking to full audit - /admin/users — search + admin toggle + delete (self-delete blocked) - /admin/orgs — plan/quota/suspend actions via prompts - /admin/servers — cross-org table with rebuild + delete actions, status filter - /admin/builds — every build cross-fleet with error vs prompt preview - /admin/audit — system-wide log + CSV export + filter dropdowns - /admin/system — auto-refreshing 5s health probes for Postgres, Redis, queue, Docker - /admin/prompt — live editor for the LLM system prompt with built-in baseline, override-state badge, drop-override action, diff preview, save-as-override End-to-end verified: login as marco.frangiskatos@gmail.com + Melusa112233.*, every admin page returns 200, admin login + overview tested via screenshot, docker probe returns true count of running MCP containers.
2026-05-19 23:01:26 +02:00
export const adminSettings = pgTable('admin_settings', {
id: uuid('id').defaultRandom().primaryKey(),
key: varchar('key', { length: 64 }).notNull().unique(),
value: text('value'),
updatedBy: uuid('updated_by').references(() => users.id, { onDelete: 'set null' }),
updatedAt: timestamp('updated_at').defaultNow().notNull(),
});
feat(db): drizzle schema and client (orgs, servers, builds, oauth, metrics, audit)
2026-05-19 00:21:18 +02:00
export const users = pgTable('users', {
id: uuid('id').defaultRandom().primaryKey(),
email: varchar('email', { length: 255 }).notNull().unique(),
name: varchar('name', { length: 128 }),
avatarUrl: text('avatar_url'),
emailVerified: boolean('email_verified').default(false).notNull(),
feat(admin): password-auth admin panel with 8 pages + 15 API endpoints Schema migrations: - users.is_admin boolean - users.password_hash text (scrypt N=16384, 16-byte salt) - users.last_login_at timestamp - organizations.suspended + suspended_reason - admin_settings table (DB-stored prompt override + future settings) Auth (@bmm/auth): - hashPassword + verifyPassword via node:crypto scrypt (no extra dep) - loginWithPassword: scrypt-verifies, issues 30-day session, updates last_login_at - seedAdmin: idempotent upsert keyed on email; creates org + membership on first run - AuthedUser now carries isAdmin flag API: - POST /v1/auth/admin/login (email + password) — 300ms throttle on failure - requireAdmin preHandler — 401 if no session, 403 if non-admin - Bootstrap: api on boot calls seedAdmin(ADMIN_EMAIL, ADMIN_PASSWORD, ADMIN_NAME) if env present. Idempotent. Admin API routes (all gated by requireAdmin): - GET /v1/admin/overview (totals, trends 7d, server-status breakdown, builds 24h, recent activity) - GET /v1/admin/users (search, per-row org + plan + serverCount) - PATCH /v1/admin/users/:id (isAdmin, name) - DELETE /v1/admin/users/:id (self-delete blocked) - GET /v1/admin/orgs (member + server counts) - PATCH /v1/admin/orgs/:id (plan, quota, suspended; cascades to mcp_servers.status=paused on suspend) - GET /v1/admin/servers (cross-org with status filter) - POST /v1/admin/servers/:id/rebuild (re-queues build using last prompt) - DELETE /v1/admin/servers/:id - GET /v1/admin/builds (status filter, error messages, prompt previews) - GET /v1/admin/builds/:id/logs - GET /v1/admin/audit (system-wide with user email join) - GET /v1/admin/system (DB ping, Redis ping, BullMQ queue depth, docker ps count) - GET /v1/admin/prompt (builtin + override + updatedAt) - PATCH /v1/admin/prompt (value: string | null) — saves DB override or drops it UI (apps/web/app/admin/*): - /admin/login — password form, separate from /login magic-link - AdminLayout — Linear-style sidebar (8 nav items), bottom panel with user email + 'user view' shortcut + logout, client-side requireAdmin guard with redirect - /admin — overview dashboard with 4 metric cards, 2 panels (status + 24h builds), recent activity table linking to full audit - /admin/users — search + admin toggle + delete (self-delete blocked) - /admin/orgs — plan/quota/suspend actions via prompts - /admin/servers — cross-org table with rebuild + delete actions, status filter - /admin/builds — every build cross-fleet with error vs prompt preview - /admin/audit — system-wide log + CSV export + filter dropdowns - /admin/system — auto-refreshing 5s health probes for Postgres, Redis, queue, Docker - /admin/prompt — live editor for the LLM system prompt with built-in baseline, override-state badge, drop-override action, diff preview, save-as-override End-to-end verified: login as marco.frangiskatos@gmail.com + Melusa112233.*, every admin page returns 200, admin login + overview tested via screenshot, docker probe returns true count of running MCP containers.
2026-05-19 23:01:26 +02:00
isAdmin: boolean('is_admin').default(false).notNull(),
passwordHash: text('password_hash'),
lastLoginAt: timestamp('last_login_at'),
feat(db): drizzle schema and client (orgs, servers, builds, oauth, metrics, audit)
2026-05-19 00:21:18 +02:00
createdAt: timestamp('created_at').defaultNow().notNull(),
});
export const sessions = pgTable(
'sessions',
{
id: uuid('id').defaultRandom().primaryKey(),
userId: uuid('user_id')
.references(() => users.id, { onDelete: 'cascade' })
.notNull(),
tokenHash: text('token_hash').notNull().unique(),
expiresAt: timestamp('expires_at').notNull(),
ipAddress: varchar('ip_address', { length: 64 }),
userAgent: text('user_agent'),
createdAt: timestamp('created_at').defaultNow().notNull(),
},
(t) => ({
userIdx: index('idx_sessions_user').on(t.userId),
}),
);
export const magicLinks = pgTable('magic_links', {
id: uuid('id').defaultRandom().primaryKey(),
email: varchar('email', { length: 255 }).notNull(),
tokenHash: text('token_hash').notNull().unique(),
expiresAt: timestamp('expires_at').notNull(),
consumedAt: timestamp('consumed_at'),
createdAt: timestamp('created_at').defaultNow().notNull(),
});
export const memberships = pgTable('memberships', {
id: uuid('id').defaultRandom().primaryKey(),
orgId: uuid('org_id')
.references(() => organizations.id, { onDelete: 'cascade' })
.notNull(),
userId: uuid('user_id')
.references(() => users.id, { onDelete: 'cascade' })
.notNull(),
role: varchar('role', { length: 32 }).default('owner').notNull(),
createdAt: timestamp('created_at').defaultNow().notNull(),
});
export const mcpServers = pgTable(
'mcp_servers',
{
id: uuid('id').defaultRandom().primaryKey(),
orgId: uuid('org_id')
.references(() => organizations.id, { onDelete: 'cascade' })
.notNull(),
slug: varchar('slug', { length: 64 }).notNull(),
name: varchar('name', { length: 128 }).notNull(),
description: text('description'),
status: serverStatusEnum('status').default('draft').notNull(),
currentVersion: integer('current_version').default(0).notNull(),
containerId: varchar('container_id', { length: 128 }),
hostPort: integer('host_port'),
publicUrl: text('public_url'),
toolsSchema: jsonb('tools_schema'),
oauthEnabled: boolean('oauth_enabled').default(true).notNull(),
createdAt: timestamp('created_at').defaultNow().notNull(),
updatedAt: timestamp('updated_at').defaultNow().notNull(),
},
(t) => ({
orgSlugIdx: index('idx_servers_org_slug').on(t.orgId, t.slug),
}),
);
export const builds = pgTable(
'builds',
{
id: uuid('id').defaultRandom().primaryKey(),
serverId: uuid('server_id')
.references(() => mcpServers.id, { onDelete: 'cascade' })
.notNull(),
version: integer('version').notNull(),
prompt: text('prompt').notNull(),
generatedSpec: jsonb('generated_spec'),
generatedCode: text('generated_code'),
status: buildStatusEnum('status').default('queued').notNull(),
errorMessage: text('error_message'),
startedAt: timestamp('started_at'),
finishedAt: timestamp('finished_at'),
createdAt: timestamp('created_at').defaultNow().notNull(),
},
(t) => ({
serverIdx: index('idx_builds_server').on(t.serverId),
}),
);
export const buildLogs = pgTable(
'build_logs',
{
id: uuid('id').defaultRandom().primaryKey(),
buildId: uuid('build_id')
.references(() => builds.id, { onDelete: 'cascade' })
.notNull(),
level: varchar('level', { length: 16 }).default('info').notNull(),
message: text('message').notNull(),
timestamp: timestamp('timestamp').defaultNow().notNull(),
},
(t) => ({
buildIdx: index('idx_logs_build').on(t.buildId, t.timestamp),
}),
);
export const secrets = pgTable('secrets', {
id: uuid('id').defaultRandom().primaryKey(),
serverId: uuid('server_id')
.references(() => mcpServers.id, { onDelete: 'cascade' })
.notNull(),
key: varchar('key', { length: 128 }).notNull(),
encryptedValue: text('encrypted_value').notNull(),
createdAt: timestamp('created_at').defaultNow().notNull(),
});
export const oauthClients = pgTable('oauth_clients', {
id: uuid('id').defaultRandom().primaryKey(),
serverId: uuid('server_id')
.references(() => mcpServers.id, { onDelete: 'cascade' })
.notNull(),
clientId: varchar('client_id', { length: 128 }).notNull().unique(),
clientSecretHash: text('client_secret_hash'),
redirectUris: jsonb('redirect_uris').notNull(),
metadata: jsonb('metadata'),
createdAt: timestamp('created_at').defaultNow().notNull(),
});
export const oauthCodes = pgTable('oauth_codes', {
id: uuid('id').defaultRandom().primaryKey(),
clientDbId: uuid('client_db_id')
.references(() => oauthClients.id, { onDelete: 'cascade' })
.notNull(),
code: varchar('code', { length: 128 }).notNull().unique(),
codeChallenge: varchar('code_challenge', { length: 256 }).notNull(),
codeChallengeMethod: varchar('code_challenge_method', { length: 16 }).notNull(),
redirectUri: text('redirect_uri').notNull(),
scope: text('scope'),
resource: text('resource'),
userId: uuid('user_id').references(() => users.id, { onDelete: 'set null' }),
expiresAt: timestamp('expires_at').notNull(),
consumedAt: timestamp('consumed_at'),
createdAt: timestamp('created_at').defaultNow().notNull(),
});
export const oauthTokens = pgTable('oauth_tokens', {
id: uuid('id').defaultRandom().primaryKey(),
clientDbId: uuid('client_db_id')
.references(() => oauthClients.id, { onDelete: 'cascade' })
.notNull(),
accessTokenHash: text('access_token_hash').notNull(),
refreshTokenHash: text('refresh_token_hash'),
scope: text('scope'),
resource: text('resource'),
expiresAt: timestamp('expires_at').notNull(),
createdAt: timestamp('created_at').defaultNow().notNull(),
});
export const toolCallMetrics = pgTable(
'tool_call_metrics',
{
id: uuid('id').defaultRandom().primaryKey(),
serverId: uuid('server_id')
.references(() => mcpServers.id, { onDelete: 'cascade' })
.notNull(),
toolName: varchar('tool_name', { length: 128 }).notNull(),
durationMs: integer('duration_ms'),
success: boolean('success').notNull(),
errorCode: varchar('error_code', { length: 64 }),
timestamp: timestamp('timestamp').defaultNow().notNull(),
},
(t) => ({
serverTimeIdx: index('idx_metrics_server_time').on(t.serverId, t.timestamp),
}),
);
export const auditLog = pgTable('audit_log', {
id: uuid('id').defaultRandom().primaryKey(),
orgId: uuid('org_id').references(() => organizations.id, { onDelete: 'set null' }),
userId: uuid('user_id').references(() => users.id, { onDelete: 'set null' }),
action: varchar('action', { length: 128 }).notNull(),
resourceType: varchar('resource_type', { length: 64 }),
resourceId: varchar('resource_id', { length: 128 }),
metadata: jsonb('metadata'),
ipAddress: varchar('ip_address', { length: 64 }),
createdAt: timestamp('created_at').defaultNow().notNull(),
});
export type Organization = typeof organizations.$inferSelect;
export type User = typeof users.$inferSelect;
export type Session = typeof sessions.$inferSelect;
export type McpServer = typeof mcpServers.$inferSelect;
export type Build = typeof builds.$inferSelect;
export type BuildLog = typeof buildLogs.$inferSelect;
export type Secret = typeof secrets.$inferSelect;
export type OAuthClient = typeof oauthClients.$inferSelect;
Reference in New Issue Copy Permalink