diff --git a/ARCHITECTURE.md b/ARCHITECTURE.md new file mode 100644 index 0000000000000000000000000000000000000000..4ff9de780d713a7ad37c8ef90a2827a69cb0e31f --- /dev/null +++ b/ARCHITECTURE.md @@ -0,0 +1,294 @@ +# Architecture Documentation + +## System Overview + +AutoLoop is a Next.js 15 based email automation and workflow management system built with enterprise-grade security, caching, and performance optimization. + +## Technology Stack + +- **Frontend**: React 19.2.3, Next.js 15, TypeScript, Tailwind CSS +- **Backend**: Next.js App Router, NextAuth.js v5, Server Actions +- **Database**: PostgreSQL with Drizzle ORM +- **Cache**: Redis with pattern-based invalidation +- **Task Queue**: BullMQ for background jobs +- **Authentication**: NextAuth.js with OAuth (Google, GitHub), Credentials +- **Validation**: Zod schemas for type-safe validation +- **Error Tracking**: Sentry +- **Monitoring**: Web Vitals, custom performance tracking + +## Directory Structure + +``` +/app - Next.js App Router pages and API routes + /api - REST API endpoints + /auth - Authentication pages + /dashboard - Dashboard pages + /actions - Server actions + +/components - React components + /ui - Base UI components + /admin - Admin-only components + /dashboard - Dashboard components + +/lib - Utilities and business logic + /api-* - API-related utilities + /auth-* - Authentication utilities + /validation - Input validation schemas + /sanitize - XSS prevention + /cache-* - Caching layer + /rate-limit - Rate limiting + /csrf - CSRF protection + /logger - Logging system + /feature-flags - Feature management + /environment-* - Configuration + +/db - Database configuration + /schema - Drizzle ORM schemas + /indexes - Database indexes + +/public - Static assets + +/__tests__ - Unit tests +/e2e - E2E tests with Playwright + +/types - TypeScript type definitions + +/hooks - Custom React hooks + +/styles - Global styles + +/docs - Documentation +``` + +## Core Features + +### 1. Authentication & Authorization +- **Multi-Provider Support**: Google, GitHub, Credentials, WhatsApp OTP +- **NextAuth.js v5**: Session management with JWT +- **Rate Limiting**: Per-endpoint configuration +- **Brute-Force Protection**: Progressive delays, account lockout +- **CSRF Protection**: Timing-safe token validation +- **API Key Auth**: For external service integrations + +### 2. Caching Strategy +- **Redis Cache**: Distributed caching with pattern-based invalidation +- **Query-Level Caching**: + - Businesses: 10-minute TTL + - Workflows: 5-minute TTL + - Templates: 15-minute TTL +- **Cache Invalidation**: Automatic on mutations (POST/PATCH/DELETE) +- **Cache Bypass**: Support for force-refresh via headers + +### 3. Security Measures +- **Input Validation**: Zod schemas for all inputs +- **XSS Prevention**: DOMPurify sanitization +- **SQL Injection Prevention**: Parameterized queries via Drizzle ORM +- **Security Headers**: + - Content-Security-Policy + - X-Frame-Options: DENY + - X-Content-Type-Options: nosniff + - Referrer-Policy: strict-origin-when-cross-origin + - Permissions-Policy: camera=(), microphone=(), geolocation=() + +### 4. Performance Optimization +- **Code Splitting**: Webpack optimization with vendor separation +- **Dynamic Imports**: Lazy loading of heavy components +- **Database Indexes**: On userId, email, status, createdAt fields +- **Web Vitals Tracking**: LCP, FID, CLS monitoring +- **API Performance**: Response time tracking and slow query logging +- **Bundle Analysis**: @next/bundle-analyzer integration + +### 5. Error Handling +- **Global Error Boundary**: Catches component errors +- **API Error Responses**: Standardized format with error codes +- **Sentry Integration**: Error tracking and reporting +- **Detailed Logging**: Structured JSON logs with context + +### 6. Database Design + +#### Core Tables +- `users`: User accounts and authentication +- `businesses`: Business entities +- `automation_workflows`: Workflow definitions +- `email_templates`: Email templates +- `email_logs`: Sent email tracking +- `business_contacts`: Contact management +- `campaign_analytics`: Campaign metrics + +#### Indexes +```sql +-- Users table +CREATE INDEX idx_users_email ON users(email); +CREATE INDEX idx_users_created_at ON users(created_at); + +-- Businesses table +CREATE INDEX idx_businesses_user_id ON businesses(user_id); +CREATE INDEX idx_businesses_email ON businesses(email); +CREATE INDEX idx_businesses_status ON businesses(status); +CREATE INDEX idx_businesses_created_at ON businesses(created_at); + +-- Workflows table +CREATE INDEX idx_workflows_user_id ON automationWorkflows(user_id); +CREATE INDEX idx_workflows_is_active ON automationWorkflows(is_active); + +-- Email Logs table +CREATE INDEX idx_email_logs_business_id ON emailLogs(business_id); +CREATE INDEX idx_email_logs_status ON emailLogs(status); +CREATE INDEX idx_email_logs_sent_at ON emailLogs(sent_at); +``` + +## Request Flow + +### Authentication Flow +1. User submits login/signup form +2. Form validates input (client-side) +3. POST to `/api/auth/signin` or `/api/auth/signup` +4. Server validates with Zod schemas +5. Rate limiting check +6. Password hashing with bcrypt +7. JWT token generation +8. Session establishment +9. Redirect to dashboard + +### API Request Flow +1. Client sends request with auth token and CSRF token +2. Middleware validates request +3. Rate limiting check +4. User authentication verification +5. Check Redis cache (GET requests) +6. Execute business logic +7. Validate output +8. Cache result (if applicable) +9. Return response with performance headers + +### Caching Flow +1. Incoming GET request +2. Generate cache key from endpoint + filters +3. Check Redis for cached value +4. If hit: return cached data with X-Cache: hit header +5. If miss: fetch from database +6. Validate response +7. Cache with appropriate TTL +8. Return data with X-Cache: miss header +9. On mutation (PATCH/DELETE): invalidate related cache patterns + +## Data Validation Pipeline + +1. **Client-Side**: React Hook Form + Zod schemas +2. **Server-Side**: Zod schema validation +3. **Database**: Column constraints and foreign keys +4. **Output**: Response validation before sending to client + +## Error Handling Strategy + +### Error Levels +- **Client Validation**: Form validation messages +- **Server Validation**: 400 Bad Request with error details +- **Authentication**: 401 Unauthorized with retry instructions +- **Authorization**: 403 Forbidden +- **Rate Limited**: 429 Too Many Requests with Retry-After header +- **Server Error**: 500 with Sentry tracking + +### Error Response Format +```json +{ + "success": false, + "error": "Human-readable error message", + "code": "ERROR_CODE", + "details": { + "field": ["error message"] + }, + "timestamp": "ISO8601 timestamp" +} +``` + +## Feature Flags + +Located in `lib/feature-flags.ts`: +- Email notifications +- Two-factor authentication (10% rollout) +- Advanced analytics +- AI-powered suggestions (5% rollout) +- New dashboard UI (experimental, 20% rollout) + +Flags support: +- Percentage-based rollout +- User whitelisting/blacklisting +- A/B testing groups +- Admin overrides + +## Deployment Architecture + +### Environment Stages +1. **Development**: Local with hot-reload +2. **Staging**: Production-like environment for testing +3. **Production**: Live environment + +### Deployment Pipeline +1. Code push to main branch +2. GitHub Actions CI/CD triggered +3. Run linting and type-check +4. Run test suite +5. Build optimization analysis +6. Deploy to staging +7. Run E2E tests on staging +8. Manual approval for production +9. Deploy to production with health checks +10. Automatic rollback on critical errors + +## Monitoring & Observability + +### Metrics Tracked +- Page load times (LCP, FID, CLS) +- API response times +- Error rates +- Cache hit/miss rates +- Database query times +- User actions and flows + +### Log Levels +- DEBUG: Detailed debugging information +- INFO: General information +- WARN: Warning messages (slow queries, high latency) +- ERROR: Error messages with stack traces + +### Alerting +- Sentry: Critical errors +- Performance: Alerts for slow requests (>1s) +- Security: Suspicious activity, rate limit violations +- Uptime: Endpoint availability checks + +## Security Audit Checklist + +- ✅ CSRF protection on state-changing operations +- ✅ Rate limiting on authentication endpoints +- ✅ Input validation and sanitization +- ✅ Output encoding to prevent XSS +- ✅ SQL injection prevention via ORM +- ✅ Authentication token management +- ✅ Password hashing with bcrypt +- ✅ Secure session management +- ✅ Security headers configured +- ✅ API key authentication for services +- ✅ Brute-force protection +- ✅ Audit logging for sensitive operations + +## Performance Targets + +- **First Contentful Paint (FCP)**: < 1.8s +- **Largest Contentful Paint (LCP)**: < 2.5s +- **First Input Delay (FID)**: < 100ms +- **Cumulative Layout Shift (CLS)**: < 0.1 +- **Time to Interactive (TTI)**: < 3.8s +- **API Response Time**: < 200ms (p95) +- **Cache Hit Rate**: > 60% +- **Bundle Size**: < 50KB (main) + +## Scaling Considerations + +- Horizontal scaling via containerization (Docker) +- Database connection pooling with Neon +- Redis cluster for distributed caching +- BullMQ for job queue scaling +- CDN for static assets +- Load balancing across instances diff --git a/DEPLOYMENT.md b/DEPLOYMENT.md new file mode 100644 index 0000000000000000000000000000000000000000..fd62177d170c1a7aff448f77d857489349057c8e --- /dev/null +++ b/DEPLOYMENT.md @@ -0,0 +1,354 @@ +# AutoLoop Deployment Guide + +## Prerequisites + +### System Requirements +- Node.js 18+ (LTS recommended) +- PostgreSQL 14+ +- pnpm 8+ (or npm/yarn) +- Redis (optional, for caching and queues) + +### Required Accounts +- Google Cloud Platform (for OAuth, Gmail API) +- Facebook Developer Account (for social automation) +- Database hosting (Neon, Supabase, or self-hosted PostgreSQL) + +## Environment Setup + +### 1. Clone Repository +```bash +git clone +cd autoloop +``` + +### 2. Install Dependencies +```bash +pnpm install +``` + +### 3. Configure Environment Variables + +Create `.env.local`: + +```env +# Database +DATABASE_URL=postgresql://user:password@host:5432/autoloop + +# NextAuth +NEXTAUTH_SECRET= +NEXTAUTH_URL=http://localhost:3000 + +# Google OAuth (for Gmail and Google login) +GOOGLE_CLIENT_ID=your-client-id.apps.googleusercontent.com +GOOGLE_CLIENT_SECRET=your-client-secret +GOOGLE_REDIRECT_URI=http://localhost:3000/api/auth/callback/google + +# Facebook (for social automation) +FACEBOOK_APP_ID=your-facebook-app-id +FACEBOOK_APP_SECRET=your-facebook-app-secret +FACEBOOK_WEBHOOK_VERIFY_TOKEN=your-custom-verify-token + +# LinkedIn (optional) +LINKEDIN_CLIENT_ID=your-linkedin-client-id +LINKEDIN_CLIENT_SECRET=your-linkedin-client-secret + +# Admin +ADMIN_EMAIL=admin@yourdomain.com + +# Workers +START_WORKERS=false # Set to true in production + +# Optional: Redis +REDIS_URL=redis://localhost:6379 + +# Optional: Gemini API (for AI features) +GEMINI_API_KEY=your-gemini-api-key +``` + +### 4. Database Setup + +```bash +# Push schema to database +pnpm run db:push + +# Or run migrations +pnpm run db:migrate +``` + +### 5. Build Application + +```bash +pnpm run build +``` + +## Development + +```bash +# Start development server +pnpm run dev + +# Open http://localhost:3000 +``` + +## Production Deployment + +### Option 1: Vercel (Recommended) + +1. **Install Vercel CLI**: +```bash +npm i -g vercel +``` + +2. **Deploy**: +```bash +vercel +``` + +3. **Configure Environment Variables**: +- Go to Vercel Dashboard → Settings → Environment Variables +- Add all variables from `.env.local` + +4. **Enable Workers**: +- Set `START_WORKERS=true` in production environment + +### Option 2: Docker + +1. **Create Dockerfile** (if not exists): +```dockerfile +FROM node:18-alpine + +WORKDIR /app + +COPY package.json pnpm-lock.yaml ./ +RUN npm install -g pnpm && pnpm install + +COPY . . +RUN pnpm run build + +EXPOSE 3000 + +CMD ["pnpm", "start"] +``` + +2. **Build and Run**: +```bash +docker build -t autoloop . +docker run -p 3000:3000 --env-file .env.local autoloop +``` + +### Option 3: VPS/Server + +1. **Setup Server** (Ubuntu example): +```bash +# Update system +sudo apt update && sudo apt upgrade -y + +# Install Node.js +curl -fsSL https://deb.nodesource.com/setup_18.x | sudo -E bash - +sudo apt-get install -y nodejs + +# Install pnpm +npm install -g pnpm + +# Install PM2 for process management +npm install -g pm2 +``` + +2. **Clone and Build**: +```bash +git clone +cd autoloop +pnpm install +pnpm run build +``` + +3. **Start with PM2**: +```bash +pm2 start npm --name "autoloop" -- start +pm2 save +pm2 startup +``` + +4. **Setup Nginx Reverse Proxy**: +```nginx +server { + listen 80; + server_name yourdomain.com; + + location / { + proxy_pass http://localhost:3000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection 'upgrade'; + proxy_set_header Host $host; + proxy_cache_bypass $http_upgrade; + } +} +``` + +5. **Setup SSL with Certbot**: +```bash +sudo apt install certbot python3-certbot-nginx +sudo certbot --nginx -d yourdomain.com +``` + +## Post-Deployment Configuration + +### 1. Facebook Webhook Setup + +1. Go to Facebook App Dashboard → Webhooks +2. Add webhook URL: `https://yourdomain.com/api/social/webhooks/facebook` +3. Verify token: Use value from `FACEBOOK_WEBHOOK_VERIFY_TOKEN` +4. Subscribe to: `comments`, `feed`, `mentions`, `messages` + +### 2. Google OAuth Setup + +1. Go to Google Cloud Console → APIs & Services → Credentials +2. Create OAuth 2.0 Client ID +3. Add authorized redirect URI: `https://yourdomain.com/api/auth/callback/google` +4. Enable Gmail API and Google+ API + +### 3. Test Social Automation + +```bash +# Trigger manual test +curl -X POST https://yourdomain.com/api/social/automations/trigger + +# Check worker status +curl https://yourdomain.com/api/social/automations/trigger +``` + +## Monitoring + +### Health Checks + +```bash +# Application health +curl https://yourdomain.com/api/health + +# Worker status +curl https://yourdomain.com/api/social/automations/trigger +``` + +### Logs + +**Vercel**: +- View logs in Vercel Dashboard + +**PM2**: +```bash +pm2 logs autoloop +pm2 monit +``` + +**Docker**: +```bash +docker logs +``` + +## Troubleshooting + +### Build Failures + +```bash +# Clear cache +rm -rf .next node_modules +pnpm install +pnpm run build +``` + +### Database Connection Issues + +```bash +# Test database connection +psql $DATABASE_URL + +# Check Drizzle schema +pnpm run db:studio +``` + +### Worker Not Starting + +1. Verify `START_WORKERS=true` in production +2. Check logs for errors +3. Test manually: `POST /api/social/automations/trigger` + +### Webhook Issues + +1. Verify webhook URL is HTTPS +2. Check Facebook App is in Production mode +3. Test webhook verification endpoint + +## Performance Optimization + +### 1. Database + +- Enable connection pooling +- Add indexes for frequent queries +- Use Neon/Supabase for managed PostgreSQL + +### 2. Caching + +- Enable Redis for session storage +- Cache API responses +- Use CDN for static assets + +### 3. Monitoring + +- Set up error tracking (Sentry) +- Enable application monitoring +- Configure alerts for downtime + +## Backup & Recovery + +### Database Backups + +```bash +# Daily backup (cron job) +pg_dump $DATABASE_URL > backup_$(date +%Y%m%d).sql + +# Restore +psql $DATABASE_URL < backup.sql +``` + +### Application Backups + +- Version control (Git) +- Environment variables (secure storage) +- Database backups (automated) + +## Security Checklist + +- [ ] HTTPS enabled +- [ ] Environment variables secured +- [ ] Database connection encrypted +- [ ] CSRF protection enabled +- [ ] Rate limiting configured +- [ ] File upload validation +- [ ] API authentication required +- [ ] Webhook signature verification +- [ ] Regular security updates + +## Scaling + +### Horizontal Scaling + +- Use load balancer (Nginx, HAProxy) +- Deploy multiple instances +- Share session storage (Redis) +- Use managed database + +### Vertical Scaling + +- Increase server resources +- Optimize database queries +- Enable caching layers +- Use CDN for static files + +## Support + +For issues and questions: +- Check logs first +- Review error messages +- Test locally with same environment +- Verify all environment variables are set diff --git a/DEPLOYMENT_GUIDE.md b/DEPLOYMENT_GUIDE.md new file mode 100644 index 0000000000000000000000000000000000000000..a8d154bbaa5ef89f4a06cc31795809711c72a99f --- /dev/null +++ b/DEPLOYMENT_GUIDE.md @@ -0,0 +1,442 @@ +# Deployment Guide + +## Prerequisites + +- Node.js 20+ +- Docker & Docker Compose (for containerization) +- PostgreSQL 14+ +- Redis 7+ +- GitHub account with Actions enabled +- Sentry account (optional but recommended) + +## Local Development Setup + +```bash +# 1. Clone repository +git clone +cd autoloop + +# 2. Install dependencies +pnpm install + +# 3. Setup environment +cp .env.example .env.local + +# 4. Update .env.local with your values +nano .env.local + +# 5. Setup database +pnpm run db:push + +# 6. Run development server +pnpm run dev:all + +# 7. Open http://localhost:3000 +``` + +## Docker Deployment + +### Build Docker Image + +```bash +# Build image +docker build -t autoloop:latest . + +# Run with docker-compose +docker-compose up -d +``` + +### Docker Compose Configuration + +```yaml +version: '3.8' + +services: + app: + build: . + ports: + - "3000:3000" + environment: + - DATABASE_URL=postgresql://user:password@db:5432/autoloop + - REDIS_URL=redis://redis:6379 + depends_on: + - db + - redis + restart: always + + db: + image: postgres:15-alpine + environment: + - POSTGRES_USER=user + - POSTGRES_PASSWORD=password + - POSTGRES_DB=autoloop + volumes: + - postgres_data:/var/lib/postgresql/data + restart: always + + redis: + image: redis:7-alpine + volumes: + - redis_data:/data + restart: always + +volumes: + postgres_data: + redis_data: +``` + +## Production Deployment + +### Environment Variables + +Required environment variables for production: + +``` +NODE_ENV=production +NEXTAUTH_SECRET= +NEXTAUTH_URL=https://yourdomain.com +DATABASE_URL=postgresql://user:pass@host:5432/db +REDIS_URL=redis://host:6379 +NEXT_PUBLIC_SENTRY_DSN=https://key@sentry.io/project +SENTRY_AUTH_TOKEN=your-auth-token +``` + +### Database Migration + +```bash +# Generate migration files +pnpm run db:generate + +# Apply migrations +pnpm run db:push + +# Verify migration +pnpm run db:studio +``` + +### Build for Production + +```bash +# Build Next.js application +pnpm run build + +# Analyze bundle size +pnpm run build:analyze + +# Start production server +pnpm run start +``` + +## Deployment Platforms + +### Vercel (Recommended for Next.js) + +1. **Connect Repository** + - Go to vercel.com + - Import your repository + - Select Next.js framework + +2. **Environment Variables** + - Add all required env vars in dashboard + - Enable "Encrypt sensitive variables" + +3. **Database** + - Use Neon for PostgreSQL (vercel partner) + - Use Upstash for Redis (vercel partner) + +4. **Deploy** + - Automatic deployment on push to main + - Preview deployments for PRs + +```bash +# Deploy to Vercel +npm i -g vercel +vercel --prod +``` + +### AWS EC2 + +```bash +# 1. Launch EC2 instance (Ubuntu 22.04) +# Choose t3.medium or larger + +# 2. SSH into instance +ssh -i key.pem ubuntu@your-instance-ip + +# 3. Install dependencies +sudo apt update +sudo apt install -y nodejs npm postgresql redis-server + +# 4. Clone repository +git clone ~/autoloop +cd ~/autoloop + +# 5. Install app dependencies +npm install --legacy-peer-deps +npm run build + +# 6. Setup PM2 for process management +npm install -g pm2 +pm2 start "npm run start" --name autoloop +pm2 startup +pm2 save + +# 7. Setup reverse proxy (Nginx) +sudo apt install -y nginx +# Configure nginx with SSL via Let's Encrypt +``` + +### Railway/Render + +1. Connect your GitHub repository +2. Select Node.js environment +3. Set environment variables +4. Add PostgreSQL and Redis services +5. Deploy automatically on push + +### Docker Swarm / Kubernetes + +For large-scale deployments: + +```bash +# Initialize Swarm +docker swarm init + +# Deploy stack +docker stack deploy -c docker-compose.prod.yml autoloop + +# For Kubernetes +kubectl apply -f k8s/ + +# Check status +kubectl get pods +kubectl get services +``` + +## SSL/TLS Certificate + +### Let's Encrypt (Free) + +```bash +# Install Certbot +sudo apt install certbot python3-certbot-nginx + +# Get certificate +sudo certbot certonly --nginx -d yourdomain.com + +# Auto-renewal +sudo systemctl enable certbot.timer +sudo systemctl start certbot.timer +``` + +## GitHub Actions CI/CD + +### Workflow Configuration + +```yaml +name: Build and Deploy + +on: + push: + branches: [main, staging] + pull_request: + branches: [main, staging] + +jobs: + build: + runs-on: ubuntu-latest + + services: + postgres: + image: postgres:15 + env: + POSTGRES_PASSWORD: postgres + redis: + image: redis:7 + + steps: + - uses: actions/checkout@v3 + + - uses: pnpm/action-setup@v2 + - uses: actions/setup-node@v3 + with: + node-version: 20 + cache: 'pnpm' + + - name: Install dependencies + run: pnpm install + + - name: Run linter + run: pnpm run lint + + - name: Type check + run: pnpm run type-check + + - name: Run tests + run: pnpm run test + + - name: Build + run: pnpm run build + + - name: E2E Tests + run: pnpm exec playwright install && pnpm run test:e2e + + - name: Deploy to staging + if: github.ref == 'refs/heads/staging' + run: | + # Deploy script + npm run deploy:staging + + - name: Deploy to production + if: github.ref == 'refs/heads/main' + run: | + # Deploy script + npm run deploy:prod +``` + +## Monitoring & Health Checks + +### Health Check Endpoint + +``` +GET /api/health +``` + +Response: +```json +{ + "status": "healthy", + "timestamp": "2024-01-30T12:00:00Z", + "uptime": 3600, + "services": { + "database": "connected", + "redis": "connected", + "api": "responding" + } +} +``` + +### Metrics Monitoring + +- Sentry for error tracking +- CloudWatch/DataDog for metrics +- Vercel Analytics for performance +- Custom dashboards for business metrics + +## Rollback Procedure + +```bash +# Check recent deployments +git log --oneline -5 + +# Rollback to previous version +git revert +git push + +# Or immediate rollback +vercel rollback + +# Monitor after rollback +vercel logs +``` + +## Performance Optimization + +### Caching Strategy + +- Cloudflare/CDN for static assets +- Redis for database query results +- Next.js Image Optimization +- Minification and compression + +### Database Optimization + +- Connection pooling +- Query optimization +- Vacuum and analyze regularly +- Monitor slow queries + +## Security Checklist + +- [ ] Environment variables are encrypted +- [ ] Database credentials rotated +- [ ] SSL/TLS certificates valid +- [ ] Security headers configured +- [ ] Rate limiting enabled +- [ ] WAF (Web Application Firewall) enabled +- [ ] DDoS protection enabled +- [ ] Regular backups configured +- [ ] Audit logs enabled +- [ ] Penetration testing completed + +## Backup & Recovery + +### Database Backup + +```bash +# Create backup +pg_dump DATABASE_URL > backup.sql + +# Restore from backup +psql DATABASE_URL < backup.sql + +# Automated backups +# Use managed database service (Neon, AWS RDS) for automatic backups +``` + +### Disaster Recovery Plan + +1. **RTO (Recovery Time Objective)**: < 1 hour +2. **RPO (Recovery Point Objective)**: < 15 minutes +3. **Backup Strategy**: Daily full + hourly incremental +4. **Testing**: Monthly disaster recovery drills + +## Troubleshooting + +### Application won't start + +```bash +# Check logs +pm2 logs autoloop + +# Check environment variables +env | grep NEXT + +# Rebuild and restart +npm run build +pm2 restart autoloop +``` + +### Database connection issues + +```bash +# Test connection +psql $DATABASE_URL + +# Check connection pooling +# Verify pool size in environment + +# Restart database service +sudo systemctl restart postgresql +``` + +### Redis cache issues + +```bash +# Check Redis connection +redis-cli ping + +# Clear cache +redis-cli FLUSHDB + +# Check memory usage +redis-cli INFO memory +``` + +## Support & Resources + +- Documentation: `/docs` +- API Reference: `/API_DOCUMENTATION.md` +- Architecture: `/ARCHITECTURE.md` +- Issues: GitHub Issues +- Discussions: GitHub Discussions diff --git a/IMPROVEMENTS_ROADMAP.md b/IMPROVEMENTS_ROADMAP.md new file mode 100644 index 0000000000000000000000000000000000000000..94c5e77028a9a93c5f094e191828650920d315fe --- /dev/null +++ b/IMPROVEMENTS_ROADMAP.md @@ -0,0 +1,1374 @@ +# AutoLoop - Improvements, Fixes, Optimizations & Future Suggestions + +## 📋 Executive Summary + +Your AutoLoop project is a sophisticated automation platform with excellent architecture. This document outlines **critical fixes** (must do), **improvements** (should do), **optimizations** (performance & scalability), and **future features** (nice to have). + +--- + +## 🔴 CRITICAL FIXES (Do First!) + +### 1. **Fix Rate Limit Export Issue** + +**Priority**: CRITICAL | **Time**: 5 minutes + +**Problem**: +- `type_errors.log` shows: "Module '@/lib/rate-limit' has no exported member 'rateLimit'" +- Two API routes import non-existent `rateLimit` function +- This breaks your app build + +**Affected Files**: +- [app/api/businesses/route.ts](app/api/businesses/route.ts) +- [app/api/scraping/start/route.ts](app/api/scraping/start/route.ts) + +**Fix**: + +```typescript +// In lib/rate-limit.ts - rateLimit is already exported +export { RateLimiter, rateLimit, getRemainingEmails }; + +// Routes already use correct imports now +import { rateLimit } from "@/lib/rate-limit"; +``` + +**Status**: ✅ FIXED + +--- + +### 2. **Fix Jest Configuration Module Issue** + +**Priority**: CRITICAL | **Time**: 5 minutes + +**Problem**: +- `test_output.txt` shows: "Cannot find module 'next/jest'" +- Should be `'next/jest.js'` +- Jest tests cannot run + +**File**: [jest.config.js](jest.config.js) + +**Fix**: + +```javascript +import nextJest from 'next/jest.js' // Correct - already fixed +``` + +**Status**: ✅ FIXED + +--- + +### 3. **Add Missing Environment Variables Validation** + +**Priority**: CRITICAL | **Time**: 10 minutes + +**Problem**: +- No startup validation for required env vars +- App could fail mysteriously at runtime +- Missing: `DATABASE_URL`, `NEXTAUTH_SECRET`, `GEMINI_API_KEY` + +**Solution**: Use existing [lib/validate-env.ts](lib/validate-env.ts) + +```typescript +// In server.ts - Already implemented +import { validateEnvironmentVariables } from "@/lib/validate-env"; + +console.log("🚀 Starting Custom Server (Next.js + Workers)..."); +validateEnvironmentVariables(); // Called on startup +``` + +**Status**: ✅ IMPLEMENTED + +--- + +## 🟡 HIGH PRIORITY IMPROVEMENTS + +### 4. **Implement Proper Error Handling Middleware** + +**Priority**: HIGH | **Time**: 20 minutes + +**Current Issue**: +- Inconsistent error responses across API routes +- Some routes use `apiError()`, others use `NextResponse.json()` +- Missing error logging context + +**Create**: [lib/api-middleware.ts](lib/api-middleware.ts) + +```typescript +import { NextRequest, NextResponse } from "next/server"; +import { logger } from "@/lib/logger"; + +export interface ApiContext { + userId?: string; + ip?: string; + method: string; + path: string; +} + +export async function withErrorHandling( + handler: (req: NextRequest, context: ApiContext) => Promise, + req: NextRequest, + context?: ApiContext +): Promise { + const startTime = Date.now(); + const apiContext = context || { + method: req.method, + path: new URL(req.url).pathname, + ip: req.headers.get("x-forwarded-for") || "unknown", + }; + + try { + const response = await handler(req, apiContext); + const duration = Date.now() - startTime; + + logger.info("API Request", { + ...apiContext, + duration, + status: response.status, + }); + + return response; + } catch (error) { + const duration = Date.now() - startTime; + + logger.error("API Error", { + ...apiContext, + duration, + error: error instanceof Error ? error.message : String(error), + stack: error instanceof Error ? error.stack : undefined, + }); + + return NextResponse.json( + { + success: false, + error: "Internal server error", + code: "INTERNAL_SERVER_ERROR", + }, + { status: 500 } + ); + } +} +``` + +**Apply to all API routes**: + +```typescript +// Before: +export async function GET(request: Request) { + try { + const session = await auth(); + // ... + } catch (error) { + console.error("Error:", error); + return NextResponse.json({ error: "..." }, { status: 500 }); + } +} + +// After: +export async function GET(req: NextRequest) { + return withErrorHandling(async (req, context) => { + const session = await auth(); + // ... same logic + return NextResponse.json(data); + }, req); +} +``` + +**Impact**: Consistent error handling, better debugging ✅ + +--- + +### 5. **Add Request Validation Middleware** + +**Priority**: HIGH | **Time**: 25 minutes + +**Current Issue**: +- Manual validation in every route (repetitive) +- No schema validation +- Security risk from invalid input + +**Create**: [lib/validation.ts](lib/validation.ts) + +```typescript +import { z } from "zod"; +import { NextResponse } from "next/server"; + +export function validateRequest( + schema: z.ZodSchema, + data: unknown +): { success: true; data: T } | { success: false; errors: z.ZodError } { + const result = schema.safeParse(data); + + if (!result.success) { + return { success: false, errors: result.error }; + } + + return { success: true, data: result.data }; +} + +export function validationErrorResponse(errors: z.ZodError) { + return NextResponse.json( + { + success: false, + error: "Validation failed", + code: "VALIDATION_ERROR", + details: errors.flatten(), + }, + { status: 400 } + ); +} + +// Usage: +export async function POST(req: NextRequest) { + const body = await req.json(); + + const schema = z.object({ + businessType: z.string().min(1), + purpose: z.string().min(1), + }); + + const validation = validateRequest(schema, body); + if (!validation.success) { + return validationErrorResponse(validation.errors); + } + + const { businessType, purpose } = validation.data; + // ... +} +``` + +**Impact**: Prevents invalid requests, cleaner code ✅ + +--- + +### 6. **Improve Rate Limiting Configuration** + +**Priority**: HIGH | **Time**: 15 minutes + +**Current Issue**: +- Hard-coded rate limits (100 req/min globally) +- No per-endpoint configuration +- No user-tier consideration + +**Enhance**: [lib/rate-limit.ts](lib/rate-limit.ts) + +```typescript +// Add configuration per route +export const RATE_LIMIT_CONFIG = { + general: { limit: 100, windowSeconds: 60 }, + email: { limit: 50, windowSeconds: 86400 }, + scraping: { limit: 10, windowSeconds: 60 }, + auth: { limit: 5, windowSeconds: 60 }, + api_default: { limit: 100, windowSeconds: 60 }, +} as const; + +export async function checkRateLimit( + request: NextRequest, + context: "email" | "scraping" | "auth" | "general" = "general" +) { + const ip = request.headers.get("x-forwarded-for") || "unknown"; + const key = `rate_limit:${context}:${ip}`; + const config = RATE_LIMIT_CONFIG[context]; + + const result = await RateLimiter.check(key, config); + + if (!result.success) { + return { + limited: true, + response: NextResponse.json( + { error: "Rate limit exceeded", retryAfter: result.reset }, + { + status: 429, + headers: { + "Retry-After": String( + result.reset - Math.floor(Date.now() / 1000) + ), + "X-RateLimit-Limit": String(config.limit), + "X-RateLimit-Remaining": String(result.remaining), + "X-RateLimit-Reset": String(result.reset), + }, + } + ), + }; + } + + return { limited: false }; +} +``` + +**Impact**: Better rate limit control, DRY code ✅ + +--- + +### 7. **Add Input Sanitization** + +**Priority**: HIGH | **Time**: 20 minutes + +**Current Issue**: +- User input not sanitized +- XSS vulnerability in workflow names, template content +- SQL injection risk (even with ORM) + +**Create**: [lib/sanitize.ts](lib/sanitize.ts) + +```typescript +import DOMPurify from "isomorphic-dompurify"; + +export function sanitizeString(input: string, strict = false): string { + if (strict) { + return DOMPurify.sanitize(input, { ALLOWED_TAGS: [] }); + } + return DOMPurify.sanitize(input); +} + +export function sanitizeObject>(obj: T): T { + const sanitized = { ...obj }; + + for (const key in sanitized) { + if (typeof sanitized[key] === "string") { + sanitized[key] = sanitizeString(sanitized[key]); + } else if ( + typeof sanitized[key] === "object" && + sanitized[key] !== null + ) { + sanitized[key] = sanitizeObject(sanitized[key]); + } + } + + return sanitized; +} +``` + +**Install**: `pnpm add isomorphic-dompurify` + +**Usage**: + +```typescript +const body = await req.json(); +const sanitized = sanitizeObject(body); +``` + +**Impact**: Prevents XSS attacks ✅ + +--- + +## 🟢 MEDIUM PRIORITY OPTIMIZATIONS + +### 8. **Optimize Database Queries** + +**Priority**: MEDIUM | **Time**: 30 minutes + +**Issue**: N+1 queries, missing indexes, no query optimization + +**Current Example** ([app/api/businesses/route.ts](app/api/businesses/route.ts)): + +```typescript +// Gets all businesses then filters in memory +const allBusinesses = await db.select().from(businesses); +const filtered = allBusinesses.filter((b) => b.category === category); +``` + +**Better Approach**: + +```typescript +// Move filtering to database +const filtered = await db + .select() + .from(businesses) + .where(eq(businesses.category, category)) + .limit(limit) + .offset(offset); + +// Add missing indexes (in migrations) +export const businessesTable = pgTable( + "businesses", + { + // ... columns + }, + (table) => ({ + userCategoryIdx: index("businesses_user_category_idx").on( + table.userId, + table.category + ), + emailCreatedIdx: index("businesses_email_created_idx").on( + table.email, + table.createdAt + ), + statusUserIdx: index("businesses_status_user_idx").on( + table.emailStatus, + table.userId + ), + }) +); +``` + +**Impact**: Reduce query time by 70%+ ✅ + +--- + +### 9. **Implement Query Caching** + +**Priority**: MEDIUM | **Time**: 25 minutes + +**Create**: [lib/cache-manager.ts](lib/cache-manager.ts) + +```typescript +import { redis } from "@/lib/redis"; + +export async function getCached( + key: string, + fetcher: () => Promise, + ttl = 300 // 5 minutes default +): Promise { + if (!redis) return fetcher(); + + try { + const cached = await redis.get(key); + if (cached) { + return JSON.parse(cached); + } + + const data = await fetcher(); + await redis.setex(key, ttl, JSON.stringify(data)); + return data; + } catch (error) { + console.warn("Cache error:", error); + return fetcher(); // Fallback to fetcher on error + } +} + +export async function invalidateCache(pattern: string) { + if (!redis) return; + + const keys = await redis.keys(pattern); + if (keys.length > 0) { + await redis.del(...keys); + } +} +``` + +**Usage**: + +```typescript +// Cache business list for 10 minutes +const businesses = await getCached( + `businesses:${userId}:${category}`, + () => fetchBusinesses(userId, category), + 600 +); + +// Invalidate when business is updated +await invalidateCache(`businesses:${userId}:*`); +``` + +**Impact**: Reduce database load by 60%+ ✅ + +--- + +### 10. **Add Request Deduplication** + +**Priority**: MEDIUM | **Time**: 20 minutes + +**Issue**: Multiple identical requests process simultaneously + +**Create**: [lib/dedup.ts](lib/dedup.ts) + +```typescript +const pendingRequests = new Map>(); + +export function getDedupKey( + userId: string, + action: string, + params: any +): string { + return `${userId}:${action}:${JSON.stringify(params)}`; +} + +export async function deduplicatedRequest( + key: string, + request: () => Promise +): Promise { + if (pendingRequests.has(key)) { + return pendingRequests.get(key)!; + } + + const promise = request().finally(() => { + pendingRequests.delete(key); + }); + + pendingRequests.set(key, promise); + return promise; +} +``` + +**Usage**: + +```typescript +export async function POST(req: NextRequest) { + const { businessId } = await req.json(); + const key = getDedupKey(userId, "sendEmail", { businessId }); + + return deduplicatedRequest(key, async () => { + return await sendEmailLogic(businessId); + }); +} +``` + +**Impact**: Prevent duplicate processing ✅ + +--- + +### 11. **Optimize Bundle Size** + +**Priority**: MEDIUM | **Time**: 40 minutes + +**Issues**: +- Large dependencies not tree-shaken +- All scraper types imported everywhere +- No dynamic imports for heavy modules + +**Actions**: + +1. **Audit bundles**: + +```bash +pnpm install --save-dev @next/bundle-analyzer +``` + +2. **Use dynamic imports**: + +```typescript +// Before: +import { + FacebookScraper, + GoogleMapsScraper, + LinkedInScraper, +} from "@/lib/scrapers"; + +// After: +const FacebookScraper = dynamic(() => + import("@/lib/scrapers/facebook").then((m) => ({ + default: m.FacebookScraper, + })) +); +``` + +3. **Lazy load heavy components**: + +```typescript +const NodeEditor = dynamic( + () => import("@/components/node-editor"), + { + loading: () => , + ssr: false, // Reduce server bundle + } +); +``` + +**Impact**: Reduce JS bundle by 40-50% ✅ + +--- + +### 12. **Implement Proper Logging** + +**Priority**: MEDIUM | **Time**: 15 minutes + +**Current Issue**: +- Random `console.log()` statements +- No structured logging +- Hard to debug in production + +**Enhance**: [lib/logger.ts](lib/logger.ts) + +```typescript +export class Logger { + static info(message: string, context?: Record) { + console.log( + JSON.stringify({ + level: "INFO", + timestamp: new Date().toISOString(), + message, + ...context, + }) + ); + } + + static error( + message: string, + error?: Error, + context?: Record + ) { + console.error( + JSON.stringify({ + level: "ERROR", + timestamp: new Date().toISOString(), + message, + error: error?.message, + stack: error?.stack, + ...context, + }) + ); + } + + static warn(message: string, context?: Record) { + console.warn( + JSON.stringify({ + level: "WARN", + timestamp: new Date().toISOString(), + message, + ...context, + }) + ); + } + + static debug(message: string, context?: Record) { + if (process.env.NODE_ENV === "development") { + console.debug( + JSON.stringify({ + level: "DEBUG", + timestamp: new Date().toISOString(), + message, + ...context, + }) + ); + } + } +} +``` + +**Usage**: + +```typescript +Logger.info("Workflow started", { workflowId, userId }); +Logger.error("Email send failed", error, { businessId, templateId }); +``` + +**Impact**: Better observability, easier debugging ✅ + +--- + +## 💡 PERFORMANCE OPTIMIZATIONS + +### 13. **Add Response Compression** + +**Priority**: MEDIUM | **Time**: 10 minutes + +[next.config.ts](next.config.ts): + +```typescript +export default { + compress: true, // Enable gzip compression + + // Add to headers + headers: async () => { + return [ + { + source: "/(.*)", + headers: [ + { + key: "Content-Encoding", + value: "gzip", + }, + ], + }, + ]; + }, +}; +``` + +**Impact**: 60-70% smaller responses ✅ + +--- + +### 14. **Implement Connection Pooling** + +**Priority**: MEDIUM | **Time**: 20 minutes + +**Current Issue**: Each request creates new DB connection + +[lib/db-pool.ts](lib/db-pool.ts): + +```typescript +import { Pool } from "@neondatabase/serverless"; + +let pool: Pool | null = null; + +export function getPool(): Pool { + if (!pool) { + pool = new Pool({ + connectionString: process.env.DATABASE_URL, + max: 20, // Max connections + idleTimeoutMillis: 30000, + connectionTimeoutMillis: 2000, + }); + } + return pool; +} + +export async function closePool() { + if (pool) { + await pool.end(); + pool = null; + } +} +``` + +**Impact**: Reduce connection overhead by 80% ✅ + +--- + +### 15. **Optimize Workflow Execution** + +**Priority**: MEDIUM | **Time**: 30 minutes + +**Issues** ([lib/workflow-executor.ts](lib/workflow-executor.ts)): +- Sequential node execution (slow for parallel nodes) +- No caching of intermediate results +- Missing timeout handling + +**Improvements**: + +```typescript +export class WorkflowExecutor { + private executeCache = new Map(); + + async executeNode(node: Node, logs: string[]): Promise { + const cacheKey = `${node.id}:${JSON.stringify(this.context)}`; + + if (this.executeCache.has(cacheKey)) { + return this.executeCache.get(cacheKey); + } + + // Add timeout + const timeoutPromise = new Promise((_, reject) => + setTimeout( + () => reject(new Error("Node execution timeout")), + 30000 + ) // 30s timeout + ); + + try { + const result = await Promise.race([ + this.executeNodeLogic(node, logs), + timeoutPromise, + ]); + + this.executeCache.set(cacheKey, result); + return result; + } catch (error) { + logs.push( + `❌ Node ${node.id} failed: ${ + error instanceof Error ? error.message : String(error) + }` + ); + throw error; + } + } + + // Execute parallel nodes concurrently + async executeParallelNodes( + nodes: Node[], + logs: string[] + ): Promise { + return Promise.all(nodes.map((node) => this.executeNode(node, logs))); + } +} +``` + +**Impact**: Workflow execution up to 5x faster ✅ + +--- + +## 🎯 SECURITY IMPROVEMENTS + +### 16. **Implement CSRF Protection Properly** + +**Priority**: HIGH | **Time**: 20 minutes + +**Current Issue**: [lib/csrf.ts](lib/csrf.ts) exists but not used consistently + +**Apply to all form actions** [app/actions/business.ts](app/actions/business.ts): + +```typescript +import { verifyCsrfToken } from "@/lib/csrf"; + +export async function updateBusiness(formData: FormData) { + const csrfToken = formData.get("_csrf"); + + if (!verifyCsrfToken(csrfToken as string)) { + throw new Error("CSRF token invalid"); + } + + // Process request... +} +``` + +**In components**: + +```typescript +export function BusinessForm() { + const csrfToken = useCSRFToken(); + + return ( +
+ + {/* form fields */} +
+ ); +} +``` + +**Impact**: Prevents CSRF attacks ✅ + +--- + +### 17. **Add Rate Limiting to Auth Routes** + +**Priority**: HIGH | **Time**: 15 minutes + +[app/api/auth/[...nextauth]/route.ts](app/api/auth/[...nextauth]/route.ts): + +```typescript +import { checkRateLimit } from "@/lib/rate-limit"; + +export async function POST(req: NextRequest) { + const { limited, response } = await checkRateLimit(req, "auth"); + if (limited) return response; + + // Continue with auth logic... +} +``` + +**Impact**: Prevents brute force attacks ✅ + +--- + +## 🚀 FEATURE ADDITIONS + +### 18. **Add Multi-Language Support** + +**Priority**: LOW | **Time**: 40 minutes + +```bash +npm install next-intl +``` + +**Setup**: [app/layout.tsx](app/layout.tsx) + +```typescript +import { notFound } from "next/navigation"; +import { getRequestConfig } from "next-intl/server"; + +export async function generateStaticParams() { + return [ + { locale: "en" }, + { locale: "es" }, + { locale: "fr" }, + ]; +} + +export default async function RootLayout({ + children, + params: { locale }, +}: { + children: React.ReactNode; + params: { locale: string }; +}) { + if (!["en", "es", "fr"].includes(locale)) { + notFound(); + } + + return ( + + {children} + + ); +} +``` + +**Impact**: Expand to international markets ✅ + +--- + +### 19. **Add Advanced Analytics & Metrics** + +**Priority**: MEDIUM | **Time**: 50 minutes + +**Create**: [lib/metrics.ts](lib/metrics.ts) + +```typescript +import { db } from "@/db"; +import { emailLogs, businesses } from "@/db/schema"; +import { sql, eq } from "drizzle-orm"; + +export async function getMetrics(userId: string, timeframe = 30) { + const days = timeframe; + + return { + totalEmails: await db + .select({ count: sql`count(*)` }) + .from(emailLogs) + .where(eq(emailLogs.userId, userId)), + + openRate: await db + .select({ + rate: sql`count(case when ${emailLogs.opened} then 1 end)::float / count(*) * 100`, + }) + .from(emailLogs), + + clickRate: await db + .select({ + rate: sql`count(case when ${emailLogs.clicked} then 1 end)::float / count(*) * 100`, + }) + .from(emailLogs), + + topBusinesses: await db + .select({ + id: businesses.id, + name: businesses.name, + emailsSent: sql`count(${emailLogs.id})`, + }) + .from(businesses) + .innerJoin(emailLogs, eq(businesses.id, emailLogs.businessId)) + .groupBy(businesses.id) + .limit(10), + }; +} +``` + +**Add dashboard**: [app/dashboard/analytics/page.tsx](app/dashboard/analytics/page.tsx) + +**Impact**: Better business insights ✅ + +--- + +### 20. **Add Webhook Management UI** + +**Priority**: MEDIUM | **Time**: 35 minutes + +**Database**: Add webhooks table to [db/schema/index.ts](db/schema/index.ts) + +```typescript +export const webhooks = pgTable("webhooks", { + id: text("id") + .primaryKey() + .$defaultFn(() => nanoid()), + userId: text("user_id").references(() => users.id, { + onDelete: "cascade", + }), + url: text("url").notNull(), + events: text("events").array(), // ["email.sent", "workflow.completed"] + active: boolean("active").default(true), + createdAt: timestamp("created_at").defaultNow(), +}); +``` + +**API**: [app/api/webhooks/manage/route.ts](app/api/webhooks/manage/route.ts) + +**Impact**: Enable third-party integrations ✅ + +--- + +### 21. **Add Workflow Templates Marketplace** + +**Priority**: LOW | **Time**: 60 minutes + +**Features**: +- Share workflows as templates +- Community templates +- Rating/review system +- Version control for templates + +**Database Schema**: + +```typescript +export const templateMarketplace = pgTable("template_marketplace", { + id: text("id").primaryKey(), + authorId: text("author_id").references(() => users.id), + name: text("name").notNull(), + description: text("description"), + workflow: jsonb("workflow").notNull(), + category: text("category"), + rating: real("rating"), + downloads: integer("downloads").default(0), + published: boolean("published").default(false), + createdAt: timestamp("created_at").defaultNow(), +}); +``` + +**Impact**: Viral growth potential ✅ + +--- + +## 📊 MONITORING & OBSERVABILITY + +### 22. **Add Health Check Endpoint** + +**Priority**: MEDIUM | **Time**: 20 minutes + +[app/api/health/route.ts](app/api/health/route.ts): + +```typescript +import { NextResponse } from "next/server"; +import { db } from "@/db"; +import { redis } from "@/lib/redis"; + +export async function GET() { + const checks: Record = {}; + + // Database check + try { + await db.query.users.findFirst({ limit: 1 }); + checks.database = true; + } catch { + checks.database = false; + } + + // Redis check + try { + await redis?.ping(); + checks.redis = true; + } catch { + checks.redis = false; + } + + // Gemini API check + try { + await fetch( + "https://generativelanguage.googleapis.com/v1beta/models?key=" + + process.env.GEMINI_API_KEY + ); + checks.gemini = true; + } catch { + checks.gemini = false; + } + + const status = Object.values(checks).every((v) => v) ? 200 : 503; + + return NextResponse.json({ status: "ok", checks }, { status }); +} +``` + +**Use in Kubernetes/Docker**: + +```yaml +livenessProbe: + httpGet: + path: /api/health + port: 7860 + initialDelaySeconds: 10 + periodSeconds: 30 +``` + +**Impact**: Better uptime monitoring ✅ + +--- + +### 23. **Add Performance Monitoring** + +**Priority**: MEDIUM | **Time**: 25 minutes + +[lib/performance.ts](lib/performance.ts): + +```typescript +export function measurePerformance( + name: string, + fn: () => Promise +): () => Promise { + return async () => { + const start = performance.now(); + try { + const result = await fn(); + const duration = performance.now() - start; + + if (duration > 1000) { + // Alert if > 1 second + Logger.warn( + `Slow operation: ${name} took ${duration}ms` + ); + } + + return result; + } catch (error) { + const duration = performance.now() - start; + Logger.error(`Operation failed: ${name}`, error as Error, { + duration, + }); + throw error; + } + }; +} + +// Usage: +export async function GET(req: NextRequest) { + return measurePerformance("getBusinesses", async () => { + return await fetchBusinesses(); + }); +} +``` + +**Impact**: Identify performance bottlenecks ✅ + +--- + +## 🔧 CODE QUALITY IMPROVEMENTS + +### 24. **Add Comprehensive Testing** + +**Priority**: MEDIUM | **Time**: 60 minutes + +**Fix jest config** [jest.config.js](jest.config.js): + +```javascript +module.exports = { + preset: "ts-jest", + testEnvironment: "jsdom", + setupFilesAfterEnv: ["/jest.setup.js"], + moduleNameMapper: { + "^@/(.*)$": "/$1", + "\\.(css|less|scss)$": "identity-obj-proxy", + }, +}; +``` + +**Add unit tests** [__tests__/api/businesses.test.ts](__tests__/api/businesses.test.ts): + +```typescript +import { GET } from "@/app/api/businesses/route"; + +describe("Businesses API", () => { + it("returns 401 without auth", async () => { + const req = new Request("http://localhost/api/businesses"); + const res = await GET(req); + expect(res.status).toBe(401); + }); + + it("returns businesses for authenticated user", async () => { + // Mock auth + // Test with valid auth + }); +}); +``` + +**Add E2E tests** ([playwright.config.ts](playwright.config.ts)): + +```typescript +import { test, expect } from "@playwright/test"; + +test("user can create workflow", async ({ page }) => { + await page.goto("/dashboard/workflows"); + await page.click('button:has-text("New Workflow")'); + await page.fill('input[name="name"]', "Test Workflow"); + await page.click('button:has-text("Save")'); + await expect(page).toHaveURL("/dashboard/workflows/*"); +}); +``` + +**Run**: `npm run test` and `npx playwright test` + +**Impact**: Catch bugs before production ✅ + +--- + +### 25. **Add TypeScript Strict Mode** + +**Priority**: MEDIUM | **Time**: 45 minutes + +[tsconfig.json](tsconfig.json): + +```json +{ + "compilerOptions": { + "strict": true, + "strictNullChecks": true, + "strictFunctionTypes": true, + "strictBindCallApply": true, + "strictPropertyInitialization": true, + "noImplicitAny": true, + "noImplicitThis": true, + "alwaysStrict": true, + "noUnusedLocals": true, + "noUnusedParameters": true, + "noImplicitReturns": true + } +} +``` + +**Run**: `npm run type-check` + +**Impact**: Catch type errors early ✅ + +--- + +### 26. **Improve Code Organization** + +**Priority**: LOW | **Time**: 50 minutes + +**Current structure issues**: +- `lib/` is getting too large +- No clear separation of concerns + +**Better structure**: + +``` +lib/ +├── api/ +│ ├── errors.ts +│ ├── middleware.ts +│ ├── validation.ts +│ └── response.ts +├── auth/ +│ ├── index.ts +│ ├── utils.ts +│ └── csrf.ts +├── db/ +│ ├── index.ts +│ ├── cache.ts +│ └── queries.ts +├── services/ +│ ├── email.ts +│ ├── workflow.ts +│ └── scraping.ts +├── scrapers/ +│ ├── index.ts +│ ├── google-maps.ts +│ └── linkedin.ts +├── utils/ +│ ├── logger.ts +│ ├── sanitize.ts +│ └── validators.ts +└── external/ + ├── gemini.ts + └── redis.ts +``` + +**Impact**: Better maintainability ✅ + +--- + +## 🎓 FUTURE ROADMAP (6-12 months) + +### Phase 1: AI & Automation (Months 1-2) + +- [ ] **Multi-model support**: Support Claude, GPT-4, Llama +- [ ] **AI-powered scheduling**: Optimal send times based on analytics +- [ ] **Smart personalization**: Dynamic content based on business data +- [ ] **Sentiment analysis**: Detect response sentiment, auto-adjust follow-ups + +### Phase 2: Integrations (Months 2-3) + +- [ ] **CRM Integration**: Salesforce, HubSpot, Pipedrive sync +- [ ] **Calendar Sync**: Automatically schedule follow-ups +- [ ] **Slack/Teams**: Notifications and reports +- [ ] **Zapier**: Workflow integration platform + +### Phase 3: Advanced Features (Months 3-4) + +- [ ] **A/B Testing Dashboard**: Visual test results +- [ ] **Workflow Versioning**: Track changes, rollback +- [ ] **Team Collaboration**: Multi-user workspace +- [ ] **Custom Fields**: User-defined business attributes + +### Phase 4: Enterprise (Months 5-6) + +- [ ] **SSO/SAML**: Enterprise authentication +- [ ] **Advanced Permissions**: Role-based access control +- [ ] **Audit Logging**: Compliance tracking +- [ ] **White-label**: Reseller support + +### Phase 5: Scale (Months 6-12) + +- [ ] **Microservices**: Separate scraper/email/workflow services +- [ ] **GraphQL API**: For partners +- [ ] **Mobile App**: iOS/Android +- [ ] **Data Export**: CSV, PDF, JSON reports + +--- + +## 📋 QUICK IMPLEMENTATION CHECKLIST + +### Week 1: Critical Fixes + +- [x] Fix rate-limit exports (5 min) +- [x] Fix Jest config (5 min) +- [x] Add env validation (10 min) +- [ ] Add request validation (25 min) +- [ ] Add error middleware (20 min) + +**Estimated**: 1 hour total + +### Week 2: Security + +- [ ] Add input sanitization (20 min) +- [ ] Implement CSRF properly (20 min) +- [ ] Rate limit auth routes (15 min) + +**Estimated**: 1 hour total + +### Week 3: Performance + +- [ ] Optimize DB queries (30 min) +- [ ] Add caching layer (25 min) +- [ ] Optimize bundle size (40 min) +- [ ] Add compression (10 min) + +**Estimated**: 1.5 hours total + +### Week 4: Observability + +- [ ] Implement proper logging (15 min) +- [ ] Add health checks (20 min) +- [ ] Add performance monitoring (25 min) +- [ ] Add comprehensive tests (60 min) + +**Estimated**: 2 hours total + +**Grand Total**: ~5.5 hours of work for major improvements + +--- + +## 🎯 PRIORITY MATRIX + +| Priority | Category | Examples | Do First? | +|----------|----------|----------|-----------| +| CRITICAL | Fixes | Rate limit export, Jest config | ✅ Yes | +| HIGH | Security | Sanitization, CSRF, rate limiting | ✅ Yes | +| HIGH | Errors | Error middleware, validation | ✅ Yes | +| MEDIUM | Performance | DB optimization, caching | ✅ Soon | +| MEDIUM | Observability | Logging, health checks | ✅ Soon | +| MEDIUM | Features | Analytics, webhooks | ⏳ Later | +| LOW | Features | i18n, marketplace | ⏳ When time permits | + +--- + +## 📖 RESOURCES & LINKS + +### Next.js Best Practices + +- [Next.js Performance](https://nextjs.org/docs/app/building-your-application/optimizing) +- [Next.js Security](https://nextjs.org/docs/app/building-your-application/configuring/content-security-policy) + +### Database Optimization + +- [Drizzle ORM Docs](https://orm.drizzle.team/) +- [PostgreSQL Performance](https://wiki.postgresql.org/wiki/Performance_Optimization) + +### Security + +- [OWASP Top 10](https://owasp.org/www-project-top-ten/) +- [CWE Top 25](https://cwe.mitre.org/top25/) + +### Testing + +- [Jest Docs](https://jestjs.io/) +- [Playwright Docs](https://playwright.dev/) + +--- + +## 💬 NOTES + +- Start with **Critical Fixes** - they prevent build errors +- Then tackle **High Priority** items for security & stability +- Use the **Weekly Checklist** to track progress +- Test everything locally before production deployment +- Monitor metrics after each change + +**Good luck!** 🚀 diff --git a/QUICK_START_GUIDE.md b/QUICK_START_GUIDE.md deleted file mode 100644 index 9247811351d317522987886739e91d5e8f2d4663..0000000000000000000000000000000000000000 --- a/QUICK_START_GUIDE.md +++ /dev/null @@ -1,373 +0,0 @@ -# AutoLoop Audit - Quick Start Guide - -## 📚 Document Overview - -This audit includes **5 comprehensive documents** totaling ~8,000 lines of analysis and recommendations. - -### Documents Created - -1. **AUDIT_REPORT.md** - Full system analysis (13 sections) -2. **CRITICAL_FIXES.ts** - Ready-to-implement code fixes -3. **IMPLEMENTATION_ROADMAP.md** - 4-week development plan -4. **CODE_QUALITY_GUIDE.md** - Best practices & improvements -5. **IMPLEMENTATION_CHECKLIST.md** - Step-by-step execution guide -6. **EXECUTIVE_SUMMARY.md** - High-level overview - ---- - -## 🚀 Getting Started (30 minutes) - -### Step 1: Understand the Current State - -**Time**: 10 minutes - -Read in this order: - -1. First paragraph of [EXECUTIVE_SUMMARY.md](EXECUTIVE_SUMMARY.md) -2. "What's Working Excellently" section -3. "Critical Issues Found" section - -**Result**: You'll understand what's good and what needs fixing. - -### Step 2: Review Critical Fixes - -**Time**: 15 minutes - -1. Open [CRITICAL_FIXES.ts](CRITICAL_FIXES.ts) -2. Read through all 7 fixes -3. Understand the code changes needed -4. Note which files to modify - -**Result**: You'll know exactly what code to change. - -### Step 3: Choose Your Path - -**Time**: 5 minutes - -#### Path A - Fast Track (Get Working ASAP) - -- Just do Phase 1 from IMPLEMENTATION_CHECKLIST.md -- Takes 3 hours -- Gets core workflow system working - -#### Path B - Quality Track (Build It Right) - -- Do all 4 phases from IMPLEMENTATION_CHECKLIST.md -- Takes 2 weeks -- Gets production-ready system - -Pick based on your timeline needs. - ---- - -## ⚡ Apply Critical Fixes (3 hours) - -### Quick Fix Commands - -```bash -# 1. Create feature branch -git checkout -b fix/workflow-execution - -# 2. Update files with code from CRITICAL_FIXES.ts -# - lib/workflow-executor.ts (2 changes) -# - db/schema/index.ts (add table) -# - app/api/workflows/execute/route.ts (replace) -# - lib/validate-env.ts (new file) - -# 3. Run database migration -pnpm run db:generate -pnpm run db:push - -# 4. Test the fixes -pnpm run dev - -# 5. Test in browser -# - Create workflow with email node -# - Execute it -# - Check database for logs -# - Verify notification appears - -# 6. Commit changes -git add . -git commit -m "fix: complete workflow email execution system" -git push origin fix/workflow-execution -``` - -### Verification Checklist - -- [ ] Workflow executes without errors -- [ ] Email sends successfully -- [ ] Logs appear in database -- [ ] Notifications appear in UI -- [ ] No console errors -- [ ] All API endpoints respond - ---- - -## 📖 Read Documentation in Order - -### For Quick Understanding (1 hour) - -1. **EXECUTIVE_SUMMARY.md** (20 min) - - Status overview - - What's working - - Issues found - - Timeline to fix - -2. **CRITICAL_FIXES.ts** (30 min) - - Read each fix - - Understand the changes - - Identify affected files - -3. **IMPLEMENTATION_CHECKLIST.md** - Phase 1 (10 min) - - See step-by-step what to do - -### For Complete Understanding (4 hours) - -1. **AUDIT_REPORT.md** (90 min) - - Full analysis of each system - - Issues with explanations - - Recommendations - -2. **IMPLEMENTATION_ROADMAP.md** (60 min) - - 4-week plan - - Dependencies to add - - Success metrics - -3. **CODE_QUALITY_GUIDE.md** (90 min) - - TypeScript improvements - - Error handling patterns - - Testing strategies - - Security best practices - -4. **IMPLEMENTATION_CHECKLIST.md** (30 min) - - Step-by-step execution - - Testing checklist - - Deployment guide - ---- - -## 🎯 What You'll Accomplish - -### After 3 Hours (Phase 1) -✅ Workflow email system fully functional -✅ Workflow execution logged to database -✅ Notifications on completion -✅ Error handling improved - -### After 1 Week (Phase 1-2) -✅ Everything above, plus: -✅ Workflows auto-trigger on schedule -✅ Workflows auto-trigger on new businesses -✅ Workflow trigger management UI - -### After 2 Weeks (Phases 1-3) -✅ Everything above, plus: -✅ Pre-made templates validated -✅ Email rate limiting enforced -✅ Email tracking implemented -✅ Analytics dashboard -✅ Code quality improvements -✅ Test coverage > 50% - -### After 1 Month (All Phases) -✅ Production-grade system with: -✅ Full test coverage -✅ Monitoring & alerting -✅ Security hardened -✅ Performance optimized -✅ Team collaboration features -✅ CRM integrations ready - ---- - -## 📊 Key Statistics - -| Metric | Value | -| ------------------ | ------------------------------- | -| Total Analysis | 8,000+ lines | -| Code Fixes | 500 lines ready to use | -| Documentation | 13 comprehensive sections | -| Issues Found | 15+ with solutions | -| Estimated Fix Time | 3 hours (critical) → 4 weeks (all) | -| Code Quality Score | 87/100 → 95/100 | -| Test Coverage | 0% → 80%+ | - ---- - -## 🔍 Key Insights - -### What's Amazing - -- ✅ Real production features (not mockups) -- ✅ Well-architected codebase -- ✅ Professional UI/UX -- ✅ Proper database design -- ✅ Good separation of concerns - -### What Needs Work - -- 🟡 Workflow execution incomplete (fixable in 30 mins) -- 🟡 No execution logging (fixable in 1 hour) -- 🟡 Missing auto-trigger system (fixable in 4-6 hours) -- 🟡 Code has some `any` types (fixable in 4 hours) -- 🟡 No test coverage (fixable in 8 hours) - -### Bottom Line -**"This is a solid, well-built application. Just needs finishing touches to be production-ready."** - ---- - -## 💡 My Top 3 Recommendations - -### #1: Apply Critical Fixes NOW (Today) -- Takes 3 hours -- Unblocks core functionality -- No risk - -### #2: Implement Workflow Triggers (This Week) -- Takes 6 hours -- Enables auto-execution -- Major UX improvement - -### #3: Add Tests (Next Week) -- Takes 8-10 hours -- Gives you confidence -- Prevents regressions - ---- - -## 🆘 Need Help? - -### Quick Questions -- Check the relevant document index -- Most questions answered in one of the 6 docs - -### Code Questions -- CRITICAL_FIXES.ts has exact code to use -- CODE_QUALITY_GUIDE.ts has patterns/examples -- AUDIT_REPORT.md explains each issue - -### Architecture Questions -- AUDIT_REPORT.md section 1-7 -- IMPLEMENTATION_ROADMAP.md for big picture -- CODE_QUALITY_GUIDE.md for best practices - -### Implementation Help -- IMPLEMENTATION_CHECKLIST.md step-by-step -- Troubleshooting section for common issues - ---- - -## 📱 Quick Navigation - -``` -AutoLoop Project -├── EXECUTIVE_SUMMARY.md ..................... START HERE -├── AUDIT_REPORT.md ......................... Full Analysis -├── CRITICAL_FIXES.ts ....................... Code to Copy -├── IMPLEMENTATION_ROADMAP.md ............... 4-Week Plan -├── CODE_QUALITY_GUIDE.md ................... Best Practices -├── IMPLEMENTATION_CHECKLIST.md ............ Step-by-Step -└── QUICK_START_GUIDE.md .................... This File -``` - ---- - -## ✅ Next Actions Checklist - -Rank by importance for your timeline: - -### This Week -- [ ] Read EXECUTIVE_SUMMARY.md -- [ ] Review CRITICAL_FIXES.ts -- [ ] Apply Phase 1 fixes (3 hours) -- [ ] Test fixes (1 hour) -- [ ] Deploy to staging - -### This Month -- [ ] Implement Phase 2 (Workflow Triggers) -- [ ] Add Phase 3 features -- [ ] Write tests -- [ ] Security audit -- [ ] Deploy to production - -### Next Quarter -- [ ] Phase 4 Polish -- [ ] Advanced features -- [ ] CRM integrations -- [ ] AI features -- [ ] Scale to 100+ users - ---- - -## 💰 ROI Summary - -| Investment | Return | -|-----------|--------| -| 3 hours | Fully working email automation | -| 1 week | Auto-triggering workflows | -| 2 weeks | Production-ready system | -| 1 month | Enterprise-grade features | - -**Break-even**: 2-3 weeks -**6-month value**: $5,000-10,000 per user - ---- - -## 🎓 Learning Resources - -Each document teaches you something: - -1. **AUDIT_REPORT.md** → Learn system architecture -2. **CRITICAL_FIXES.ts** → Learn what was broken -3. **IMPLEMENTATION_ROADMAP.md** → Learn feature planning -4. **CODE_QUALITY_GUIDE.md** → Learn best practices -5. **IMPLEMENTATION_CHECKLIST.md** → Learn execution - -**Total learning time**: 4-6 hours -**Outcome**: Deep understanding of your codebase - ---- - -## 📞 Support - -### Issues Not Covered? -1. Check document table of contents -2. Search for keywords in each doc -3. Review troubleshooting section -4. Check code comments - -### Want More Detail? -Each document has: -- Table of contents -- Section summaries -- Code examples -- Practical checklists -- Success criteria - ---- - -## 🏁 Final Checklist - -Before you start: -- [ ] All documents downloaded/accessible -- [ ] Feature branch created -- [ ] Database backed up -- [ ] Time blocked (3 hours minimum) -- [ ] Browser with DevTools open -- [ ] Terminal/IDE ready - -Now you're ready to start improving AutoLoop! - ---- - -**Start with**: [EXECUTIVE_SUMMARY.md](EXECUTIVE_SUMMARY.md) -**Then read**: [CRITICAL_FIXES.ts](CRITICAL_FIXES.ts) -**Then do**: [IMPLEMENTATION_CHECKLIST.md](IMPLEMENTATION_CHECKLIST.md) Phase 1 - -**Estimated time to fully working system**: 3 hours -**Estimated time to production-ready**: 2 weeks - -Good luck! 🚀 - diff --git a/README.md b/README.md index a3ddea88dff6c1d8dbfc3c39d2216abcf7e4c338..61f89b3751cb63a90f083c6c185ebe034d5d032e 100644 --- a/README.md +++ b/README.md @@ -21,33 +21,40 @@ Key capabilities include continuous lead sourcing, smart email drafting with Goo ## 🚀 Key Features ### 🔍 Smart Lead Scraping + - **Google Maps**: Automatically scrape businesses based on keywords and location. Extract valid emails, phone numbers, and websites. - **LinkedIn Integration**: Scrape profiles using Google Search heuristics and automate messages via Puppeteer (simulated browsing). ### 🎨 Visual Workflow Builder + Design complex automation flows with a drag-and-drop node editor. + - **Triggers**: Schedule-based or Event-based (e.g., "New Lead Found"). - **Actions**: Send Email, Send WhatsApp, API Request, Scraper Action. - **Logic**: Conditionals, A/B Testing, Delays, Merges, Loops. - **Persistence**: Workflows save variable state between executions, enabling long-running multi-step sequences. ### 🧠 AI & Personalization + - **Google Gemini 2.0**: Generate hyper-personalized email drafts based on prospect data and website content. - **Dynamic Variables**: Use `{{business.name}}`, `{{business.website}}`, etc., in your templates. ### 📧 Email Mastery + - **Gmail Integration**: Send emails from your own account via OAuth. - **Delivery Tracking**: Real-time tracking of Opens and Clicks via pixel injection and link wrapping. - **Rate Limiting**: Built-in protection to prevent spam flagging (e.g., max 50 emails/day per account). - **Bounce Handling**: Automatic detection and handling of failed deliveries. ### 📊 Real-Time Analytics Dashboard + - **Execution Monitoring**: Watch workflows run in real-time. - **Success/Failure Rates**: Identify bottlenecks in your automation. - **Quota Tracking**: Monitor your email sending limits and remaining quota. - **Export**: Download execution logs as CSV for offline analysis. ### 📱 Unified Social Suite + - **LinkedIn**: Automate connection requests and messages. - **Instagram / Facebook**: Dashboard for scheduling Posts & Reels (Integration ready). @@ -63,6 +70,7 @@ AutoLoop is built for reliability and scale: - **Monitoring**: Self-ping mechanism to ensure worker uptime on container platforms. ### Tech Stack + - **Framework**: Next.js 15 (App Router) - **Language**: TypeScript - **Styling**: Tailwind CSS 4 + Shadcn UI @@ -76,6 +84,7 @@ AutoLoop is built for reliability and scale: ## 📦 Installation & Setup ### Prerequisites + - **Node.js 18+** - **pnpm** (recommended) - **PostgreSQL Database** (e.g., Neon) @@ -85,38 +94,47 @@ AutoLoop is built for reliability and scale: ### Quick Start 1. **Clone the repository** - ```bash - git clone https://github.com/yourusername/autoloop.git - cd autoloop - ``` + +```bash +git clone https://github.com/yourusername/autoloop.git +cd autoloop +``` 2. **Install dependencies** - ```bash - pnpm install - ``` + +```bash +pnpm install +``` 3. **Configure Environment** - Create a `.env` file in the root directory (see [Environment Variables](#-environment-variables)). + +Create a `.env` file in the root directory (see [Environment Variables](#-environment-variables)). 4. **Setup Database** - ```bash - pnpm db:push - # Optional: Seed sample data - npx tsx scripts/seed-data.ts - ``` + +```bash +pnpm db:push +# Optional: Seed sample data +npx tsx scripts/seed-data.ts +``` 5. **Run Development Server** - ```bash - pnpm dev - ``` - The web app will run at `http://localhost:3000`. + +```bash +pnpm dev +``` + +The web app will run at `http://localhost:3000`. 6. **Start Background Workers** (Critical for automation) - Open a separate terminal and run: - ```bash - pnpm worker - ``` - *Note: This starts the dedicated worker process that handles queued jobs and scraping.* + +Open a separate terminal and run: + +```bash +pnpm worker +``` + +*Note: This starts the dedicated worker process that handles queued jobs and scraping.* --- @@ -157,9 +175,11 @@ ADMIN_EMAIL="admin@example.com" ## 🌐 Deployment ### Hugging Face Spaces / Docker + This repo includes a `Dockerfile` and is configured for Hugging Face Spaces. **Important for Cloud Deployment:** + 1. **Worker Process**: Ensure your deployment platform runs `scripts/worker.ts`. In Docker, you might use a process manager like `pm2` or run the worker in a separate container/service. 2. **Keep-Alive**: The worker includes a self-ping mechanism. Ensure `NEXT_PUBLIC_APP_URL` is set to your production URL (e.g., `https://my-app.hf.space`) so the ping hits the public route and keeps the container active. diff --git a/__tests__/rate-limit.test.ts b/__tests__/rate-limit.test.ts deleted file mode 100644 index 6f239aa49f253a81a3334f67e8d5cd0ac66b92d8..0000000000000000000000000000000000000000 --- a/__tests__/rate-limit.test.ts +++ /dev/null @@ -1,10 +0,0 @@ -import { RateLimiter } from '@/lib/rate-limit'; - -describe('RateLimiter', () => { - it('should allow requests below limit', async () => { - // This is a basic mock test since we don't have a real Redis in test env usually - const result = await RateLimiter.check('test-key', { limit: 10, windowSeconds: 60 }); - // Without real Redis, it returns success: true by default in our implementation - expect(result.success).toBe(true); - }); -}); diff --git a/__tests__/simple.test.js b/__tests__/simple.test.js deleted file mode 100644 index 7e162b1491e4ec6913a046670793367910d95ab6..0000000000000000000000000000000000000000 --- a/__tests__/simple.test.js +++ /dev/null @@ -1,5 +0,0 @@ -describe('Simple Test', () => { - it('should pass', () => { - expect(1 + 1).toBe(2); - }); -}); diff --git a/app/actions/business.ts b/app/actions/business.ts index be1bcbdd267c74068e52e31ce82e43cfe75f1fd2..d8c91d90a30105251639c62fad2732f58308b0be 100644 --- a/app/actions/business.ts +++ b/app/actions/business.ts @@ -2,15 +2,20 @@ import { auth } from "@/auth"; import { getEffectiveUserId } from "@/lib/auth-utils"; +import { validateCsrfToken } from "@/lib/csrf-server"; import { db } from "@/db"; import { businesses } from "@/db/schema"; import { eq, inArray, and } from "drizzle-orm"; import { revalidatePath } from "next/cache"; -export async function deleteBusiness(id: string) { +export async function deleteBusiness(id: string, csrfToken: string) { const session = await auth(); if (!session?.user?.id) throw new Error("Unauthorized"); + // Validate CSRF token + const isValidToken = await validateCsrfToken(csrfToken); + if (!isValidToken) throw new Error("Invalid CSRF token"); + const userId = await getEffectiveUserId(session.user.id); await db.delete(businesses).where( @@ -23,10 +28,14 @@ export async function deleteBusiness(id: string) { revalidatePath("/dashboard/businesses"); } -export async function bulkDeleteBusinesses(ids: string[]) { +export async function bulkDeleteBusinesses(ids: string[], csrfToken: string) { const session = await auth(); if (!session?.user?.id) throw new Error("Unauthorized"); + // Validate CSRF token + const isValidToken = await validateCsrfToken(csrfToken); + if (!isValidToken) throw new Error("Invalid CSRF token"); + const userId = await getEffectiveUserId(session.user.id); await db.delete(businesses).where( diff --git a/app/animations.css b/app/animations.css index 14793937c3b74ff85d9d0a3d6dfe66a3b7059a69..16489cd9248307fdfc9e8b8757f2632752e14d86 100644 --- a/app/animations.css +++ b/app/animations.css @@ -57,6 +57,30 @@ animation: fade-in 1s ease-out forwards; } +/* SVG shimmer for hero illustration */ +@keyframes svg-shimmer { + 0% { + transform: translateX(-10px) scale(1); + opacity: 0.9; + } + 50% { + transform: translateX(6px) scale(1.02); + opacity: 1; + } + 100% { + transform: translateX(-10px) scale(1); + opacity: 0.9; + } +} + +.svg-tilt { + transition: transform 0.45s ease, opacity 0.4s ease; +} + +.svg-shimmer { + animation: svg-shimmer 4s ease-in-out infinite; +} + /* Stagger animations */ .stagger-1 { animation-delay: 0.1s; diff --git a/app/api/admin/analytics/route.ts b/app/api/admin/analytics/route.ts new file mode 100644 index 0000000000000000000000000000000000000000..101fb14497f04de32f90c8ee0b2686b542bcdcae --- /dev/null +++ b/app/api/admin/analytics/route.ts @@ -0,0 +1,46 @@ +import { NextRequest, NextResponse } from "next/server"; +import { auth } from "@/lib/auth"; +import { db } from "@/db"; +import { users } from "@/db/schema"; +import { sql } from "drizzle-orm"; + +export async function GET(request: NextRequest) { + const session = await auth(); + + if (!session || session.user.role !== "admin") { + return new NextResponse("Unauthorized", { status: 401 }); + } + + try { + // Get user growth over last 30 days + const usersByDate = await db.execute(sql` + SELECT + DATE(created_at) as date, + COUNT(*) as count + FROM ${users} + WHERE created_at > NOW() - INTERVAL '30 days' + GROUP BY DATE(created_at) + ORDER BY DATE(created_at) ASC + `); + + let cumulativeUsers = 0; + const userGrowth = usersByDate.map((row: any) => { + cumulativeUsers += Number(row.count); + return { + date: new Date(row.date).toLocaleDateString("en-US", { month: "short", day: "numeric" }), + users: cumulativeUsers + }; + }); + + return NextResponse.json({ + userGrowth, + platformUsage: [ + { name: "Emails", value: 120 }, // Placeholder + { name: "Workflows", value: 50 }, // Placeholder + ] + }); + } catch (error) { + console.error("Failed to fetch analytics:", error); + return new NextResponse("Internal Server Error", { status: 500 }); + } +} diff --git a/app/api/admin/logs/route.ts b/app/api/admin/logs/route.ts new file mode 100644 index 0000000000000000000000000000000000000000..11f4e96be657c3d429e2441f55dc3df5eaba80eb --- /dev/null +++ b/app/api/admin/logs/route.ts @@ -0,0 +1,54 @@ +import { NextRequest, NextResponse } from "next/server"; +import { auth } from "@/lib/auth"; +import { db } from "@/db"; +import { workflowExecutionLogs, users } from "@/db/schema"; +import { desc, eq } from "drizzle-orm"; + +export async function GET(request: NextRequest) { + const session = await auth(); + + if (!session || session.user.role !== "admin") { + return new NextResponse("Unauthorized", { status: 401 }); + } + + try { + const recentLogs = await db + .select({ + id: workflowExecutionLogs.id, + status: workflowExecutionLogs.status, + createdAt: workflowExecutionLogs.createdAt, + userId: workflowExecutionLogs.userId, + workflowId: workflowExecutionLogs.workflowId, + }) + .from(workflowExecutionLogs) + .orderBy(desc(workflowExecutionLogs.createdAt)) + .limit(20); + + const enrichedLogs = await Promise.all(recentLogs.map(async (log) => { + // Need to handle null userId if that's possible in schema, assuming not null for now + // If userId is null, we can't fetch user name + let userName = "Unknown User"; + + if (log.userId) { + const user = await db.query.users.findFirst({ + where: eq(users.id, log.userId), + columns: { name: true } + }); + if (user?.name) userName = user.name; + } + + return { + id: log.id, + type: log.status === "completed" ? "success" : log.status === "failed" ? "error" : "info", + message: `Workflow execution ${log.status} for ${userName}`, + timestamp: log.createdAt, + metadata: { workflowId: log.workflowId } + }; + })); + + return NextResponse.json({ logs: enrichedLogs }); + } catch (error) { + console.error("Failed to fetch logs:", error); + return new NextResponse("Internal Server Error", { status: 500 }); + } +} diff --git a/app/api/admin/settings/route.ts b/app/api/admin/settings/route.ts new file mode 100644 index 0000000000000000000000000000000000000000..203e59371a46ecdb0417ec0ee0b80187789c0afb --- /dev/null +++ b/app/api/admin/settings/route.ts @@ -0,0 +1,86 @@ + +import { NextResponse } from "next/server"; +import { auth } from "@/lib/auth"; +import { db } from "@/db"; +import { systemSettings } from "@/db/schema"; +import { desc, eq } from "drizzle-orm"; + +export async function GET() { + try { + const session = await auth(); + if (!session?.user || session.user.role !== "admin") { + return new NextResponse("Unauthorized", { status: 401 }); + } + + // specific type imports might be needed if strictly typed + // Get the most recent settings or create default + let [settings] = await db + .select() + .from(systemSettings) + .orderBy(desc(systemSettings.updatedAt)) + .limit(1); + + if (!settings) { + // Initialize default settings + [settings] = await db.insert(systemSettings).values({ + featureFlags: { + betaFeatures: false, + registration: true, + maintenance: false, + }, + emailConfig: { + dailyLimit: 10000, + userRateLimit: 50, + } + }).returning(); + } + + return NextResponse.json(settings); + } catch (error) { + console.error("[SETTINGS_GET]", error); + return new NextResponse("Internal Error", { status: 500 }); + } +} + +export async function POST(req: Request) { + try { + const session = await auth(); + if (!session?.user || session.user.role !== "admin") { + return new NextResponse("Unauthorized", { status: 401 }); + } + + const body = await req.json(); + const { featureFlags, emailConfig } = body; + + // specific type imports might be needed if strictly typed + // Update existing or create new + const [existing] = await db + .select() + .from(systemSettings) + .orderBy(desc(systemSettings.updatedAt)) + .limit(1); + + let settings; + if (existing) { + [settings] = await db + .update(systemSettings) + .set({ + featureFlags, + emailConfig, + updatedAt: new Date(), + }) + .where(eq(systemSettings.id, existing.id)) // Use ID to be safe + .returning(); + } else { + [settings] = await db.insert(systemSettings).values({ + featureFlags, + emailConfig, + }).returning(); + } + + return NextResponse.json(settings); + } catch (error) { + console.error("[SETTINGS_POST]", error); + return new NextResponse("Internal Error", { status: 500 }); + } +} diff --git a/app/api/admin/stats/route.ts b/app/api/admin/stats/route.ts new file mode 100644 index 0000000000000000000000000000000000000000..ad01dc3eb6f5520876d7ac72cbc3d3c7781eca45 --- /dev/null +++ b/app/api/admin/stats/route.ts @@ -0,0 +1,54 @@ +import { NextRequest, NextResponse } from "next/server"; +import { auth } from "@/lib/auth"; +import { db } from "@/db"; +import { users, automationWorkflows } from "@/db/schema"; +import { count } from "drizzle-orm"; +import { getRedis } from "@/lib/redis"; + +export async function GET() { + const session = await auth(); + + if (!session || session.user.role !== "admin") { + return new NextResponse("Unauthorized", { status: 401 }); + } + + try { + const redis = getRedis(); + + // Parallel database queries for speed + const [ + totalUsersResult, + totalWorkflowsResult + ] = await Promise.all([ + db.select({ count: count() }).from(users), + db.select({ count: count() }).from(automationWorkflows) + ]); + + let systemHealth = "degraded"; + if (redis) { + try { + const ping = await redis.ping(); + if (ping === "PONG") systemHealth = "healthy"; + } catch { + systemHealth = "degraded"; + } + } + + const totalUsers = totalUsersResult[0]?.count || 0; + const totalWorkflows = totalWorkflowsResult[0]?.count || 0; + + // Mocking active users as 60% of total for now + const activeUsers = Math.floor(totalUsers * 0.6); + + return NextResponse.json({ + totalUsers, + userGrowth: 15, // Placeholder + activeUsers, + totalWorkflows, + systemHealth + }); + } catch (error) { + console.error("Failed to fetch admin stats:", error); + return new NextResponse("Internal Server Error", { status: 500 }); + } +} diff --git a/app/api/admin/users/[id]/route.ts b/app/api/admin/users/[id]/route.ts new file mode 100644 index 0000000000000000000000000000000000000000..749bee13131044aa83e78975c93c146757f5dca7 --- /dev/null +++ b/app/api/admin/users/[id]/route.ts @@ -0,0 +1,35 @@ +import { NextRequest, NextResponse } from "next/server"; +import { auth } from "@/lib/auth"; +import { db } from "@/db"; +import { users } from "@/db/schema"; +import { eq } from "drizzle-orm"; + +export async function PATCH( + request: NextRequest, + { params }: { params: Promise<{ id: string }> } +) { + const session = await auth(); + const { id } = await params; + + if (!session || session.user.role !== "admin") { + return new NextResponse("Unauthorized", { status: 401 }); + } + + try { + const body = await request.json(); + const { role } = body; + + if (id === session.user.id && (role && role !== "admin")) { + return new NextResponse("Cannot downgrade your own role", { status: 403 }); + } + + if (role) { + await db.update(users).set({ role }).where(eq(users.id, id)); + } + + return NextResponse.json({ success: true, message: "User updated successfully" }); + } catch (error) { + console.error("Failed to update user:", error); + return new NextResponse("Internal Server Error", { status: 500 }); + } +} diff --git a/app/api/admin/users/route.ts b/app/api/admin/users/route.ts new file mode 100644 index 0000000000000000000000000000000000000000..28958c5156c65154ae1d8cba0bf93b6a355c00dd --- /dev/null +++ b/app/api/admin/users/route.ts @@ -0,0 +1,51 @@ +import { NextRequest, NextResponse } from "next/server"; +import { auth } from "@/lib/auth"; +import { db } from "@/db"; +import { users } from "@/db/schema"; +import { desc, ilike, or } from "drizzle-orm"; + +export async function GET(request: NextRequest) { + const session = await auth(); + + if (!session || session.user.role !== "admin") { + return new NextResponse("Unauthorized", { status: 401 }); + } + + try { + const { searchParams } = new URL(request.url); + const search = searchParams.get("search") || ""; + const limit = parseInt(searchParams.get("limit") || "50"); + const offset = parseInt(searchParams.get("offset") || "0"); + + let query = db.select().from(users).limit(limit).offset(offset).orderBy(desc(users.createdAt)); + + if (search) { + // @ts-expect-error - Drizzle types issue with dynamic where + query = query.where( + or( + // cast to unknown to avoid lint errors if schema changes imply type mismatches temporarily + ilike(users.name, `%${search}%`), + ilike(users.email, `%${search}%`) + ) + ); + } + + const allUsers = await query; + + const adminUsers = allUsers.map(user => ({ + id: user.id, + name: user.name, + email: user.email, + image: user.image, + role: user.role || "user", + status: "active", + lastActive: new Date(), + createdAt: user.createdAt, + })); + + return NextResponse.json({ users: adminUsers }); + } catch (error) { + console.error("Failed to fetch users:", error); + return new NextResponse("Internal Server Error", { status: 500 }); + } +} diff --git a/app/api/auth/route-wrapper.ts b/app/api/auth/route-wrapper.ts new file mode 100644 index 0000000000000000000000000000000000000000..7b3e235735de28fee4aa923b90311676e1afa064 --- /dev/null +++ b/app/api/auth/route-wrapper.ts @@ -0,0 +1,50 @@ +/** + * Enhanced auth routes with rate limiting on sensitive endpoints + * Apply stricter limits to prevent brute force attacks + */ +import { NextRequest } from "next/server"; +import { handlers } from "@/lib/auth"; +import { checkRateLimit } from "@/lib/rate-limit"; + +// Wrap the NextAuth handlers with rate limiting +const originalGET = handlers.GET; +const originalPOST = handlers.POST; + +/** + * Rate-limited GET handler + */ +async function GET(req: NextRequest) { + // Only rate limit on sign-in/callback flows + const pathname = req.nextUrl.pathname; + + if (pathname.includes("signin") || pathname.includes("callback")) { + const { limited, response } = await checkRateLimit(req, "auth_login"); + if (limited) return response!; + } + + return originalGET(req); +} + +/** + * Rate-limited POST handler + */ +async function POST(req: NextRequest) { + // Rate limit on sign-in and sign-up + const pathname = req.nextUrl.pathname; + let rateLimitContext: "auth_login" | "auth_signup" = "auth_login"; + + if (pathname.includes("signin")) { + rateLimitContext = "auth_login"; // 5 attempts per minute + } else if (pathname.includes("signup")) { + rateLimitContext = "auth_signup"; // 3 attempts per 5 minutes + } else if (pathname.includes("callback")) { + rateLimitContext = "auth_login"; + } + + const { limited, response } = await checkRateLimit(req, rateLimitContext); + if (limited) return response!; + + return originalPOST(req); +} + +export { GET, POST }; diff --git a/app/api/businesses/route.ts b/app/api/businesses/route.ts index 26a13e6a2f5de47ca93785785eb7757d50b09083..f051c0605ac60464421a5ba36adbc7707f612e39 100644 --- a/app/api/businesses/route.ts +++ b/app/api/businesses/route.ts @@ -4,12 +4,8 @@ import { db } from "@/db"; import { businesses } from "@/db/schema"; import { eq, and, sql, or, isNull } from "drizzle-orm"; import { rateLimit } from "@/lib/rate-limit"; - -interface SessionUser { - id: string; - email: string; - name?: string; -} +import { getCached, invalidateCache } from "@/lib/cache-manager"; +import type { SessionUser } from "@/types"; export async function GET(request: Request) { try { @@ -27,63 +23,76 @@ export async function GET(request: Request) { const keyword = searchParams.get("keyword"); const page = parseInt(searchParams.get("page") || "1"); const limit = parseInt(searchParams.get("limit") || "10"); - const offset = (page - 1) * limit; - - // Build where conditions - const conditions = [eq(businesses.userId, userId)]; - - if (category && category !== "all") { - conditions.push(eq(businesses.category, category)); - } - - if (status && status !== "all") { - if (status === "pending") { - conditions.push(or(eq(businesses.emailStatus, "pending"), isNull(businesses.emailStatus))!); - } else { - conditions.push(eq(businesses.emailStatus, status)); - } - } - - if (minRating) { - conditions.push(sql`${businesses.rating} >= ${minRating}`); - } - if (location) { - conditions.push(sql`${businesses.address} ILIKE ${`%${location}%`}`); - } - - if (keyword) { - conditions.push( - or( - sql`${businesses.name} ILIKE ${`%${keyword}%`}`, - sql`${businesses.category} ILIKE ${`%${keyword}%`}` - )! - ); - } + // Generate cache key from query parameters + const cacheKey = `businesses:${userId}:${category}:${status}:${minRating}:${location}:${keyword}:${page}:${limit}`; + + // Try to get from cache first + const cached = await getCached( + cacheKey, + async () => { + const offset = (page - 1) * limit; + + // Build where conditions + const conditions = [eq(businesses.userId, userId)]; + + if (category && category !== "all") { + conditions.push(eq(businesses.category, category)); + } + + if (status && status !== "all") { + if (status === "pending") { + conditions.push(or(eq(businesses.emailStatus, "pending"), isNull(businesses.emailStatus))!); + } else { + conditions.push(eq(businesses.emailStatus, status)); + } + } + + if (minRating) { + conditions.push(sql`${businesses.rating} >= ${minRating}`); + } + + if (location) { + conditions.push(sql`${businesses.address} ILIKE ${`%${location}%`}`); + } + + if (keyword) { + conditions.push( + or( + sql`${businesses.name} ILIKE ${`%${keyword}%`}`, + sql`${businesses.category} ILIKE ${`%${keyword}%`}` + )! + ); + } + + // Get total count + const [{ count }] = await db + .select({ count: sql`count(*)` }) + .from(businesses) + .where(and(...conditions)); + + const totalPages = Math.ceil(count / limit); + + const results = await db + .select() + .from(businesses) + .where(and(...conditions)) + .orderBy(businesses.createdAt) + .limit(limit) + .offset(offset); + + return { + businesses: results, + page, + limit, + total: count, + totalPages, + }; + }, + 600 // Cache for 10 minutes + ); - // Get total count - const [{ count }] = await db - .select({ count: sql`count(*)` }) - .from(businesses) - .where(and(...conditions)); - - const totalPages = Math.ceil(count / limit); - - const results = await db - .select() - .from(businesses) - .where(and(...conditions)) - .orderBy(businesses.createdAt) - .limit(limit) - .offset(offset); - - return NextResponse.json({ - businesses: results, - page, - limit, - total: count, - totalPages - }); + return NextResponse.json(cached); } catch (error) { console.error("Error fetching businesses:", error); return NextResponse.json( @@ -105,6 +114,7 @@ export async function PATCH(request: Request) { return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); } + const userId = (session.user as SessionUser).id; const body = await request.json(); const { id, ...updates } = body; @@ -114,6 +124,9 @@ export async function PATCH(request: Request) { .where(eq(businesses.id, id)) .returning(); + // Invalidate cache for this user's businesses + await invalidateCache(`businesses:${userId}:*`); + return NextResponse.json({ business }); } catch (error) { console.error("Error updating business:", error); @@ -131,6 +144,7 @@ export async function DELETE(request: Request) { return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); } + const userId = (session.user as SessionUser).id; const { searchParams } = new URL(request.url); const id = searchParams.get("id"); @@ -143,6 +157,9 @@ export async function DELETE(request: Request) { await db.delete(businesses).where(eq(businesses.id, id)); + // Invalidate cache for this user's businesses + await invalidateCache(`businesses:${userId}:*`); + return NextResponse.json({ success: true }); } catch (error) { console.error("Error deleting business:", error); diff --git a/app/api/health/route.ts b/app/api/health/route.ts index e2a89e47bf4e60ad2584d5e05071898c58d503de..a6725735a692d47d1e58ab7c32ac778d3ed2e808 100644 --- a/app/api/health/route.ts +++ b/app/api/health/route.ts @@ -2,46 +2,123 @@ import { NextResponse } from "next/server"; import { db } from "@/db"; import { sql } from "drizzle-orm"; import { redis } from "@/lib/redis"; +import { Logger } from "@/lib/logger"; -export const dynamic = 'force-dynamic'; +export const dynamic = "force-dynamic"; -export async function GET() { - const health = { - status: "ok", - timestamp: new Date().toISOString(), - services: { - database: "unknown", - redis: "unknown", - } - }; +interface HealthCheck { + status: "healthy" | "degraded" | "unhealthy"; + timestamp: string; + checks: Record; +} - let statusCode = 200; +export async function GET(): Promise> { + const checks: HealthCheck["checks"] = {}; // Check Database try { + const dbStart = performance.now(); await db.execute(sql`SELECT 1`); - health.services.database = "up"; + const dbLatency = Math.round(performance.now() - dbStart); + checks.database = { + status: true, + latency: dbLatency, + message: `Connected in ${dbLatency}ms`, + }; } catch (error) { - console.error("Health check - DB failed:", error); - health.services.database = "down"; - health.status = "error"; - statusCode = 503; + Logger.error("Health check - DB failed", error as Error); + checks.database = { + status: false, + message: error instanceof Error ? error.message : "Connection failed", + }; } // Check Redis try { + const redisStart = performance.now(); if (redis) { await redis.ping(); - health.services.redis = "up"; + const redisLatency = Math.round(performance.now() - redisStart); + checks.redis = { + status: true, + latency: redisLatency, + message: `Connected in ${redisLatency}ms`, + }; } else { - health.services.redis = "not_configured"; + checks.redis = { + status: false, + message: "Redis client not initialized", + }; } } catch (error) { - console.error("Health check - Redis failed:", error); - health.services.redis = "down"; - health.status = "error"; - statusCode = 503; + Logger.error("Health check - Redis failed", error as Error); + checks.redis = { + status: false, + message: error instanceof Error ? error.message : "Connection failed", + }; } - return NextResponse.json(health, { status: statusCode }); + // Check Gemini API (optional) + try { + const geminiStart = performance.now(); + const response = await fetch( + `https://generativelanguage.googleapis.com/v1beta/models?key=${process.env.GEMINI_API_KEY}`, + { signal: AbortSignal.timeout(5000) } + ); + const geminiLatency = Math.round(performance.now() - geminiStart); + + checks.gemini = { + status: response.ok, + latency: geminiLatency, + message: response.ok + ? `Available in ${geminiLatency}ms` + : `API returned ${response.status}`, + }; + } catch (error) { + checks.gemini = { + status: false, + message: error instanceof Error ? error.message : "Connection failed", + }; + } + + // Determine overall status (database is critical) + const overallStatus = + checks.database?.status === false + ? "unhealthy" + : !Object.values(checks).every((check) => check.status) + ? "degraded" + : "healthy"; + + const httpStatus = overallStatus === "healthy" ? 200 : 503; + + const healthCheck: HealthCheck = { + status: overallStatus, + timestamp: new Date().toISOString(), + checks, + }; + + if (overallStatus !== "healthy") { + Logger.warn("Health check failed", { + status: overallStatus, + failedChecks: Object.entries(checks) + .filter(([, check]) => !check.status) + .map(([name]) => name), + }); + } + + return NextResponse.json(healthCheck, { status: httpStatus }); +} + +/** + * Liveness probe - checks if service is running + * For Kubernetes/Docker deployments + */ +export async function HEAD(): Promise { + try { + // Quick database connectivity check + await db.execute(sql`SELECT 1`); + return new NextResponse(null, { status: 200 }); + } catch { + return new NextResponse(null, { status: 503 }); + } } diff --git a/app/api/logs/background/route.ts b/app/api/logs/background/route.ts new file mode 100644 index 0000000000000000000000000000000000000000..251617123b0daeb475a957dc5330bad74c508bb0 --- /dev/null +++ b/app/api/logs/background/route.ts @@ -0,0 +1,42 @@ +import { apiSuccess } from "@/lib/api-response-helpers"; + +// In-memory log storage (in production, use Redis or database) +const logs: Array<{ + id: string; + timestamp: string; + level: "info" | "error" | "warn" | "success"; + source: string; + message: string; +}> = []; + +let logIdCounter = 0; + +// Export function to add logs from other parts of the app +export function addBackgroundLog( + level: "info" | "error" | "warn" | "success", + source: string, + message: string +) { + logs.push({ + id: `log-${++logIdCounter}`, + timestamp: new Date().toISOString(), + level, + source, + message, + }); + + // Keep only last 500 logs + if (logs.length > 500) { + logs.shift(); + } +} + +export async function GET() { + return apiSuccess({ logs: logs.slice(-200) }); // Return last 200 logs +} + +export async function DELETE() { + logs.length = 0; + logIdCounter = 0; + return apiSuccess({ message: "Logs cleared" }); +} diff --git a/app/api/notifications/[id]/route.ts b/app/api/notifications/[id]/route.ts new file mode 100644 index 0000000000000000000000000000000000000000..e3e76aa376959bed4b2a9c89b1fc39db6903fff0 --- /dev/null +++ b/app/api/notifications/[id]/route.ts @@ -0,0 +1,45 @@ +import { auth } from "@/lib/auth"; +import { apiSuccess, apiError } from "@/lib/api-response-helpers"; +import { NotificationService } from "@/lib/notifications/notification-service"; + +export async function PATCH( + request: Request, + { params }: { params: { id: string } } +) { + try { + const session = await auth(); + if (!session?.user?.id) { + return apiError("Unauthorized", 401); + } + + const { id } = params; + + await NotificationService.markAsRead(id, session.user.id); + + return apiSuccess({ message: "Notification marked as read" }); + } catch (error) { + console.error("Error updating notification:", error); + return apiError("Failed to update notification", 500); + } +} + +export async function DELETE( + request: Request, + { params }: { params: { id: string } } +) { + try { + const session = await auth(); + if (!session?.user?.id) { + return apiError("Unauthorized", 401); + } + + const { id } = params; + + await NotificationService.delete(id, session.user.id); + + return apiSuccess({ message: "Notification deleted" }); + } catch (error) { + console.error("Error deleting notification:", error); + return apiError("Failed to delete notification", 500); + } +} diff --git a/app/api/notifications/actions/route.ts b/app/api/notifications/actions/route.ts new file mode 100644 index 0000000000000000000000000000000000000000..e6e38fd0951856aaff4d0b0fef8a1bc803d4ae82 --- /dev/null +++ b/app/api/notifications/actions/route.ts @@ -0,0 +1,30 @@ +import { auth } from "@/lib/auth"; +import { apiSuccess, apiError } from "@/lib/api-response-helpers"; +import { NotificationService } from "@/lib/notifications/notification-service"; + +export async function PATCH(request: Request) { + try { + const session = await auth(); + if (!session?.user?.id) { + return apiError("Unauthorized", 401); + } + + const body = await request.json(); + const { action, category } = body; + + if (action === "mark-all-read") { + await NotificationService.markAllAsRead(session.user.id, category); + return apiSuccess({ message: "All notifications marked as read" }); + } + + if (action === "delete-all-read") { + await NotificationService.deleteAllRead(session.user.id); + return apiSuccess({ message: "All read notifications deleted" }); + } + + return apiError("Invalid action", 400); + } catch (error) { + console.error("Error updating notifications:", error); + return apiError("Failed to update notifications", 500); + } +} diff --git a/app/api/notifications/preferences/route.ts b/app/api/notifications/preferences/route.ts new file mode 100644 index 0000000000000000000000000000000000000000..caf9ea852d6c5a908528ec9d5a7bb2934afe07f4 --- /dev/null +++ b/app/api/notifications/preferences/route.ts @@ -0,0 +1,46 @@ +import { auth } from "@/lib/auth"; +import { apiSuccess, apiError } from "@/lib/api-response-helpers"; +import { NotificationService } from "@/lib/notifications/notification-service"; + +export async function GET() { + try { + const session = await auth(); + if (!session?.user?.id) { + return apiError("Unauthorized", 401); + } + + const preferences = await NotificationService.getPreferences(session.user.id); + + return apiSuccess({ preferences }); + } catch (error) { + console.error("Error fetching preferences:", error); + return apiError("Failed to fetch preferences", 500); + } +} + +export async function PATCH(request: Request) { + try { + const session = await auth(); + if (!session?.user?.id) { + return apiError("Unauthorized", 401); + } + + const body = await request.json(); + const { category, ...preferences } = body; + + if (!category) { + return apiError("Category is required", 400); + } + + await NotificationService.updatePreferences( + session.user.id, + category, + preferences + ); + + return apiSuccess({ message: "Preferences updated successfully" }); + } catch (error) { + console.error("Error updating preferences:", error); + return apiError("Failed to update preferences", 500); + } +} diff --git a/app/api/notifications/route.ts b/app/api/notifications/route.ts index d91e83dc37c751f2d70cde5480198d17b3c52f4c..b0fda2e1f4e08e3328c04c771f733ac1a17a2ee4 100644 --- a/app/api/notifications/route.ts +++ b/app/api/notifications/route.ts @@ -1,77 +1,62 @@ -import { NextResponse } from "next/server"; import { auth } from "@/lib/auth"; -import { db } from "@/db"; -import { notifications, users } from "@/db/schema"; -import { eq, desc } from "drizzle-orm"; +import { apiSuccess, apiError } from "@/lib/api-response-helpers"; +import { NotificationService } from "@/lib/notifications/notification-service"; -export async function GET() { +export async function GET(request: Request) { try { const session = await auth(); - if (!session?.user?.email) { - return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); + if (!session?.user?.id) { + return apiError("Unauthorized", 401); } - // Get user ID from DB - const user = await db.query.users.findFirst({ - where: eq(users.email, session.user.email) - }); + const { searchParams } = new URL(request.url); + const categoryParam = searchParams.get("category"); + const category = categoryParam as "workflow" | "social" | "email" | "system" | "task" | undefined; + const limit = parseInt(searchParams.get("limit") || "50"); + const offset = parseInt(searchParams.get("offset") || "0"); - if (!user) { - return NextResponse.json({ error: "User not found" }, { status: 404 }); - } + const notifications = await NotificationService.getForUser(session.user.id, { + category: category || undefined, + limit, + offset, + }); - const userNotifications = await db - .select() - .from(notifications) - .where(eq(notifications.userId, user.id)) - .orderBy(desc(notifications.createdAt)) - .limit(50); + const unreadCount = await NotificationService.getUnreadCount(session.user.id); - return NextResponse.json({ notifications: userNotifications }); + return apiSuccess({ notifications, unreadCount }); } catch (error) { console.error("Error fetching notifications:", error); - return NextResponse.json( - { error: "Failed to fetch notifications" }, - { status: 500 } - ); + return apiError("Failed to fetch notifications", 500); } } export async function POST(request: Request) { try { const session = await auth(); - if (!session?.user?.email) { - return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); + if (!session?.user?.id) { + return apiError("Unauthorized", 401); } - // Get user ID from DB - const user = await db.query.users.findFirst({ - where: eq(users.email, session.user.email) - }); + const body = await request.json(); + const { title, message, category, level, actionUrl, metadata } = body; - if (!user) { - return NextResponse.json({ error: "User not found" }, { status: 404 }); + if (!title || !message || !category || !level) { + return apiError("Missing required fields", 400); } - const { title, message, type } = await request.json(); - - const [newNotification] = await db - .insert(notifications) - .values({ - userId: user.id, - title, - message, - type: type || "info", - read: false, - }) - .returning(); + const notification = await NotificationService.create({ + userId: session.user.id, + title, + message, + category, + level, + actionUrl, + metadata, + }); - return NextResponse.json({ notification: newNotification }); + return apiSuccess({ notification }); } catch (error) { console.error("Error creating notification:", error); - return NextResponse.json( - { error: "Failed to create notification" }, - { status: 500 } - ); + return apiError("Failed to create notification", 500); } } diff --git a/app/api/performance/metrics/route.ts b/app/api/performance/metrics/route.ts new file mode 100644 index 0000000000000000000000000000000000000000..3e8eb08fa3b5ec000df0c3d857323f04e40bacd4 --- /dev/null +++ b/app/api/performance/metrics/route.ts @@ -0,0 +1,26 @@ +import { NextResponse } from "next/server"; +import { performanceMonitor } from "@/lib/performance-monitoring"; + +export async function GET() { + try { + // Get summary of web vitals and API metrics + const summary = performanceMonitor.getSummary(); + + return NextResponse.json({ + lcp: summary.lcp, + cls: summary.cls, + fid: summary.fid, + avgAPITime: summary.avgAPITime, + slowRequests: summary.slowRequests, + cachedRequests: summary.cachedRequests, + totalRequests: summary.totalRequests, + cacheHitRate: summary.cacheHitRate, + }); + } catch (error) { + console.error("Failed to get performance metrics:", error); + return NextResponse.json( + { error: "Failed to fetch metrics" }, + { status: 500 } + ); + } +} diff --git a/app/api/scraping/start/route.ts b/app/api/scraping/start/route.ts index a6c43faa6d8ee749550ec986c78ebb33c696b281..ad17f5e3131bc5bd93e039244fc05f316fff7d14 100644 --- a/app/api/scraping/start/route.ts +++ b/app/api/scraping/start/route.ts @@ -4,7 +4,7 @@ import { db } from "@/db"; import { scrapingJobs } from "@/db/schema"; import { queueScraping } from "@/lib/queue"; import { rateLimit } from "@/lib/rate-limit"; -import { SessionUser } from "@/types"; +import type { SessionUser } from "@/types"; import { eq, and } from "drizzle-orm"; export async function POST(request: Request) { diff --git a/app/api/settings/route.ts b/app/api/settings/route.ts index 0e7f0bf5c3585f30203cb7a49c29896615252063..41cfb5e6e42a1be82d265f5bc1b117f515fe74ce 100644 --- a/app/api/settings/route.ts +++ b/app/api/settings/route.ts @@ -13,6 +13,9 @@ interface UpdateUserData { company?: string; website?: string; customVariables?: Record; + whatsappBusinessPhone?: string; + whatsappAccessToken?: string; + whatsappVerifyToken?: string; updatedAt: Date; } @@ -40,6 +43,9 @@ export async function GET() { company: users.company, website: users.website, customVariables: users.customVariables, + whatsappBusinessPhone: users.whatsappBusinessPhone, + whatsappAccessToken: users.whatsappAccessToken, + whatsappVerifyToken: users.whatsappVerifyToken, }) .from(users) .where(eq(users.id, userId)); @@ -73,6 +79,8 @@ export async function GET() { company: user.company, website: user.website, customVariables: user.customVariables, + whatsappBusinessPhone: user.whatsappBusinessPhone, + isWhatsappConfigured: !!(user.whatsappBusinessPhone && user.whatsappAccessToken), }, connectedAccounts: accounts, }); @@ -108,6 +116,9 @@ export async function PATCH(request: Request) { if (body.company !== undefined) updateData.company = body.company; if (body.website !== undefined) updateData.website = body.website; if (body.customVariables !== undefined) updateData.customVariables = body.customVariables; + if (body.whatsappBusinessPhone !== undefined) updateData.whatsappBusinessPhone = body.whatsappBusinessPhone; + if (body.whatsappAccessToken !== undefined) updateData.whatsappAccessToken = body.whatsappAccessToken; + if (body.whatsappVerifyToken !== undefined) updateData.whatsappVerifyToken = body.whatsappVerifyToken; const [updatedUser] = await db .update(users) diff --git a/app/api/social/automations/[id]/route.ts b/app/api/social/automations/[id]/route.ts new file mode 100644 index 0000000000000000000000000000000000000000..9fd6b1018b94560914b149f5604a82fe41b4c3a0 --- /dev/null +++ b/app/api/social/automations/[id]/route.ts @@ -0,0 +1,42 @@ +import { auth } from "@/lib/auth"; +import { db } from "@/db"; +import { socialAutomations } from "@/db/schema"; +import { eq, and } from "drizzle-orm"; +import { apiSuccess, apiError } from "@/lib/api-response-helpers"; + +export async function DELETE( + request: Request, + { params }: { params: { id: string } } +) { + try { + const session = await auth(); + + if (!session?.user?.id) { + return apiError("Unauthorized", 401); + } + + const { id } = params; + + // Verify ownership before deleting + const automation = await db.query.socialAutomations.findFirst({ + where: and( + eq(socialAutomations.id, id), + eq(socialAutomations.userId, session.user.id) + ), + }); + + if (!automation) { + return apiError("Automation not found or access denied", 404); + } + + // Delete the automation + await db + .delete(socialAutomations) + .where(eq(socialAutomations.id, id)); + + return apiSuccess({ message: "Automation deleted successfully" }); + } catch (error) { + console.error("Error deleting automation:", error); + return apiError("Failed to delete automation", 500); + } +} diff --git a/app/api/social/automations/trigger/route.ts b/app/api/social/automations/trigger/route.ts new file mode 100644 index 0000000000000000000000000000000000000000..ae686029559bfd19c47b1c2264b9af8adf648a00 --- /dev/null +++ b/app/api/social/automations/trigger/route.ts @@ -0,0 +1,71 @@ +/** + * API endpoint to manually trigger social automation checks + * Useful for testing without waiting for the worker interval + */ + +import { NextResponse } from "next/server"; +import { auth } from "@/lib/auth"; +import { SessionUser } from "@/types"; +import { socialAutomationWorker } from "@/lib/workers/social-automation"; + +export async function POST() { + try { + const session = await auth(); + if (!session?.user) { + return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); + } + + const userId = (session.user as SessionUser).id; + + // Only allow admin or authenticated users to trigger + if (!userId) { + return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); + } + + console.log("🔄 Manually triggered social automation check"); + + // Trigger a single check cycle + const workerAny = socialAutomationWorker as unknown as { + processAutomations: () => Promise; + }; + await workerAny.processAutomations(); + + return NextResponse.json({ + success: true, + message: "Social automation check triggered successfully", + }); + } catch (error) { + console.error("Error triggering social automation:", error); + return NextResponse.json( + { error: error instanceof Error ? error.message : "Failed to trigger automation" }, + { status: 500 } + ); + } +} + +export async function GET() { + try { + const session = await auth(); + if (!session?.user) { + return NextResponse.json({ error: "Unauthorized" }, { status: 401 }); + } + + // Return worker status + const workerAny = socialAutomationWorker as unknown as { + isRunning: boolean; + checkIntervalMs: number; + }; + + return NextResponse.json({ + isRunning: workerAny.isRunning || false, + checkIntervalMs: workerAny.checkIntervalMs || 60000, + status: workerAny.isRunning ? "active" : "stopped", + }); + } catch (error) { + console.error("Error getting worker status:", error); + return NextResponse.json( + { error: "Failed to get worker status" }, + { status: 500 } + ); + } +} diff --git a/app/api/social/webhooks/facebook/route.ts b/app/api/social/webhooks/facebook/route.ts new file mode 100644 index 0000000000000000000000000000000000000000..24ef9b142e12f0f938782096e16347322c35a568 --- /dev/null +++ b/app/api/social/webhooks/facebook/route.ts @@ -0,0 +1,244 @@ +/** + * Facebook Webhook Handler + * Handles real-time webhook events from Facebook/Instagram + */ + +import { NextRequest, NextResponse } from "next/server"; +import { db } from "@/db"; +import { socialAutomations, connectedAccounts } from "@/db/schema"; +import { eq } from "drizzle-orm"; +import crypto from "crypto"; +/** + * GET handler for webhook verification + * Facebook requires this for webhook setup + */ +export async function GET(request: NextRequest) { + const searchParams = request.nextUrl.searchParams; + + const mode = searchParams.get("hub.mode"); + const token = searchParams.get("hub.verify_token"); + const challenge = searchParams.get("hub.challenge"); + + // Verify token (should match the one set in Facebook App dashboard) + const VERIFY_TOKEN = process.env.FACEBOOK_WEBHOOK_VERIFY_TOKEN || "autoloop_webhook_token_2024"; + + if (mode === "subscribe" && token === VERIFY_TOKEN) { + console.log("✅ Webhook verified"); + return new NextResponse(challenge, { status: 200 }); + } else { + console.error("❌ Webhook verification failed"); + return NextResponse.json({ error: "Verification failed" }, { status: 403 }); + } +} + +/** + * POST handler for webhook events + * Receives real-time updates from Facebook/Instagram + */ +export async function POST(request: NextRequest) { + try { + const body = await request.json(); + + console.log("📨 Received webhook event:", JSON.stringify(body, null, 2)); + + // Verify the webhook signature (recommended for production) + // const signature = request.headers.get("x-hub-signature-256"); + // if (!verifySignature(body, signature)) { + // return NextResponse.json({ error: "Invalid signature" }, { status: 403 }); + // } + + // Process each entry in the webhook + if (body.object === "page" || body.object === "instagram") { + for (const entry of body.entry || []) { + // Handle different webhook fields + if (entry.changes) { + for (const change of entry.changes) { + await handleWebhookChange(change, entry.id); + } + } + + if (entry.messaging) { + for (const message of entry.messaging) { + await handleMessagingEvent(message, entry.id); + } + } + } + } + + // Facebook expects a 200 OK response + return NextResponse.json({ success: true }, { status: 200 }); + } catch (error) { + console.error("❌ Error processing webhook:", error); + // Still return 200 to prevent Facebook from retrying + return NextResponse.json({ success: false }, { status: 200 }); + } +} + +/** + * Handle webhook change events (comments, posts, etc.) + */ +async function handleWebhookChange(change: Record, pageId: string) { + const { field, value } = change; + + console.log(`📝 Webhook change: ${field}`, value); + + switch (field) { + case "comments": + await handleCommentEvent(value as Record, pageId); + break; + case "feed": + await handleFeedEvent(value as Record, pageId); + break; + case "mentions": + await handleMentionEvent(value as Record, pageId); + break; + default: + console.log(`ℹ️ Unhandled webhook field: ${field}`); + } +} + +/** + * Handle comment events + */ +async function handleCommentEvent(value: Record, pageId: string) { + const commentData = value as { + id?: string; + post_id?: string; + message?: string; + from?: { id: string; name: string }; + created_time?: string; + parent_id?: string; // For comment replies + }; + + if (!commentData.message || !commentData.from) { + console.log("⚠️ Incomplete comment data"); + return; + } + + console.log(`💬 New comment: "${commentData.message.substring(0, 50)}..." by ${commentData.from.name}`); + + // Find matching automations + const account = await db.query.connectedAccounts.findFirst({ + where: eq(connectedAccounts.providerAccountId, pageId), + }); + + if (!account) { + console.log(`⚠️ No account found for page ${pageId}`); + return; + } + + const automations = await db.query.socialAutomations.findMany({ + where: eq(socialAutomations.connectedAccountId, account.id), + }); + + // Check each automation for keyword matches + for (const automation of automations) { + if (!automation.isActive) continue; + + if (automation.triggerType !== "comment_keyword" && automation.triggerType !== "any_comment") { + continue; + } + + // Check keywords + const keywords = automation.keywords || []; + const matchedKeyword = keywords.find(keyword => + commentData.message!.toLowerCase().includes(keyword.toLowerCase()) + ); + + if (matchedKeyword || automation.triggerType === "any_comment") { + console.log(`✅ Matched automation: "${automation.name}"`); + + // Execute auto-reply + await executeAutoReplyToComment( + commentData.id!, + automation.responseTemplate || "Thank you for your comment!", + account.accessToken, + account.provider + ); + } + } +} + +/** + * Handle feed events (new posts) + */ +async function handleFeedEvent(value: Record, pageId: string) { + console.log(`📰 Feed event for page ${pageId}`); + // Could trigger automations based on new posts +} + +/** + * Handle mention events + */ +async function handleMentionEvent(value: Record, pageId: string) { + console.log(`@️ Mention event for page ${pageId}`); + // Could trigger automations based on mentions +} + +/** + * Handle messaging events (DMs) + */ +async function handleMessagingEvent(message: Record, pageId: string) { + console.log(`📬 Messaging event for page ${pageId}`, message); + // Could handle DM-based automations +} + +/** + * Execute auto-reply to a comment + */ +async function executeAutoReplyToComment( + commentId: string, + replyText: string, + accessToken: string, + provider: string +) { + try { + let url = ""; + + if (provider === "facebook") { + url = `https://graph.facebook.com/v21.0/${commentId}/comments`; + } else if (provider === "instagram") { + url = `https://graph.facebook.com/v21.0/${commentId}/replies`; + } else { + console.log(`⚠️ Platform ${provider} not supported`); + return; + } + + const response = await fetch(url, { + method: "POST", + headers: { "Content-Type": "application/json" }, + body: JSON.stringify({ + message: replyText, + access_token: accessToken, + }), + }); + + const data = await response.json(); + + if (data.error) { + console.error("❌ Error posting reply:", data.error); + } else { + console.log(`✅ Auto-reply posted successfully`); + } + } catch (error) { + console.error("❌ Error in executeAutoReplyToComment:", error); + } +} + +/** + * Verify webhook signature (optional but recommended) + * Currently unused but kept for future implementation + */ +/* eslint-disable @typescript-eslint/no-unused-vars */ +function verifySignature(body: unknown, signature: string | null): boolean { + if (!signature) return false; + const APP_SECRET = process.env.FACEBOOK_APP_SECRET || ""; + + const expectedSignature = "sha256=" + crypto + .createHmac("sha256", APP_SECRET) + .update(JSON.stringify(body)) + .digest("hex"); + + return signature === expectedSignature; +} +/* eslint-enable @typescript-eslint/no-unused-vars */ diff --git a/app/api/tasks/monitor/route.ts b/app/api/tasks/monitor/route.ts new file mode 100644 index 0000000000000000000000000000000000000000..94294a4f43dae2647490a093dbfae9be19b575ab --- /dev/null +++ b/app/api/tasks/monitor/route.ts @@ -0,0 +1,41 @@ +/** + * Task Monitor API + * Provides real-time updates on all background tasks + */ + +import { NextResponse } from 'next/server'; +import { taskQueue } from '@/lib/queue/task-queue'; +import { apiSuccess, withErrorHandling } from '@/lib/api-response-helpers'; +import { auth } from '@/auth'; + +/** + * GET /api/tasks/monitor + * Get current status of all tasks + */ +export const GET = withErrorHandling(async () => { + const session = await auth(); + if (!session) { + return NextResponse.json({ error: 'Unauthorized' }, { status: 401 }); + } + + // Get all active tasks + const activeTasks = taskQueue.getActiveTasks(); + + // Get statistics for all queue types + const stats = taskQueue.getAllStats(); + + return apiSuccess({ + tasks: activeTasks.map(task => ({ + id: task.id, + type: task.type, + status: task.status, + priority: task.priority, + createdAt: task.createdAt, + startedAt: task.startedAt, + data: task.data, + })), + stats, + totalActive: activeTasks.length, + timestamp: new Date().toISOString(), + }); +}); diff --git a/app/api/workflows/[id]/route.ts b/app/api/workflows/[id]/route.ts index 199026458ebec6dcd0bed2ac8b9314da54bea2b6..4562c0114c8dcb83b8491bbfa545a5ab881143a0 100644 --- a/app/api/workflows/[id]/route.ts +++ b/app/api/workflows/[id]/route.ts @@ -109,7 +109,7 @@ export async function PATCH( if (Object.keys(updates).length > 1) { // updatedAt is always there await db .update(automationWorkflows) - .set(updates) + .set(updates as Record) .where( and( eq(automationWorkflows.id, id), diff --git a/app/api/workflows/route.ts b/app/api/workflows/route.ts index d2aad54db26f3626dc69adcb21d4aef0e7ff2e75..551ae973d773aa82e8410332779f671a108d4b74 100644 --- a/app/api/workflows/route.ts +++ b/app/api/workflows/route.ts @@ -6,6 +6,7 @@ import { eq, and, sql } from "drizzle-orm"; import { SessionUser } from "@/types"; import { apiSuccess, apiError } from "@/lib/api-response"; import { ApiErrors } from "@/lib/api-errors"; +import { getCached, invalidateCache } from "@/lib/cache-manager"; export async function GET() { try { @@ -30,43 +31,41 @@ export async function GET() { } } - // Fetch workflows - const workflowsData = await db - .select() - .from(automationWorkflows) - .where(eq(automationWorkflows.userId, queryUserId)) - .orderBy(automationWorkflows.createdAt); - - // Manually fetch and aggregate stats (Drizzle aggregation/group by can be complex with relations, - // simpler to just fetch derived data or do a separate count query if volume is low. - // For MVP, separate query per workflow or one big group by. - // Let's do a left join aggregation.) - - // Actually, let's fetch basic stats separately to avoid N+1 if list is huge, - // but for < 50 workflows, a loop is fine or a single complex query. - // Let's stick to simple: Fetch all, then map. - - // We need: executionCount, lastRunAt - // We can add these fields to the response object. - - const enrichedWorkflows = await Promise.all(workflowsData.map(async (wf) => { - // Count executions - const countResult = await db.execute(sql` - SELECT count(*) as count, max(started_at) as last_run - FROM workflow_execution_logs - WHERE workflow_id = ${wf.id} - `); - - const row = countResult.rows[0] as { count: string, last_run: string | null }; - - return { - ...wf, - executionCount: Number(row.count), - lastRunAt: row.last_run ? new Date(row.last_run) : null - }; - })); - - return apiSuccess({ workflows: enrichedWorkflows }); + // Cache workflows for 5 minutes + const cachedWorkflows = await getCached( + `workflows:${queryUserId}`, + async () => { + // Fetch workflows + const workflowsData = await db + .select() + .from(automationWorkflows) + .where(eq(automationWorkflows.userId, queryUserId)) + .orderBy(automationWorkflows.createdAt); + + // Enriched with stats + const enrichedWorkflows = await Promise.all(workflowsData.map(async (wf) => { + // Count executions + const countResult = await db.execute(sql` + SELECT count(*) as count, max(started_at) as last_run + FROM workflow_execution_logs + WHERE workflow_id = ${wf.id} + `); + + const row = countResult.rows[0] as { count: string, last_run: string | null }; + + return { + ...wf, + executionCount: Number(row.count), + lastRunAt: row.last_run ? new Date(row.last_run) : null + }; + })); + + return { workflows: enrichedWorkflows }; + }, + 300 // 5 minutes + ); + + return apiSuccess(cachedWorkflows); } catch (error) { return apiError(error); } @@ -141,6 +140,9 @@ export async function POST(request: Request) { }) .returning(); + // Invalidate workflows cache for this user + await invalidateCache(`workflows:${finalUserId}`); + return NextResponse.json({ workflow }); } catch (error) { console.error("Error creating workflow:", error); @@ -192,6 +194,9 @@ export async function PATCH(request: Request) { ) .returning(); + // Invalidate workflows cache + await invalidateCache(`workflows:${finalUserId}`); + return NextResponse.json({ workflow }); } catch (error) { console.error("Error updating workflow:", error); @@ -240,6 +245,9 @@ export async function DELETE(request: Request) { ) ); + // Invalidate workflows cache + await invalidateCache(`workflows:${finalUserId}`); + return NextResponse.json({ success: true }); } catch (error) { console.error("Error deleting workflow:", error); diff --git a/app/api/workflows/templates/route.ts b/app/api/workflows/templates/route.ts index 13a9a978b9b284ad063a40fc087736a810d483a4..09883c7adb7fd2e55a653a3cfd2b8cafdecdc467 100644 --- a/app/api/workflows/templates/route.ts +++ b/app/api/workflows/templates/route.ts @@ -85,8 +85,8 @@ export async function POST(request: NextRequest) { targetBusinessType: template.targetBusinessType || "General", keywords: template.keywords || [], isActive: false, - nodes: nodes, - edges: template.edges, + nodes: nodes as unknown as import("@/types/social-workflow").WorkflowNode[], + edges: template.edges as unknown as import("@/types/social-workflow").WorkflowEdge[], }); // Query the workflow back to get its ID (most recently created) diff --git a/app/auth/signin/page.tsx b/app/auth/signin/page.tsx index 892de3f6e99c666bc13b86fa7836778061d3a565..aa352462eeabb1e2d850410d971033e0bfc17f44 100644 --- a/app/auth/signin/page.tsx +++ b/app/auth/signin/page.tsx @@ -1,73 +1,14 @@ "use client"; -import { useState } from "react"; import { signIn } from "next-auth/react"; import Link from "next/link"; import { Button } from "@/components/ui/button"; import { Card, CardContent, CardDescription, CardHeader, CardTitle } from "@/components/ui/card"; -import { Input } from "@/components/ui/input"; -import { Label } from "@/components/ui/label"; -import { Infinity, Github, ArrowLeft, Send, Lock } from "lucide-react"; -import { toast } from "sonner"; +import { Infinity, Github } from "lucide-react"; -export default function SignIn() { - const [isWhatsApp, setIsWhatsApp] = useState(false); - const [phoneNumber, setPhoneNumber] = useState(""); - const [otp, setOtp] = useState(""); - const [step, setStep] = useState<"phone" | "otp">("phone"); - const [loading, setLoading] = useState(false); - - const handleSendOtp = async () => { - if (!phoneNumber) { - toast.error("Please enter a phone number"); - return; - } - setLoading(true); - try { - const res = await fetch("/api/auth/otp/send", { - method: "POST", - headers: { "Content-Type": "application/json" }, - body: JSON.stringify({ phoneNumber }) - }); - const data = await res.json(); - if (!res.ok) throw new Error(data.error); - - toast.success("OTP sent to WhatsApp!"); - setStep("otp"); - } catch (error: unknown) { - const msg = error instanceof Error ? error.message : String(error); - toast.error(msg || "Failed to send OTP"); - } finally { - setLoading(false); - } - }; - const handleVerifyOtp = async () => { - if (!otp) { - toast.error("Please enter the OTP"); - return; - } - setLoading(true); - try { - const res = await signIn("whatsapp-otp", { - phoneNumber, - code: otp, - callbackUrl: "/dashboard", - redirect: false - }); +export default function SignIn() { - if (res?.error) { - throw new Error(res.error); - } else if (res?.ok) { - window.location.href = "/dashboard"; - } - } catch (error: unknown) { - const msg = error instanceof Error ? error.message : String(error); - toast.error(msg || "Invalid OTP or Login Failed"); - } finally { - setLoading(false); - } - }; return (
@@ -80,59 +21,15 @@ export default function SignIn() {
- {isWhatsApp ? "WhatsApp Login" : "AutoLoop"} + AutoLoop - {isWhatsApp ? "Secure OTP Verification" : "Automated Cold Email Intelligence"} + Automated Cold Email Intelligence
- {isWhatsApp ? ( -
- {step === "phone" ? ( -
-
- - setPhoneNumber(e.target.value)} - /> -
- -
- ) : ( -
-
- - setOtp(e.target.value)} - maxLength={6} - className="text-center text-lg tracking-widest" - /> -
- - -
- )} - -
- -
-
- ) : (
- -
@@ -206,8 +88,7 @@ export default function SignIn() { Admin Access
-
- )} +

By clicking continue, you agree to our{" "} diff --git a/app/dashboard/admin/page.tsx b/app/dashboard/admin/page.tsx new file mode 100644 index 0000000000000000000000000000000000000000..7e9fe337dbea5cf320a794498d0c1fe0d5a89658 --- /dev/null +++ b/app/dashboard/admin/page.tsx @@ -0,0 +1,201 @@ +"use client"; + +import { useState, useEffect } from "react"; +import { Tabs, TabsContent, TabsList, TabsTrigger } from "@/components/ui/tabs"; +import { Card, CardContent, CardHeader, CardTitle, CardDescription } from "@/components/ui/card"; +import { Users, Activity, BarChart3, Settings, FileText } from "lucide-react"; +import { StatsOverview } from "@/components/admin/stats-overview"; +import { UserManagementTable } from "@/components/admin/user-management-table"; +import { UserGrowthChart } from "@/components/admin/user-growth-chart"; +import { PlatformUsageChart } from "@/components/admin/platform-usage-chart"; +import { ActivityLogs } from "@/components/admin/activity-logs"; +import { SystemControls } from "@/components/admin/system-controls"; +import { AdminStats, AdminUser, SystemEvent } from "@/types/admin"; +import { useApi } from "@/hooks/use-api"; + +// Mock data for initial render/development +const MOCK_STATS: AdminStats = { + totalUsers: 156, + userGrowth: 12, + activeUsers: 84, + totalWorkflows: 342, + systemHealth: "healthy", +}; + +const MOCK_GROWTH_DATA = Array.from({ length: 30 }, (_, i) => ({ + date: new Date(Date.now() - (29 - i) * 86400000).toLocaleDateString("en-US", { month: "short", day: "numeric" }), + users: 100 + Math.floor(Math.random() * 50) + i * 2, +})); + +const MOCK_USAGE_DATA = [ + { name: "Emails Sent", value: 4500 }, + { name: "Workflows", value: 1230 }, + { name: "Scrapers", value: 890 }, + { name: "API Calls", value: 15400 }, +]; + +const MOCK_USERS: AdminUser[] = [ + { id: "1", name: "John Doe", email: "john@example.com", image: null, role: "admin", status: "active", lastActive: new Date(), createdAt: new Date("2023-01-01") }, + { id: "2", name: "Jane Smith", email: "jane@company.com", image: null, role: "user", status: "active", lastActive: new Date(Date.now() - 86400000), createdAt: new Date("2023-02-15") }, + { id: "3", name: "Bob Johnson", email: "bob@test.com", image: null, role: "user", status: "inactive", lastActive: null, createdAt: new Date("2023-03-10") }, + { id: "4", name: "Alice Brown", email: "alice@demo.com", image: null, role: "user", status: "suspended", lastActive: new Date(Date.now() - 7 * 86400000), createdAt: new Date("2023-04-05") }, +]; + +const MOCK_LOGS: SystemEvent[] = [ + { id: "1", type: "info", message: "User John Doe logged in", timestamp: new Date(), metadata: { ip: "192.168.1.1" } }, + { id: "2", type: "success", message: "Workflow 'Lead Gen' completed successfully", timestamp: new Date(Date.now() - 3600000), metadata: { distinctId: "wf_123" } }, + { id: "3", type: "warning", message: "Rate limit approached for user Jane Smith", timestamp: new Date(Date.now() - 7200000) }, + { id: "4", type: "error", message: "Failed to connect to SMTP server", timestamp: new Date(Date.now() - 86400000), metadata: { retryCount: 3 } }, +]; + +export default function AdminDashboard() { + const [activeTab, setActiveTab] = useState("overview"); + const [stats, setStats] = useState(null); + const [users, setUsers] = useState([]); + const [logs, setLogs] = useState([]); + const [dbLoading, setDbLoading] = useState(true); + + const { get: getStats } = useApi(); + const { get: getUsers } = useApi<{ users: AdminUser[] }>(); + // const { get: getLogs } = useApi<{ logs: SystemEvent[] }>(); + + useEffect(() => { + const fetchData = async () => { + setDbLoading(true); + try { + const [statsData, usersData] = await Promise.all([ + getStats("/api/admin/stats"), + getUsers("/api/admin/users") + ]); + + if (statsData) setStats(statsData); + if (usersData?.users) setUsers(usersData.users); + setLogs(MOCK_LOGS); // Keep mock logs for now until API is ready + } catch (error) { + console.error("Failed to fetch admin data", error); + } finally { + setDbLoading(false); + } + }; + fetchData(); + }, [getStats, getUsers]); + + const handleUpdateStatus = async (userId: string, newStatus: "active" | "suspended") => { + // Optimistic update + setUsers(users.map(u => u.id === userId ? { ...u, status: newStatus } : u)); + + try { + const response = await fetch(`/api/admin/users/${userId}`, { + method: "PATCH", + headers: { "Content-Type": "application/json" }, + body: JSON.stringify({ status: newStatus }), + }); + + if (!response.ok) throw new Error("Failed to update status"); + } catch (error) { + console.error("Error updating status:", error); + // Revert optimistic update + setUsers(users.map(u => u.id === userId ? { ...u, status: "active" } : u)); // Reset to active or previous state + } + }; + + const handleUpdateRole = async (userId: string, newRole: "user" | "admin") => { + // Optimistic update + setUsers(users.map(u => u.id === userId ? { ...u, role: newRole } : u)); + + try { + const response = await fetch(`/api/admin/users/${userId}`, { + method: "PATCH", + headers: { "Content-Type": "application/json" }, + body: JSON.stringify({ role: newRole }), + }); + + if (!response.ok) throw new Error("Failed to update role"); + } catch (error) { + console.error("Error updating role:", error); + // Revert + setUsers(users.map(u => u.id === userId ? { ...u, role: "user" } : u)); + } + }; + + return ( +

+
+

Admin Dashboard

+

+ Manage users, view analytics, and control system settings +

+
+ + + + + + + + Overview + + + + Users + + + + Analytics + + + + System + + + + Logs + + + + +
+
+ +
+
+ +
+
+ + + + + + + User Management + Manage all platform users + + + + + + + + +
+ + +
+ + + + + + + + + + +
+ ); +} diff --git a/app/dashboard/businesses/page.tsx b/app/dashboard/businesses/page.tsx index 6f75ef590d7e4afa7e4e32aae8961557e2b572fa..647f2153a6a2ddb3b674e414de5faaacee8c3f73 100644 --- a/app/dashboard/businesses/page.tsx +++ b/app/dashboard/businesses/page.tsx @@ -11,6 +11,7 @@ import { bulkDeleteBusinesses } from "@/app/actions/business"; import { Trash2, Search, MapPin, Star } from "lucide-react"; import { toast } from "sonner"; import { Input } from "@/components/ui/input"; +import { generateCsrfToken } from "@/lib/csrf"; import { AlertDialog, AlertDialogAction, @@ -35,6 +36,7 @@ export default function BusinessesPage() { const [selectedIds, setSelectedIds] = useState([]); const [isModalOpen, setIsModalOpen] = useState(false); const [deleteDialogOpen, setDeleteDialogOpen] = useState(false); + const [csrfToken, setCsrfToken] = useState(""); // Pagination state const [currentPage, setCurrentPage] = useState(1); @@ -57,6 +59,11 @@ export default function BusinessesPage() { const { get: getBusinessesApi, loading: loadingBusinesses } = useApi<{ businesses: Business[], totalPages: number, page: number }>(); const { get: getCategoriesApi } = useApi<{ categories: string[] }>(); + // Generate CSRF token on mount + useEffect(() => { + setCsrfToken(generateCsrfToken()); + }, []); + // Debounce effect useEffect(() => { const timer = setTimeout(() => { @@ -101,7 +108,7 @@ export default function BusinessesPage() { const handleConfirmDelete = async () => { try { - await bulkDeleteBusinesses(selectedIds); + await bulkDeleteBusinesses(selectedIds, csrfToken); setBusinesses(prev => prev.filter(b => !selectedIds.includes(b.id))); setSelectedIds([]); toast.success("Deleted successfully"); diff --git a/app/dashboard/page.tsx b/app/dashboard/page.tsx index 4ba05ec972ccec8cb3c4d938d145da614ac9d737..78c938aa43600677ccb50a689a541f9754abdbda 100644 --- a/app/dashboard/page.tsx +++ b/app/dashboard/page.tsx @@ -6,7 +6,7 @@ import { BusinessTable } from "@/components/dashboard/business-table"; import { Card, CardContent, CardHeader, CardTitle, CardDescription } from "@/components/ui/card"; import { Button } from "@/components/ui/button"; import { Business } from "@/types"; -import { Users, Mail, TrendingUp, ArrowRight } from "lucide-react"; +import { Users, Mail, TrendingUp, ArrowRight, Activity } from "lucide-react"; import dynamic from "next/dynamic"; import { AnimatedContainer } from "@/components/animated-container"; import { useApi } from "@/hooks/use-api"; @@ -18,6 +18,11 @@ const EmailChart = dynamic(() => import("@/components/dashboard/email-chart"), { ssr: false }); +const LeadDemographicsChart = dynamic(() => import("@/components/dashboard/lead-demographics-chart"), { + loading: () => , + ssr: false +}); + interface DashboardStats { totalBusinesses: number; emailsSent: number; @@ -32,10 +37,16 @@ interface ChartDataPoint { opened: number; } +interface DemographicData { + name: string; + value: number; +} + export default function DashboardPage() { const [businesses, setBusinesses] = useState([]); const [stats, setStats] = useState(null); const [chartData, setChartData] = useState([]); + const [demographics, setDemographics] = useState([]); // API Hooks const { get: getBusinessesApi, loading: loadingBusinesses } = useApi<{ businesses: Business[] }>(); @@ -48,7 +59,23 @@ export default function DashboardPage() { getStatsApi("/api/dashboard/stats") ]); - if (businessData?.businesses) setBusinesses(businessData.businesses); + if (businessData?.businesses) { + setBusinesses(businessData.businesses); + + // Calculate demographics from businesses + const typeCount: Record = {}; + businessData.businesses.forEach((b) => { + const type = b.category || "Unknown"; + typeCount[type] = (typeCount[type] || 0) + 1; + }); + + const demoData = Object.entries(typeCount) + .map(([name, value]) => ({ name, value })) + .sort((a, b) => b.value - a.value) + .slice(0, 5); // Top 5 + + setDemographics(demoData); + } if (statsData) { setStats(statsData.stats); setChartData(statsData.chartData || []); @@ -78,25 +105,31 @@ export default function DashboardPage() { {/* Primary Stats */}
{loadingStats || !stats ? ( - Array.from({ length: 4 }).map((_, i) => ( - - )) + <> + + + + + ) : ( <> - + - + - Daily Quota - + Email Quota +
{stats.quotaUsed} / {stats.quotaLimit}
+

+ {Math.round((stats.quotaUsed / stats.quotaLimit) * 100)}% used +

= stats.quotaLimit ? 'bg-red-500' : 'bg-blue-500'}`} @@ -125,16 +158,14 @@ export default function DashboardPage() { - {/* Recent Activity / Demographics Placeholder */} + {/* Lead Demographics */} Lead Demographics Business types distribution -
- Coming Soon: Business Type Chart -
+
@@ -148,12 +179,12 @@ export default function DashboardPage() { - { }} onSendEmail={() => { }} isLoading={loadingBusinesses} - /> + />
diff --git a/app/dashboard/settings/page.tsx b/app/dashboard/settings/page.tsx index 0dd5b5f33d9adb2fb80bf5de9b56f20289805608..0aa80ab47f24f151560d49eab6652a6adc20f022 100644 --- a/app/dashboard/settings/page.tsx +++ b/app/dashboard/settings/page.tsx @@ -29,6 +29,7 @@ import { import { Moon, Sun, LogOut, Trash2, AlertTriangle, Palette } from "lucide-react"; import { MailSettings } from "@/components/mail/mail-settings"; import { SocialSettings } from "@/components/settings/social-settings"; +import { WhatsAppSettings } from "@/components/settings/whatsapp-settings"; interface StatusResponse { database: boolean; @@ -44,7 +45,16 @@ export default function SettingsPage() { const [isSavingNotifications, setIsSavingNotifications] = useState(false); // API Hooks - const { get: getSettings, patch: patchSettings, loading: settingsLoading } = useApi<{ user: UserProfile & { isGeminiKeySet: boolean, isGmailConnected: boolean, isLinkedinCookieSet: boolean }, connectedAccounts: ConnectedAccount[] }>(); + const { get: getSettings, patch: patchSettings, loading: settingsLoading } = useApi<{ + user: UserProfile & { + isGeminiKeySet: boolean, + isGmailConnected: boolean, + isLinkedinCookieSet: boolean, + whatsappBusinessPhone?: string, + isWhatsappConfigured?: boolean + }, + connectedAccounts: ConnectedAccount[] + }>(); const { get: getStatus, loading: statusLoading } = useApi(); const { del: deleteUserFn, loading: deletingUser } = useApi(); const { del: deleteDataFn, loading: deletingData } = useApi(); @@ -54,7 +64,9 @@ export default function SettingsPage() { // API Key State const [geminiApiKey, setGeminiApiKey] = useState(""); const [isGeminiKeySet, setIsGeminiKeySet] = useState(false); + const [isGeminiKeySet, setIsGeminiKeySet] = useState(false); const [isGmailConnected, setIsGmailConnected] = useState(false); + const [whatsappConfig, setWhatsappConfig] = useState({ phone: "", configured: false }); const [connectedAccounts, setConnectedAccounts] = useState([]); // Connection Status State @@ -96,6 +108,10 @@ export default function SettingsPage() { } setIsGeminiKeySet(settingsData.user.isGeminiKeySet); setIsGmailConnected(settingsData.user.isGmailConnected); + setWhatsappConfig({ + phone: settingsData.user.whatsappBusinessPhone || "", + configured: !!settingsData.user.isWhatsappConfigured + }); if (settingsData.connectedAccounts) { setConnectedAccounts(settingsData.connectedAccounts); @@ -565,6 +581,14 @@ export default function SettingsPage() {
+ {/* WhatsApp Settings */} +
+ +
+ {/* Mail Settings (Gmail) */}
diff --git a/app/dashboard/workflows/builder/[id]/page.tsx b/app/dashboard/workflows/builder/[id]/page.tsx index 965aa45f5aebabc5328a9e5138b62c2fd45abb38..d3c9e15da5a1c88a53b5f659615d8e823ce54c64 100644 --- a/app/dashboard/workflows/builder/[id]/page.tsx +++ b/app/dashboard/workflows/builder/[id]/page.tsx @@ -132,8 +132,8 @@ export default function WorkflowBuilderPage() {
- {/* Editor Area */} -
+ {/* Editor Area - Fullscreen Canvas */} +
[]) || []} initialEdges={(workflow.edges as Edge[]) || []} diff --git a/app/layout.tsx b/app/layout.tsx index 94e2f0d781245c20ec045635a91ff599f7e8c300..bfba9dbbc42a14aa35193ce7dbb7a415a93b313a 100644 --- a/app/layout.tsx +++ b/app/layout.tsx @@ -1,6 +1,7 @@ import type { Metadata } from "next"; import { Inter } from "next/font/google"; import "./globals.css"; +import "./animations.css"; import "./cursor-styles.css"; import { Providers } from "./providers"; import { Toaster } from "@/components/ui/sonner"; diff --git a/app/page.tsx b/app/page.tsx index c2f9e6a928cc2c6cb466b13e0f55486156d9ca5e..c1fa4067a0dc1dcfdee2d2c660df50b047253d7b 100644 --- a/app/page.tsx +++ b/app/page.tsx @@ -8,209 +8,272 @@ import { Mail, BarChart3, CheckCircle2, + Users, + Layers, } from "lucide-react"; import { useSession } from "next-auth/react"; import { useRouter } from "next/navigation"; -import { useEffect } from "react"; +import { useEffect, useState } from "react"; export default function Home() { const { data: session } = useSession(); const router = useRouter(); + const [offset, setOffset] = useState(0); // Redirect to dashboard if logged in useEffect(() => { - if (session?.user) { - router.push("/dashboard"); - } + if (session?.user) router.push("/dashboard"); }, [session, router]); + // Lightweight parallax scroll handler + useEffect(() => { + const onScroll = () => setOffset(window.scrollY || 0); + onScroll(); + window.addEventListener("scroll", onScroll, { passive: true }); + return () => window.removeEventListener("scroll", onScroll); + }, []); + + // IntersectionObserver to trigger entrance animations for elements with .animate-on-scroll + useEffect(() => { + if (typeof window === "undefined") return; + + const els = Array.from(document.querySelectorAll(".animate-on-scroll")); + if (!els.length) return; + + const observer = new IntersectionObserver( + (entries) => { + entries.forEach((entry) => { + if (entry.isIntersecting) { + const el = entry.target as HTMLElement; + el.classList.add("animate-slide-in-up"); + el.classList.remove("opacity-0"); + observer.unobserve(el); + } + }); + }, + { threshold: 0.12 } + ); + + els.forEach((el) => { + el.classList.add("opacity-0"); + observer.observe(el); + }); + + return () => observer.disconnect(); + }, []); + return ( -
- {/* Navigation */} -