replit/timmy-tower
2
0
Fork 0
Code Issues 26 Pull Requests 5 Actions Packages Projects Releases Wiki Activity
Files
3d15512e5094fba4df6148b44fcff3cc48335051
timmy-tower/artifacts/api-server/src/app.ts
alexpaynex ac3493fc69 task/33: Relay admin panel at /admin/relay (post-review fixes) 
## What was built
Relay operator dashboard at GET /admin/relay (clean URL, not under /api).
Served as inline vanilla-JS HTML from Express, no build step.

## Routing
admin-relay-panel.ts imported in app.ts and mounted directly via app.use()
BEFORE the /tower static middleware — so /admin/relay is the canonical URL.
Removed from routes/index.ts to avoid /api/admin/relay duplication.

## Auth (env var aligned: ADMIN_TOKEN)
- Backend (admin-relay.ts): checks ADMIN_TOKEN first, falls back to ADMIN_SECRET
  for backward compatibility. requireAdmin exported for reuse in queue router.
- admin-relay-queue.ts: removed duplicated requireAdmin, imports from admin-relay.ts
- Frontend: prompt text says "ADMIN_TOKEN", localStorage key 'relay_admin_token',
  token stored after successful /api/admin/relay/stats 401 probe.

## Stats endpoint (GET /api/admin/relay/stats) — 3 fixes:
1. approvedToday: now filters AND(status IN ('approved','auto_approved'),
   decidedAt >= UTC midnight today). Previously counted all statuses.
2. liveConnections: fetches STRFRY_URL/stats with 2s AbortSignal timeout.
   Returns null gracefully when strfry is unavailable (dev/non-Docker).
3. Drizzle imports updated: and(), inArray() added.

## Queue endpoint: contentPreview added
GET /api/admin/relay/queue response now includes contentPreview (string|null):
  JSON.parse(rawEvent).content sliced to 120 chars; gracefully null on failure.

## Admin panel features
Stats bar (4 metric cards): Pending review (yellow), Approved today (green),
Accounts (purple), Relay connections (blue — null → "n/a" in UI).

Queue tab: fetches /admin/relay/queue?status=pending (pending-only, per spec).
Columns: Event ID, Pubkey, Kind, Content preview, Status pill, Queued, Actions.
Approve/Reject buttons; 15s auto-refresh; toast feedback.

Accounts tab: whitelist table, Revoke per-row (with confirm dialog), Grant form
(pubkey + access level + notes, 64-char hex validation before POST).

Navigation: ← Timmy UI, Workshop links; Log out clears token + stops timer.

## Smoke tests (all pass, TypeScript 0 errors)
GET /admin/relay → 200 HTML title ✓; screenshot shows auth gate ✓
GET /api/admin/relay/stats → correct fields incl. liveConnections:null ✓
Queue ?status=pending filter ✓; contentPreview in queue response ✓
2026-03-19 20:50:38 +00:00

186 lines
5.8 KiB
TypeScript
Raw Blame History

import express, { type Express } from "express";
import cors from "cors";
import path from "path";
import router from "./routes/index.js";
import adminRelayPanelRouter from "./routes/admin-relay-panel.js";
import { responseTimeMiddleware } from "./middlewares/response-time.js";
const app: Express = express();
app.set("trust proxy", 1);
// ── CORS (#5) ────────────────────────────────────────────────────────────────
// CORS_ORIGINS = comma-separated list of allowed origins.
// Default in production: alexanderwhitestone.com (and www. variant).
// Default in development: all origins permitted.
const isProd = process.env["NODE_ENV"] === "production";
const rawOrigins = process.env["CORS_ORIGINS"];
const allowedOrigins: string[] = rawOrigins
? rawOrigins.split(",").map((o) => o.trim()).filter(Boolean)
: isProd
? [
"https://alexanderwhitestone.com",
"https://www.alexanderwhitestone.com",
"https://alexanderwhitestone.ai",
"https://www.alexanderwhitestone.ai",
]
: [];
app.use(
cors({
origin:
allowedOrigins.length === 0
? true
: (origin, callback) => {
if (!origin || allowedOrigins.includes(origin)) {
callback(null, true);
} else {
callback(new Error(`CORS: origin '${origin}' not allowed`));
}
},
credentials: true,
methods: ["GET", "POST", "PATCH", "DELETE", "OPTIONS"],
allowedHeaders: ["Content-Type", "Authorization", "X-Session-Token", "X-Nostr-Token"],
exposedHeaders: ["X-Session-Token", "X-Nostr-Token"],
}),
);
app.use(express.json());
app.use(express.urlencoded({ extended: true }));
app.use(responseTimeMiddleware);
app.use("/api", router);
// ── Relay admin panel at /admin/relay ────────────────────────────────────────
// Served outside /api so the URL is clean: /admin/relay (not /api/admin/relay).
app.use(adminRelayPanelRouter);
// ── Tower (Matrix 3D frontend) ───────────────────────────────────────────────
// Serve the pre-built Three.js world at /tower. WS client auto-connects to
// /api/ws on the same host. process.cwd() = workspace root at runtime.
const towerDist = path.resolve(process.cwd(), "the-matrix", "dist");
app.use("/tower", express.static(towerDist));
app.get("/tower/*splat", (_req, res) => res.sendFile(path.join(towerDist, "index.html")));
// Vite builds asset references as absolute /assets/... paths.
// Mirror them at the root so the browser can load them from /tower.
app.use("/assets", express.static(path.join(towerDist, "assets")));
app.use("/sw.js", express.static(path.join(towerDist, "sw.js")));
app.use("/manifest.json", express.static(path.join(towerDist, "manifest.json")));
app.get("/", (_req, res) => {
res.setHeader("Content-Type", "text/html");
res.send(`<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1.0"/>
<title>Alexander Whitestone</title>
<style>
*, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
html, body {
height: 100%;
background: #050508;
color: #e8e8f0;
font-family: 'SF Mono', 'Fira Code', 'Courier New', monospace;
display: flex;
align-items: center;
justify-content: center;
overflow: hidden;
}
canvas {
position: fixed;
inset: 0;
z-index: 0;
opacity: 0.18;
}
main {
position: relative;
z-index: 1;
text-align: center;
display: flex;
flex-direction: column;
align-items: center;
gap: 40px;
}
h1 {
font-family: system-ui, sans-serif;
font-size: clamp(1.4rem, 4vw, 2.4rem);
font-weight: 300;
letter-spacing: 0.25em;
text-transform: uppercase;
color: #c8c8d8;
}
h1 em {
font-style: normal;
color: #f7931a;
}
p {
color: #44445a;
font-size: 0.78rem;
letter-spacing: 0.15em;
max-width: 320px;
line-height: 1.8;
}
a.enter {
display: inline-block;
padding: 14px 48px;
border: 1px solid #2a2a3a;
border-radius: 4px;
color: #6b6b80;
font-size: 0.72rem;
letter-spacing: 0.3em;
text-transform: uppercase;
text-decoration: none;
transition: border-color 0.3s, color 0.3s;
cursor: pointer;
}
a.enter:hover {
border-color: #f7931a44;
color: #f7931a;
}
</style>
</head>
<body>
<canvas id="c"></canvas>
<main>
<h1>Alexander <em>Whitestone</em></h1>
<p>AI infrastructure &amp; Lightning-native agents.</p>
<a class="enter" href="/tower">enter</a>
</main>
<script>
// Subtle falling-digit rain behind the landing page
const canvas = document.getElementById('c');
const ctx = canvas.getContext('2d');
let cols, drops;
function resize() {
canvas.width = window.innerWidth;
canvas.height = window.innerHeight;
cols = Math.floor(canvas.width / 18);
drops = Array.from({ length: cols }, () => Math.random() * -80 | 0);
}
resize();
window.addEventListener('resize', resize);
setInterval(() => {
ctx.fillStyle = 'rgba(5,5,8,0.15)';
ctx.fillRect(0, 0, canvas.width, canvas.height);
ctx.fillStyle = '#f7931a';
ctx.font = '13px monospace';
drops.forEach((y, i) => {
const ch = Math.random() > 0.5
? String.fromCharCode(0x30A0 + Math.random() * 96 | 0)
: (Math.random() * 10 | 0).toString();
ctx.fillText(ch, i * 18, y * 18);
if (y * 18 > canvas.height && Math.random() > 0.97) drops[i] = 0;
else drops[i]++;
});
}, 60);
</script>
</body>
</html>`);
});
app.get("/api", (_req, res) => res.redirect("/api/ui"));
export default app;
Reference in New Issue View Git Blame Copy Permalink