| 3e3af55 | | | 1 | import Fastify from "fastify"; |
| 3e3af55 | | | 2 | import cors from "@fastify/cors"; |
| 3e3af55 | | | 3 | import jwt from "@fastify/jwt"; |
| 90d5eb8 | | | 4 | import multipart from "@fastify/multipart"; |
| 3c994d3 | | | 5 | import type Database from "better-sqlite3"; |
| 3e3af55 | | | 6 | import { initDatabase } from "./services/database.js"; |
| 3e3af55 | | | 7 | import { repoRoutes } from "./routes/repos.js"; |
| d12933e | | | 8 | import { diffRoutes } from "./routes/diffs.js"; |
| 1da9874 | | | 9 | import { canopyRoutes, canopyGlobalRoutes, canopyWebhookRoute } from "./routes/canopy.js"; |
| 3cbdca6 | | | 10 | import { ringRoutes } from "./routes/ring.js"; |
| 80fafdf | | | 11 | import { CanopyRunner } from "./services/canopy-runner.js"; |
| 80fafdf | | | 12 | import { CanopyPoller } from "./services/canopy-poller.js"; |
| 5bcd5db | | | 13 | import { CanopyEventBus } from "./services/canopy-events.js"; |
| 966d71f | | | 14 | import { MononokeProvisioner } from "./services/mononoke-provisioner.js"; |
| e5b523e | | | 15 | import { PagesDeployer } from "./services/pages-deployer.js"; |
| 3e3af55 | | | 16 | |
| 3e3af55 | | | 17 | const app = Fastify({ |
| 3e3af55 | | | 18 | logger: { |
| 3e3af55 | | | 19 | level: process.env.LOG_LEVEL ?? "info", |
| 3e3af55 | | | 20 | transport: |
| 3e3af55 | | | 21 | process.env.NODE_ENV !== "production" |
| 3e3af55 | | | 22 | ? { target: "pino-pretty" } |
| 3e3af55 | | | 23 | : undefined, |
| 3e3af55 | | | 24 | }, |
| 3e3af55 | | | 25 | }); |
| 3e3af55 | | | 26 | |
| 3e3af55 | | | 27 | // Plugins |
| 3e3af55 | | | 28 | await app.register(cors, { |
| a33b2b6 | | | 29 | origin: (process.env.CORS_ORIGIN ?? "http://localhost:3000") |
| a33b2b6 | | | 30 | .split(",") |
| a33b2b6 | | | 31 | .map((origin) => origin.trim()) |
| a33b2b6 | | | 32 | .filter(Boolean), |
| 3e3af55 | | | 33 | }); |
| 3e3af55 | | | 34 | |
| 3e3af55 | | | 35 | await app.register(jwt, { |
| 3c994d3 | | | 36 | secret: process.env.JWT_SECRET ?? "grove-dev-secret", |
| 3e3af55 | | | 37 | }); |
| 3e3af55 | | | 38 | |
| 90d5eb8 | | | 39 | await app.register(multipart, { |
| 90d5eb8 | | | 40 | limits: { fileSize: 500 * 1024 * 1024 }, // 500MB |
| 90d5eb8 | | | 41 | }); |
| 90d5eb8 | | | 42 | |
| 3e3af55 | | | 43 | // Initialize database |
| 3e3af55 | | | 44 | const db = initDatabase( |
| 3e3af55 | | | 45 | process.env.DATABASE_PATH ?? "./data/grove.db" |
| 3e3af55 | | | 46 | ); |
| 3e3af55 | | | 47 | |
| 3e3af55 | | | 48 | // Make db available to routes |
| 3e3af55 | | | 49 | app.decorate("db", db); |
| 3e3af55 | | | 50 | |
| 3c994d3 | | | 51 | // Upsert a local user record from hub JWT claims for FK references |
| 3c994d3 | | | 52 | function ensureLocalUser( |
| 3c994d3 | | | 53 | database: Database.Database, |
| 3c994d3 | | | 54 | user: { id: number; username: string; display_name?: string } |
| 3c994d3 | | | 55 | ) { |
| 3c994d3 | | | 56 | database |
| 3c994d3 | | | 57 | .prepare( |
| 3c994d3 | | | 58 | `INSERT INTO users (id, username, display_name, updated_at) |
| 3c994d3 | | | 59 | VALUES (?, ?, ?, datetime('now')) |
| 3c994d3 | | | 60 | ON CONFLICT(id) DO UPDATE SET |
| 3c994d3 | | | 61 | username = excluded.username, |
| 3c994d3 | | | 62 | display_name = excluded.display_name, |
| 3c994d3 | | | 63 | updated_at = datetime('now')` |
| 3c994d3 | | | 64 | ) |
| 3c994d3 | | | 65 | .run(user.id, user.username, user.display_name ?? user.username); |
| 3c994d3 | | | 66 | } |
| 3c994d3 | | | 67 | |
| 79efd41 | | | 68 | // Upsert a local org record from hub API for FK references |
| 79efd41 | | | 69 | function ensureLocalOrg( |
| 79efd41 | | | 70 | database: Database.Database, |
| 79efd41 | | | 71 | org: { id: number; name: string; display_name?: string } |
| 79efd41 | | | 72 | ) { |
| 79efd41 | | | 73 | database |
| 79efd41 | | | 74 | .prepare( |
| 79efd41 | | | 75 | `INSERT INTO orgs (id, name, display_name, updated_at) |
| 79efd41 | | | 76 | VALUES (?, ?, ?, datetime('now')) |
| 79efd41 | | | 77 | ON CONFLICT(id) DO UPDATE SET |
| 79efd41 | | | 78 | name = excluded.name, |
| 79efd41 | | | 79 | display_name = excluded.display_name, |
| 79efd41 | | | 80 | updated_at = datetime('now')` |
| 79efd41 | | | 81 | ) |
| 79efd41 | | | 82 | .run(org.id, org.name, org.display_name ?? org.name); |
| 79efd41 | | | 83 | } |
| 79efd41 | | | 84 | |
| 79efd41 | | | 85 | app.decorate("ensureLocalOrg", ensureLocalOrg.bind(null, db)); |
| 79efd41 | | | 86 | |
| 3c994d3 | | | 87 | // Auth decorator — verifies hub-signed JWTs and ensures local user exists |
| 3c994d3 | | | 88 | app.decorate("authenticate", async function (request: any, reply: any) { |
| 3c994d3 | | | 89 | try { |
| 3c994d3 | | | 90 | await request.jwtVerify(); |
| 3c994d3 | | | 91 | const { id, username, display_name } = request.user as any; |
| 3c994d3 | | | 92 | ensureLocalUser(db, { id, username, display_name }); |
| 3c994d3 | | | 93 | } catch (err) { |
| 3c994d3 | | | 94 | reply.code(401).send({ error: "Unauthorized" }); |
| 3c994d3 | | | 95 | } |
| 3c994d3 | | | 96 | }); |
| 3c994d3 | | | 97 | |
| 966d71f | | | 98 | // Mononoke repo provisioner |
| 966d71f | | | 99 | const mononokeProvisioner = new MononokeProvisioner( |
| 966d71f | | | 100 | process.env.MONONOKE_CONFIG_PATH ?? "/data/grove/mononoke-config", |
| 6c9fcae | | | 101 | app.log, |
| 6c9fcae | | | 102 | process.env.GROVE_BRIDGE_URL ?? "http://grove-bridge:3100" |
| 966d71f | | | 103 | ); |
| 966d71f | | | 104 | app.decorate("mononokeProvisioner", mononokeProvisioner); |
| 966d71f | | | 105 | |
| fb964da | | | 106 | // Health check — verifies DB is accessible (catches migration failures, corruption) |
| fb964da | | | 107 | app.get("/health", async (_req, reply) => { |
| fb964da | | | 108 | try { |
| fb964da | | | 109 | db.prepare("SELECT 1").get(); |
| fb964da | | | 110 | return { status: "ok", service: "grove-api" }; |
| fb964da | | | 111 | } catch { |
| fb964da | | | 112 | return reply.code(503).send({ status: "error", service: "grove-api", reason: "database unavailable" }); |
| fb964da | | | 113 | } |
| fb964da | | | 114 | }); |
| 3e3af55 | | | 115 | |
| 80fafdf | | | 116 | // Canopy CI/CD |
| 80fafdf | | | 117 | const canopyEnabled = process.env.CANOPY_ENABLED === "true"; |
| 80fafdf | | | 118 | |
| 5bcd5db | | | 119 | const canopyEventBus = new CanopyEventBus(); |
| 5bcd5db | | | 120 | app.decorate("canopyEventBus", canopyEventBus); |
| 5bcd5db | | | 121 | |
| 80fafdf | | | 122 | let runner: CanopyRunner | undefined; |
| 80fafdf | | | 123 | if (canopyEnabled) { |
| 1e64dbc | | | 124 | const workspaceDir = process.env.CANOPY_WORKSPACE_DIR ?? "./data/canopy/workspaces"; |
| 80fafdf | | | 125 | runner = new CanopyRunner( |
| 80fafdf | | | 126 | db, |
| 80fafdf | | | 127 | process.env.GROVE_BRIDGE_URL ?? "http://localhost:3100", |
| 1e64dbc | | | 128 | workspaceDir, |
| 1e64dbc | | | 129 | process.env.CANOPY_WORKSPACE_HOST_DIR ?? workspaceDir, |
| 80fafdf | | | 130 | process.env.JWT_SECRET ?? "grove-dev-secret", |
| 5bcd5db | | | 131 | app.log, |
| 5bcd5db | | | 132 | canopyEventBus |
| 80fafdf | | | 133 | ); |
| 80fafdf | | | 134 | app.decorate("canopyRunner", runner); |
| 80fafdf | | | 135 | } |
| 80fafdf | | | 136 | |
| e5b523e | | | 137 | // Pages static site hosting |
| e5b523e | | | 138 | const pagesDeployer = new PagesDeployer( |
| e5b523e | | | 139 | db, |
| e5b523e | | | 140 | process.env.GROVE_BRIDGE_URL ?? "http://localhost:3100", |
| e5b523e | | | 141 | process.env.PAGES_SITES_DIR ?? "./data/pages/sites", |
| e5b523e | | | 142 | app.log |
| e5b523e | | | 143 | ); |
| e5b523e | | | 144 | app.decorate("pagesDeployer", pagesDeployer); |
| e5b523e | | | 145 | |
| e5b523e | | | 146 | // Caddy on-demand TLS ask endpoint |
| e5b523e | | | 147 | app.get("/api/pages/ask", async (request: any, reply: any) => { |
| e5b523e | | | 148 | const domain = (request.query as any).domain; |
| e5b523e | | | 149 | if (!domain) { |
| e5b523e | | | 150 | return reply.code(400).send("missing domain"); |
| e5b523e | | | 151 | } |
| e5b523e | | | 152 | if (pagesDeployer.isDomainConfigured(domain)) { |
| e5b523e | | | 153 | return reply.code(200).send("ok"); |
| e5b523e | | | 154 | } |
| e5b523e | | | 155 | return reply.code(404).send("not configured"); |
| e5b523e | | | 156 | }); |
| e5b523e | | | 157 | |
| 3e3af55 | | | 158 | // Routes |
| 3e3af55 | | | 159 | await app.register(repoRoutes, { prefix: "/api/repos" }); |
| d12933e | | | 160 | await app.register(diffRoutes, { prefix: "/api/repos" }); |
| f0bb192 | | | 161 | await app.register(canopyRoutes, { prefix: "/api/repos" }); |
| 1da9874 | | | 162 | await app.register(canopyGlobalRoutes, { prefix: "/api" }); |
| f0bb192 | | | 163 | await app.register(canopyWebhookRoute, { prefix: "/api" }); |
| 3cbdca6 | | | 164 | await app.register(ringRoutes, { prefix: "/api" }); |
| 3e3af55 | | | 165 | |
| 3e3af55 | | | 166 | // Start |
| 3e3af55 | | | 167 | const port = parseInt(process.env.PORT ?? "4000", 10); |
| 3e3af55 | | | 168 | const host = process.env.HOST ?? "0.0.0.0"; |
| 3e3af55 | | | 169 | |
| 3e3af55 | | | 170 | try { |
| 3e3af55 | | | 171 | await app.listen({ port, host }); |
| 3e3af55 | | | 172 | app.log.info(`Grove API server running at http://${host}:${port}`); |
| 80fafdf | | | 173 | |
| 80fafdf | | | 174 | // Start Canopy poller after server is listening |
| 80fafdf | | | 175 | if (canopyEnabled && runner) { |
| 80fafdf | | | 176 | const poller = new CanopyPoller( |
| 80fafdf | | | 177 | db, |
| 80fafdf | | | 178 | process.env.GROVE_BRIDGE_URL ?? "http://localhost:3100", |
| 80fafdf | | | 179 | runner, |
| e5b523e | | | 180 | pagesDeployer, |
| 80fafdf | | | 181 | app.log |
| 80fafdf | | | 182 | ); |
| 80fafdf | | | 183 | poller.start(15000); |
| 80fafdf | | | 184 | app.log.info("Canopy CI/CD enabled — polling every 15s"); |
| 80fafdf | | | 185 | } |
| 3e3af55 | | | 186 | } catch (err) { |
| 3e3af55 | | | 187 | app.log.error(err); |
| 3e3af55 | | | 188 | process.exit(1); |
| 3e3af55 | | | 189 | } |