feat: adicionar painel de máquinas e autenticação por agente

2025-10-07 21:37:41 -03:00 · 2025-10-07 21:37:41 -03:00 · ee18619519
commit ee18619519
parent e2a5b560b1
52 changed files with 7598 additions and 1 deletions
--- a/src/app/api/machines/sessions/route.ts
+++ b/src/app/api/machines/sessions/route.ts
@ -0,0 +1,96 @@
+import { NextResponse } from "next/server"
+import { z } from "zod"
+import { ConvexHttpClient } from "convex/browser"
+
+import { api } from "@/convex/_generated/api"
+import type { Id } from "@/convex/_generated/dataModel"
+import { env } from "@/lib/env"
+import { DEFAULT_TENANT_ID } from "@/lib/constants"
+import { ensureMachineAccount } from "@/server/machines-auth"
+import { auth } from "@/lib/auth"
+
+const sessionSchema = z.object({
+  machineToken: z.string().min(1),
+  rememberMe: z.boolean().optional(),
+})
+
+export async function POST(request: Request) {
+  if (request.method !== "POST") {
+    return NextResponse.json({ error: "Método não permitido" }, { status: 405 })
+  }
+
+  const convexUrl = env.NEXT_PUBLIC_CONVEX_URL
+  if (!convexUrl) {
+    return NextResponse.json({ error: "Convex não configurado" }, { status: 500 })
+  }
+
+  let payload
+  try {
+    const raw = await request.json()
+    payload = sessionSchema.parse(raw)
+  } catch (error) {
+    return NextResponse.json({ error: "Payload inválido", details: error instanceof Error ? error.message : String(error) }, { status: 400 })
+  }
+
+  const client = new ConvexHttpClient(convexUrl)
+
+  try {
+    const resolved = await client.mutation(api.machines.resolveToken, { machineToken: payload.machineToken })
+    let machineEmail = resolved.machine.authEmail ?? null
+
+    if (!machineEmail) {
+      const account = await ensureMachineAccount({
+        machineId: resolved.machine._id,
+        tenantId: resolved.machine.tenantId ?? DEFAULT_TENANT_ID,
+        hostname: resolved.machine.hostname,
+        machineToken: payload.machineToken,
+      })
+
+      await client.mutation(api.machines.linkAuthAccount, {
+        machineId: resolved.machine._id as Id<"machines">,
+        authUserId: account.authUserId,
+        authEmail: account.authEmail,
+      })
+
+      machineEmail = account.authEmail
+    }
+
+    const signIn = await auth.api.signInEmail({
+      body: {
+        email: machineEmail,
+        password: payload.machineToken,
+        rememberMe: payload.rememberMe ?? true,
+      },
+      returnHeaders: true,
+    })
+
+    const response = NextResponse.json(
+      {
+        ok: true,
+        machine: {
+          id: resolved.machine._id,
+          hostname: resolved.machine.hostname,
+          osName: resolved.machine.osName,
+          osVersion: resolved.machine.osVersion,
+          architecture: resolved.machine.architecture,
+          status: resolved.machine.status,
+          lastHeartbeatAt: resolved.machine.lastHeartbeatAt,
+          companyId: resolved.machine.companyId,
+          companySlug: resolved.machine.companySlug,
+          metadata: resolved.machine.metadata,
+        },
+        session: signIn.response,
+      },
+      { status: 200 }
+    )
+
+    signIn.headers.forEach((value, key) => {
+      response.headers.set(key, value)
+    })
+
+    return response
+  } catch (error) {
+    console.error("[machines.sessions] Falha ao criar sessão", error)
+    return NextResponse.json({ error: "Falha ao autenticar máquina" }, { status: 500 })
+  }
+}