Feat/profile editor (#910)

* feat: profile editor

* fix: profile video download

* feat: dreamsync integration

* fix: update lockfile

* fix: dreamsync profile patch

* fix: actions

* fix: remove unused shad components

* fix: format

* fix: build

* fix: lockfile

* fix: ai suggestions

* fix: add missing headers for file upload

* fix: update dependencies and clean up prepare script

* fix: normalize ACL entries and improve error handling in EVaultProfileService

* fix: reorder and format dependencies in package.json

* fix: enhance URL normalization and validation in SocialLinksSection

* fix: update package dependencies in pnpm-lock.yaml for improved compatibility

* fix: improve error handling for createMetaEnvelope in EVaultProfileService

* fix: enhance access control logic for profile assets in ProfileController

* fix: normalize eName before setting in headers for GraphQLClient

* fix: enhance educational and work experience sections with improved labels and placeholders

* feat: add logo and favicon images for profile editor

* fix: replace native select with custom Select component for platform selection

* resolve pnpm-lock.yaml merge conflict

* fix: dreamsync warns

* fix: explicit pub priv profile behaviour

* fix: dreamsync profile visibility

---------

Co-authored-by: Bekiboo <julien.connault@gmail.com>

Author: sosweetham

.env.example

@@ -92,6 +92,7 @@ PUBLIC_PROVISIONER_SHARED_SECRET="your-provisioner-shared-secret"
 
 PUBLIC_ESIGNER_BASE_URL="http://localhost:3004"
 PUBLIC_FILE_MANAGER_BASE_URL="http://localhost:3005"
+PUBLIC_PROFILE_EDITOR_BASE_URL="http://localhost:3006"
 
 DREAMSYNC_DATABASE_URL=postgresql://postgres:postgres@localhost:5432/dreamsync
 VITE_DREAMSYNC_BASE_URL="http://localhost:8888"

.npmrc

@@ -1,3 +1,2 @@
 optional=true
 strict-peer-dependencies=false
-

README.md

@@ -9,6 +9,7 @@
 ### Port Assignments
 
 #### Core Services (Always Running)
+
 - **4321** - Registry Service
 - **3001** - evault-core Provisioning API (Express)
 - **4000** - evault-core GraphQL/HTTP API (Fastify)
@@ -17,6 +18,7 @@
 - **7687** - Neo4j Bolt Protocol
 
 #### Platform APIs
+
 - **3000** - Blabsy W3DS Auth API
 - **3002** - Cerberus API
 - **3003** - Group Charter Manager API
@@ -28,6 +30,7 @@
 - **1111** - Pictique API
 
 #### Frontend Services
+
 - **8080** - Dev sandbox (W3DS) / Blabsy Frontend
 - **5173** - Pictique Frontend
 - **3004** - Group Charter Manager Frontend
@@ -37,19 +40,24 @@
 ### Docker Compose Profiles
 
 #### `socials` Profile
+
 Runs core services plus social media platforms:
+
 - Core: registry, evault-core, postgres, neo4j
 - Pictique API + Frontend
 - Blabsy API + Frontend
 
 #### `charter-blabsy` Profile
+
 Runs core services plus charter and blabsy:
+
 - Core: registry, evault-core, postgres, neo4j
 - Group Charter Manager API + Frontend
 - Blabsy API + Frontend
 - Cerberus
 
 #### `all` Profile
+
 Runs all services (core + all APIs + all frontends)
 
 ### Usage

docs/docusaurus.config.ts

@@ -46,6 +46,7 @@ const config: Config = {
                     sidebarPath: './sidebars.ts',
                     editUrl: 'https://github.com/MetaState-Prototype-Project/prototype/tree/main/docs/',
                 },
+                blog: false,
             } satisfies Preset.Options,
         ],
     ],

infrastructure/control-panel/config/admin-enames.json

@@ -3,9 +3,6 @@
 		"@7218b67d-da21-54d6-9a85-7c4db1d09768",
 		"@82f7a77a-f03a-52aa-88fc-1b1e488ad498",
 		"@35a31f0d-dd76-5780-b383-29f219fcae99",
-		"@82f7a77a-f03a-52aa-88fc-1b1e488ad498",
-		"@af7e4f55-ad9d-537c-81ef-4f3a234bdd2c",
-		"@6e1bbcd4-1f59-5bd8-aa3c-6f5301c356d7",
-		"@b995a88a-90d1-56fc-ba42-1e1eb664861c"
+		"@82f7a77a-f03a-52aa-88fc-1b1e488ad498"
 	]
 }

packages/auth/package.json

@@ -0,0 +1,33 @@
+{
+	"name": "@metastate-foundation/auth",
+	"version": "0.1.0",
+	"description": "Shared authentication utilities for w3ds platform APIs",
+	"type": "module",
+	"scripts": {
+		"build": "tsc -p tsconfig.json",
+		"check-types": "tsc --noEmit",
+		"postinstall": "npm run build"
+	},
+	"main": "./dist/index.js",
+	"types": "./dist/index.d.ts",
+	"exports": {
+		".": {
+			"types": "./dist/index.d.ts",
+			"import": "./dist/index.js",
+			"require": "./dist/index.js",
+			"default": "./dist/index.js"
+		}
+	},
+	"files": ["dist"],
+	"dependencies": {
+		"jsonwebtoken": "^9.0.2",
+		"signature-validator": "workspace:*",
+		"uuid": "^11.1.0"
+	},
+	"devDependencies": {
+		"@types/jsonwebtoken": "^9.0.9",
+		"@types/node": "^20.11.24",
+		"@types/uuid": "^10.0.0",
+		"typescript": "~5.6.2"
+	}
+}

packages/auth/src/auth-offer.ts

@@ -0,0 +1,15 @@
+import { v4 as uuidv4 } from "uuid";
+import type { AuthOfferConfig } from "./types.js";
+
+export interface AuthOffer {
+	uri: string;
+	session: string;
+}
+
+export function buildAuthOffer(config: AuthOfferConfig): AuthOffer {
+	const callbackPath = config.callbackPath ?? "/api/auth";
+	const url = new URL(callbackPath, config.baseUrl).toString();
+	const session = uuidv4();
+	const uri = `w3ds://auth?redirect=${url}&session=${session}&platform=${config.platform}`;
+	return { uri, session };
+}

packages/auth/src/guard.ts

@@ -0,0 +1,8 @@
+export function createAuthGuard() {
+	return (req: any, res: any, next: any): void => {
+		if (!req.user) {
+			return res.status(401).json({ error: "Authentication required" });
+		}
+		next();
+	};
+}

packages/auth/src/index.ts

@@ -0,0 +1,14 @@
+export { signToken, verifyToken } from "./jwt.js";
+export { createAuthMiddleware } from "./middleware.js";
+export { createAuthGuard } from "./guard.js";
+export { buildAuthOffer } from "./auth-offer.js";
+export type { AuthOffer } from "./auth-offer.js";
+export { verifyLoginSignature } from "./verify-login.js";
+export type {
+	AuthUser,
+	JwtPayload,
+	AuthMiddlewareConfig,
+	AuthOfferConfig,
+	LoginVerificationConfig,
+	LoginVerificationResult,
+} from "./types.js";

packages/auth/src/jwt.ts

@@ -0,0 +1,20 @@
+import jwt from "jsonwebtoken";
+import type { JwtPayload } from "./types.js";
+
+export function signToken(
+	payload: JwtPayload,
+	secret: string,
+	options?: { expiresIn?: string | number },
+): string {
+	return jwt.sign(payload as object, secret, {
+		expiresIn: (options?.expiresIn ?? "7d") as any,
+	});
+}
+
+export function verifyToken(token: string, secret: string): JwtPayload {
+	try {
+		return jwt.verify(token, secret) as JwtPayload;
+	} catch {
+		throw new Error("Invalid token");
+	}
+}