Swetrix revamp

.claude/frontend-design.md

@@ -0,0 +1,45 @@
+---
+name: frontend-design
+description: Create distinctive, production-grade frontend interfaces with high design quality. Use this skill when the user asks to build web components, pages, artifacts, posters, or applications (examples include websites, landing pages, dashboards, React components, HTML/CSS/Tailwind CSS layouts, or when styling/beautifying any web UI). Generates creative, polished code and UI design that avoids generic AI aesthetics.
+license: Apache License
+---
+
+This skill guides creation of distinctive, production-grade frontend interfaces that avoid generic "AI slop" aesthetics. Implement real working code with exceptional attention to aesthetic details and creative choices.
+
+The user provides frontend requirements: a component, page, application, or interface to build. They may include context about the purpose, audience, or technical constraints.
+
+## Design Thinking
+
+Before coding, understand the context and commit to a BOLD aesthetic direction:
+
+- **Purpose**: What problem does this interface solve? Who uses it?
+- **Tone**: Pick an extreme: brutally minimal, maximalist chaos, retro-futuristic, organic/natural, luxury/refined, playful/toy-like, editorial/magazine, brutalist/raw, art deco/geometric, soft/pastel, industrial/utilitarian, etc. There are so many flavors to choose from. Use these for inspiration but design one that is true to the aesthetic direction.
+- **Constraints**: Technical requirements (framework, performance, accessibility).
+- **Differentiation**: What makes this UNFORGETTABLE? What's the one thing someone will remember?
+
+**CRITICAL**: Choose a clear conceptual direction and execute it with precision. Bold maximalism and refined minimalism both work - the key is intentionality, not intensity.
+
+Then implement working code (HTML/CSS/JS, Tailwind CSS, React, Vue, etc.) that is:
+
+- Production-grade and functional
+- Visually striking and memorable
+- Cohesive with a clear aesthetic point-of-view
+- Meticulously refined in every detail
+
+## Frontend Aesthetics Guidelines
+
+Focus on:
+
+- **Typography**: Choose fonts that are beautiful, unique, and interesting. Avoid generic fonts like Arial and Inter; opt instead for distinctive choices that elevate the frontend's aesthetics; unexpected, characterful font choices. Pair a distinctive display font with a refined body font.
+- **Color & Theme**: Commit to a cohesive aesthetic. Use Tailwind CSS variables for consistency. Dominant colors with sharp accents outperform timid, evenly-distributed palettes.
+- **Motion**: Use animations for effects and micro-interactions. Prioritize CSS/Tailwind CSS-only solutions for HTML. Use Motion library for React when available. Focus on high-impact moments: one well-orchestrated page load with staggered reveals (animation-delay) creates more delight than scattered micro-interactions. Use scroll-triggering and hover states that surprise.
+- **Spatial Composition**: Unexpected layouts. Asymmetry. Overlap. Diagonal flow. Grid-breaking elements. Generous negative space OR controlled density.
+- **Backgrounds & Visual Details**: Create atmosphere and depth rather than defaulting to solid colors. Add contextual effects and textures that match the overall aesthetic. Apply creative forms like gradient meshes, noise textures, geometric patterns, layered transparencies, dramatic shadows, decorative borders, custom cursors, and grain overlays.
+
+NEVER use generic AI-generated aesthetics like overused font families (Inter, Roboto, Arial, system fonts), cliched color schemes (particularly purple gradients on white backgrounds), predictable layouts and component patterns, and cookie-cutter design that lacks context-specific character.
+
+Interpret creatively and make unexpected choices that feel genuinely designed for the context. No design should be the same. Vary between light and dark themes, different fonts, different aesthetics. NEVER converge on common choices (Space Grotesk, for example) across generations.
+
+**IMPORTANT**: Match implementation complexity to the aesthetic vision. Maximalist designs need elaborate code with extensive animations and effects. Minimalist or refined designs need restraint, precision, and careful attention to spacing, typography, and subtle details. Elegance comes from executing the vision well.
+
+Remember: Claude is capable of extraordinary creative work. Don't hold back, show what can truly be created when thinking outside the box and committing fully to a distinctive vision.

backend/.env.example

@@ -55,9 +55,6 @@ OIDC_CLIENT_SECRET=
 CDN_URL=http://localhost:5006
 CDN_ACCESS_TOKEN=SOME_SECRET_TOKEN
 
-# Captcha API
-CAPTCHA_SALT=
-
 # Google SSO
 GOOGLE_OAUTH2_CLIENT_ID=
 GOOGLE_OAUTH2_CLIENT_SECRET=
@@ -100,3 +97,8 @@ EMAIL_ACTION_ENCRYPTION_KEY=
 
 # Swetrix Enterprise (Cloud)
 SWETRIX_LICENSE_KEY=
+
+# OpenRouter API key for AI features
+OPENROUTER_API_KEY=
+
+SWETRIX_PID=STEzHcB1rALV

backend/apps/cloud/src/action-tokens/action-tokens.service.ts

@@ -1,6 +1,6 @@
 import { Injectable } from '@nestjs/common'
 import { InjectRepository } from '@nestjs/typeorm'
-import { Repository } from 'typeorm'
+import { Repository, FindOptionsWhere } from 'typeorm'
 
 import { ActionToken, ActionTokenType } from './action-token.entity'
 import { User } from '../user/entities/user.entity'
@@ -12,12 +12,8 @@ export class ActionTokensService {
     private actionTokensRepository: Repository<ActionToken>,
   ) {}
 
-  async deleteMultiple(where: string): Promise<any> {
-    return this.actionTokensRepository
-      .createQueryBuilder()
-      .delete()
-      .where(where)
-      .execute()
+  async deleteMultiple(where: FindOptionsWhere<ActionToken>): Promise<any> {
+    return this.actionTokensRepository.delete(where)
   }
 
   async createForUser(

backend/apps/cloud/src/ai/ai-chat.service.ts

@@ -0,0 +1,194 @@
+import { Injectable } from '@nestjs/common'
+import { InjectRepository } from '@nestjs/typeorm'
+import { Repository, FindManyOptions, FindOneOptions } from 'typeorm'
+import { AiChat, ChatMessage } from './entity/ai-chat.entity'
+
+@Injectable()
+export class AiChatService {
+  constructor(
+    @InjectRepository(AiChat)
+    private aiChatRepository: Repository<AiChat>,
+  ) {}
+
+  async findOne(options: FindOneOptions<AiChat>): Promise<AiChat | null> {
+    return this.aiChatRepository.findOne(options)
+  }
+
+  async find(options: FindManyOptions<AiChat>): Promise<AiChat[]> {
+    return this.aiChatRepository.find(options)
+  }
+
+  async findRecentByProject(
+    projectId: string,
+    userId: string | null,
+    limit: number = 5,
+  ): Promise<AiChat[]> {
+    // Do not return stored chats to unauthenticated users.
+    // (Public project analytics may be viewable, but chats contain user prompts and context.)
+    if (!userId) {
+      return []
+    }
+
+    const queryBuilder = this.aiChatRepository
+      .createQueryBuilder('chat')
+      .where('chat.projectId = :projectId', { projectId })
+      .orderBy('chat.updated', 'DESC')
+      .take(limit)
+
+    queryBuilder.andWhere('(chat.userId = :userId OR chat.userId IS NULL)', {
+      userId,
+    })
+
+    return queryBuilder.getMany()
+  }
+
+  async findAllByProject(
+    projectId: string,
+    userId: string | null,
+    skip: number = 0,
+    take: number = 20,
+  ): Promise<{ chats: AiChat[]; total: number }> {
+    // Do not return stored chats to unauthenticated users.
+    if (!userId) {
+      return { chats: [], total: 0 }
+    }
+
+    const queryBuilder = this.aiChatRepository
+      .createQueryBuilder('chat')
+      .where('chat.projectId = :projectId', { projectId })
+      .orderBy('chat.updated', 'DESC')
+      .skip(skip)
+      .take(take)
+
+    queryBuilder.andWhere('(chat.userId = :userId OR chat.userId IS NULL)', {
+      userId,
+    })
+
+    const [chats, total] = await queryBuilder.getManyAndCount()
+    return { chats, total }
+  }
+
+  async create(data: {
+    projectId: string
+    userId: string | null
+    messages: ChatMessage[]
+    name?: string
+  }): Promise<AiChat> {
+    const chat = this.aiChatRepository.create({
+      project: { id: data.projectId },
+      user: data.userId ? { id: data.userId } : null,
+      messages: data.messages,
+      name: data.name || this.generateChatName(data.messages),
+    })
+    return this.aiChatRepository.save(chat)
+  }
+
+  async update(
+    id: string,
+    data: { messages?: ChatMessage[]; name?: string },
+  ): Promise<AiChat | null> {
+    const chat = await this.aiChatRepository.findOne({ where: { id } })
+    if (!chat) return null
+
+    if (data.messages) {
+      const previousMessages = chat.messages
+      chat.messages = data.messages
+      // Update name if not manually set and we have a new first user message
+      if (!chat.name || chat.name === this.generateChatName(previousMessages)) {
+        chat.name = this.generateChatName(data.messages)
+      }
+    }
+    if (data.name !== undefined) {
+      chat.name = data.name
+    }
+
+    return this.aiChatRepository.save(chat)
+  }
+
+  async delete(id: string): Promise<boolean> {
+    const result = await this.aiChatRepository.delete(id)
+    return (result.affected ?? 0) > 0
+  }
+
+  private generateChatName(messages: ChatMessage[]): string {
+    // Use the first user message as the chat name
+    const firstUserMessage = messages.find(m => m.role === 'user')
+    if (firstUserMessage) {
+      const content = firstUserMessage.content.trim()
+      // Truncate to reasonable length
+      return content.length > 100 ? content.slice(0, 97) + '...' : content
+    }
+    return 'New conversation'
+  }
+
+  async verifyAccess(
+    chatId: string,
+    projectId: string,
+    userId: string | null,
+  ): Promise<AiChat | null> {
+    // Explicitly require authentication for user-scoped access checks.
+    if (!userId) return null
+
+    const queryBuilder = this.aiChatRepository
+      .createQueryBuilder('chat')
+      .where('chat.id = :chatId', { chatId })
+      .andWhere('chat.projectId = :projectId', { projectId })
+
+    queryBuilder.andWhere('(chat.userId = :userId OR chat.userId IS NULL)', {
+      userId,
+    })
+
+    return queryBuilder.getOne()
+  }
+
+  /**
+   * Verifies ownership of a chat (authenticated users only).
+   * Used for update/delete operations to prevent modifying shared (NULL owner) chats.
+   */
+  async verifyOwnerAccess(
+    chatId: string,
+    projectId: string,
+    userId: string | null,
+  ): Promise<AiChat | null> {
+    if (!userId) return null
+
+    return this.aiChatRepository
+      .createQueryBuilder('chat')
+      .where('chat.id = :chatId', { chatId })
+      .andWhere('chat.projectId = :projectId', { projectId })
+      .andWhere('chat.userId = :userId', { userId })
+      .getOne()
+  }
+
+  /**
+   * Verifies access to an anonymously-owned chat (userId IS NULL) by chatId+projectId.
+   * This supports share-by-id without allowing listing/enumeration.
+   */
+  async verifyPublicChatAccess(
+    chatId: string,
+    projectId: string,
+  ): Promise<AiChat | null> {
+    return this.aiChatRepository
+      .createQueryBuilder('chat')
+      .where('chat.id = :chatId', { chatId })
+      .andWhere('chat.projectId = :projectId', { projectId })
+      .andWhere('chat.userId IS NULL')
+      .getOne()
+  }
+
+  /**
+   * Verify that a chat belongs to a project (without checking user ownership).
+   * Used for shared chat links where anyone who can view the project can access the chat.
+   */
+  async verifyProjectAccess(
+    chatId: string,
+    projectId: string,
+  ): Promise<AiChat | null> {
+    return this.aiChatRepository.findOne({
+      where: {
+        id: chatId,
+        project: { id: projectId },
+      },
+    })
+  }
+}