pieced/pieced-portal
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Working version 6.2

Browse Source
This commit is contained in:
admin
2026-04-10 14:44:03 +02:00
parent d526c1ff4a
commit f20d5f09ae
28 changed files with 1231 additions and 1554 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/app/api/packages/route.ts
View File

@@ -1,12 +1,10 @@
import { NextResponse } from "next/server";
import { auth } from "@/lib/auth";
import { getSessionUser } from "@/lib/session";
import { PACKAGE_CATALOG } from "@/lib/packages";
export async function GET() {
const session = await auth();
if (!session?.user) {
const user = await getSessionUser();
if (!user)
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
}
return NextResponse.json(PACKAGE_CATALOG);
}

52
src/app/api/tenants/[name]/route.ts
View File

@@ -1,35 +1,25 @@
import { NextRequest, NextResponse } from "next/server";
import { auth } from "@/lib/auth";
import { getSessionUser } from "@/lib/session";
import { getTenant, patchTenantSpec } from "@/lib/k8s";
function isPlatformRole(roles: string[]): boolean {
return roles.some((r) =>
["platform_admin", "platform_operator"].includes(r)
);
}
export async function GET(
_req: NextRequest,
{ params }: { params: Promise<{ name: string }> }
) {
const session = await auth();
if (!session?.user) {
const user = await getSessionUser();
if (!user)
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
}
const { name } = await params;
const { orgId, roles } = session.user as any;
try {
const tenant = await getTenant(name);
if (!tenant) {
if (!tenant)
return NextResponse.json({ error: "Not found" }, { status: 404 });
}
// Scope check: non-platform users can only see their own org's tenants
if (
!isPlatformRole(roles || []) &&
tenant.metadata?.labels?.["zitadel-org-id"] !== orgId
!user.isPlatform &&
tenant.metadata.labels?.["pieced.ch/zitadel-org-id"] !== user.orgId
) {
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
}
@@ -37,7 +27,7 @@ export async function GET(
return NextResponse.json(tenant);
} catch (e: any) {
return NextResponse.json(
{ error: "K8s API error", detail: e.message },
{ error: e.message },
{ status: e.statusCode || 500 }
);
}
@@ -47,35 +37,29 @@ export async function PATCH(
req: NextRequest,
{ params }: { params: Promise<{ name: string }> }
) {
const session = await auth();
if (!session?.user) {
const user = await getSessionUser();
if (!user)
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
}
const { name } = await params;
const { orgId, roles } = session.user as any;
const body = await req.json();
const userRoles = roles || [];
// Only owner or platform roles can patch
if (!isPlatformRole(userRoles) && !userRoles.includes("owner")) {
if (!user.isPlatform && !user.roles.includes("owner")) {
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
}
const { name } = await params;
const body = await req.json();
try {
// Ownership check
const existing = await getTenant(name);
if (!existing) {
if (!existing)
return NextResponse.json({ error: "Not found" }, { status: 404 });
}
if (
!isPlatformRole(userRoles) &&
existing.metadata?.labels?.["zitadel-org-id"] !== orgId
!user.isPlatform &&
existing.metadata.labels?.["pieced.ch/zitadel-org-id"] !== user.orgId
) {
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
}
// Build partial spec — only allow specific fields
const specPatch: Record<string, any> = {};
if (body.packages !== undefined) specPatch.packages = body.packages;
if (body.workspaceFiles !== undefined)
@@ -88,7 +72,7 @@ export async function PATCH(
return NextResponse.json(updated);
} catch (e: any) {
return NextResponse.json(
{ error: "Patch failed", detail: e.message },
{ error: e.message },
{ status: e.statusCode || 500 }
);
}

66
src/app/api/tenants/[name]/secrets/route.ts
View File

@@ -1,5 +1,5 @@
import { NextRequest, NextResponse } from "next/server";
import { auth } from "@/lib/auth";
import { getSessionUser } from "@/lib/session";
import { getTenant } from "@/lib/k8s";
import { writePackageSecrets } from "@/lib/openbao";
import { getPackageDef } from "@/lib/packages";
@@ -8,23 +8,15 @@ export async function POST(
req: NextRequest,
{ params }: { params: Promise<{ name: string }> }
) {
const session = await auth();
if (!session?.user) {
const user = await getSessionUser();
if (!user)
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
}
const { name } = await params;
const { orgId, roles } = session.user as any;
const userRoles = roles || [];
const isPlatform = userRoles.some((r: string) =>
["platform_admin", "platform_operator"].includes(r)
);
if (!isPlatform && !userRoles.includes("owner")) {
if (!user.isPlatform && !user.roles.includes("owner")) {
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
}
const { name } = await params;
const body = await req.json();
const { packageId, secrets } = body as {
packageId: string;
@@ -38,63 +30,43 @@ export async function POST(
);
}
// Validate package exists and requires secrets
const pkgDef = getPackageDef(packageId);
if (!pkgDef) {
return NextResponse.json(
{ error: "Unknown package" },
{ status: 400 }
);
}
if (!pkgDef.requiresSecrets) {
if (!pkgDef)
return NextResponse.json({ error: "Unknown package" }, { status: 400 });
if (!pkgDef.requiresSecrets)
return NextResponse.json(
{ error: "Package does not require secrets" },
{ status: 400 }
);
}
// Verify all required secret keys are present
const requiredKeys = (pkgDef.secrets || []).map((s) => s.key);
const missingKeys = requiredKeys.filter((k) => !secrets[k]?.trim());
if (missingKeys.length > 0) {
const missing = requiredKeys.filter((k) => !secrets[k]?.trim());
if (missing.length > 0) {
return NextResponse.json(
{ error: `Missing required secrets: ${missingKeys.join(", ")}` },
{ error: `Missing: ${missing.join(", ")}` },
{ status: 400 }
);
}
// Verify tenant ownership
try {
const tenant = await getTenant(name);
if (!tenant) {
return NextResponse.json(
{ error: "Tenant not found" },
{ status: 404 }
);
}
if (!tenant)
return NextResponse.json({ error: "Not found" }, { status: 404 });
if (
!isPlatform &&
tenant.metadata?.labels?.["zitadel-org-id"] !== orgId
!user.isPlatform &&
tenant.metadata.labels?.["pieced.ch/zitadel-org-id"] !== user.orgId
) {
return NextResponse.json({ error: "Forbidden" }, { status: 403 });
}
} catch (e: any) {
return NextResponse.json(
{ error: "Tenant lookup failed" },
{ status: e.statusCode || 500 }
);
}
// Write to OpenBao
try {
await writePackageSecrets(name, packageId, secrets);
} catch (err: any) {
console.error("OpenBao write error:", err.message);
return NextResponse.json({ ok: true });
} catch (e: any) {
console.error("Secret write error:", e.message);
return NextResponse.json(
{ error: "Failed to store secrets" },
{ status: 500 }
);
}
return NextResponse.json({ ok: true });
}

137
src/app/api/usage/route.ts
View File

@@ -1,107 +1,84 @@
import { NextRequest, NextResponse } from "next/server";
import { auth } from "@/lib/auth";
import { getTeamInfo, getTeamSpendLogs } from "@/lib/litellm";
// Pricing constants (CHF)
const INPUT_RATE = 3; // CHF per MTok
const OUTPUT_RATE = 15; // CHF per MTok
import { getSessionUser } from "@/lib/session";
import { getTeamInfo, getTeamSpendLogsV2 } from "@/lib/litellm";
export async function GET(req: NextRequest) {
const session = await auth();
if (!session?.user) {
const user = await getSessionUser();
if (!user)
return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
}
const { orgId } = session.user as any;
if (!orgId) {
return NextResponse.json(
{ error: "No org context" },
{ status: 400 }
);
}
const teamId = req.nextUrl.searchParams.get("teamId");
if (!teamId)
return NextResponse.json({ error: "teamId required" }, { status: 400 });
// The LiteLLM team_id maps to the tenant name, which is derived from orgId
// Convention: team_id = "pieced-{orgId}" or looked up from the tenant CR
const searchParams = req.nextUrl.searchParams;
const teamId = searchParams.get("teamId");
// Month param: YYYY-MM, defaults to current month
const now = new Date();
const monthParam = req.nextUrl.searchParams.get("month")
|| `${now.getFullYear()}-${String(now.getMonth() + 1).padStart(2, "0")}`;
if (!teamId) {
return NextResponse.json(
{ error: "teamId query param required" },
{ status: 400 }
);
}
const [year, month] = monthParam.split("-").map(Number);
const startDate = new Date(year, month - 1, 1);
const endDate = new Date(year, month, 0); // last day of month
const startStr = startDate.toISOString().split("T")[0];
const endStr = endDate.toISOString().split("T")[0];
try {
// Current period info
const teamInfo = await getTeamInfo(teamId);
// Historical spend logs (last 30 days)
const endDate = new Date();
const startDate = new Date();
startDate.setDate(startDate.getDate() - 30);
// Fetch all pages
const allRequests: any[] = [];
let page = 1;
while (true) {
const result = await getTeamSpendLogsV2(teamId, startStr, endStr, page, 100);
allRequests.push(...(result.data || []));
if (page >= (result.total_pages || 1)) break;
page++;
}
const spendLogs = await getTeamSpendLogs(
teamId,
startDate.toISOString().split("T")[0],
endDate.toISOString().split("T")[0]
);
// Aggregate by day
const byDay: Record<string, { inputTokens: number; outputTokens: number; spend: number }> = {};
for (const r of allRequests) {
const day = (r.startTime || r.endTime || "").slice(0, 10);
if (!day) continue;
if (!byDay[day]) byDay[day] = { inputTokens: 0, outputTokens: 0, spend: 0 };
byDay[day].inputTokens += r.prompt_tokens || 0;
byDay[day].outputTokens += r.completion_tokens || 0;
byDay[day].spend += r.spend || 0;
}
// Calculate CHF costs from token counts
const dailyUsage = (spendLogs || []).map((day: any) => ({
date: day.date || day.day,
inputTokens: day.prompt_tokens || 0,
outputTokens: day.completion_tokens || 0,
inputCostCHF:
((day.prompt_tokens || 0) / 1_000_000) * INPUT_RATE,
outputCostCHF:
((day.completion_tokens || 0) / 1_000_000) * OUTPUT_RATE,
totalCostCHF:
((day.prompt_tokens || 0) / 1_000_000) * INPUT_RATE +
((day.completion_tokens || 0) / 1_000_000) * OUTPUT_RATE,
}));
const dailyUsage = Object.entries(byDay)
.sort(([a], [b]) => a.localeCompare(b))
.map(([date, d]) => ({ date, ...d }));
// Totals for current period
const totalInputTokens = dailyUsage.reduce(
(s: number, d: any) => s + d.inputTokens,
0
);
const totalOutputTokens = dailyUsage.reduce(
(s: number, d: any) => s + d.outputTokens,
0
);
const totalCostCHF = dailyUsage.reduce(
(s: number, d: any) => s + d.totalCostCHF,
0
);
const totalInput = allRequests.reduce((s, r) => s + (r.prompt_tokens || 0), 0);
const totalOutput = allRequests.reduce((s, r) => s + (r.completion_tokens || 0), 0);
const totalSpend = allRequests.reduce((s, r) => s + (r.spend || 0), 0);
return NextResponse.json({
teamId,
month: monthParam,
currentPeriod: {
inputTokens: totalInputTokens,
outputTokens: totalOutputTokens,
inputCostCHF: (totalInputTokens / 1_000_000) * INPUT_RATE,
outputCostCHF: (totalOutputTokens / 1_000_000) * OUTPUT_RATE,
totalCostCHF,
inputTokens: totalInput,
outputTokens: totalOutput,
totalSpend,
requestCount: allRequests.length,
},
budget: {
maxBudget: teamInfo?.max_budget ?? null,
spend: teamInfo?.spend ?? 0,
remaining: teamInfo?.max_budget
? teamInfo.max_budget - (teamInfo.spend ?? 0)
maxBudget: teamInfo?.team_info?.max_budget ?? null,
spend: teamInfo?.team_info?.spend ?? 0,
remaining: teamInfo?.team_info?.max_budget
? teamInfo.team_info.max_budget - (teamInfo.team_info.spend ?? 0)
: null,
},
rateLimits: {
rpm: teamInfo?.rpm_limit ?? null,
tpm: teamInfo?.tpm_limit ?? null,
rpm: teamInfo?.team_info?.rpm_limit ?? null,
tpm: teamInfo?.team_info?.tpm_limit ?? null,
},
dailyUsage,
});
} catch (err: any) {
console.error("Usage fetch error:", err.message);
return NextResponse.json(
{ error: "Failed to fetch usage data" },
{ status: 500 }
);
} catch (e: any) {
console.error("Usage fetch error:", e.message);
return NextResponse.json({ error: "Failed to fetch usage" }, { status: 500 });
}
}
}