feat(backend): add PATCH /api/sources/:sourceId (#86)

Add endpoint for users to update their source config and enabled state. Config is deep-merged with existing values via lodash.merge and validated against the provider's schema before persisting. Co-authored-by: Ona <no-reply@ona.com>
2026-04-02 08:01:18 +01:00 · 2026-03-22 17:57:54 +00:00
parent a6be7b31e7
commit dd2b37938f
11 changed files with 550 additions and 13 deletions
--- a/apps/aelis-backend/src/sources/errors.ts
+++ b/apps/aelis-backend/src/sources/errors.ts
@@ -12,3 +12,15 @@ export class SourceNotFoundError extends Error {
 		this.userId = userId
 	}
 }
+
+/**
+ * Thrown when a source config update fails schema validation.
+ */
+export class InvalidSourceConfigError extends Error {
+	readonly sourceId: string
+
+	constructor(sourceId: string, summary: string) {
+		super(summary)
+		this.sourceId = sourceId
+	}
+}
--- a/apps/aelis-backend/src/sources/http.test.ts
+++ b/apps/aelis-backend/src/sources/http.test.ts
@@ -0,0 +1,344 @@
+import type { ActionDefinition, ContextEntry, FeedItem, FeedSource } from "@aelis/core"
+
+import { describe, expect, mock, spyOn, test } from "bun:test"
+import { Hono } from "hono"
+
+import type { Database } from "../db/index.ts"
+import type { ConfigSchema, FeedSourceProvider } from "../session/feed-source-provider.ts"
+
+import { mockAuthSessionMiddleware } from "../auth/session-middleware.ts"
+import { UserSessionManager } from "../session/user-session-manager.ts"
+import { tflConfig } from "../tfl/provider.ts"
+import { weatherConfig } from "../weather/provider.ts"
+import { SourceNotFoundError } from "./errors.ts"
+import { registerSourcesHttpHandlers } from "./http.ts"
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+function createStubSource(id: string): FeedSource {
+	return {
+		id,
+		async listActions(): Promise<Record<string, ActionDefinition>> {
+			return {}
+		},
+		async executeAction(): Promise<unknown> {
+			return undefined
+		},
+		async fetchContext(): Promise<readonly ContextEntry[] | null> {
+			return null
+		},
+		async fetchItems(): Promise<FeedItem[]> {
+			return []
+		},
+	}
+}
+
+function createStubProvider(sourceId: string, configSchema?: ConfigSchema): FeedSourceProvider {
+	return {
+		sourceId,
+		configSchema,
+		async feedSourceForUser() {
+			return createStubSource(sourceId)
+		},
+	}
+}
+
+const MOCK_USER_ID = "k7Gx2mPqRvNwYs9TdLfA4bHcJeUo1iZn"
+
+type SourceRow = {
+	userId: string
+	sourceId: string
+	enabled: boolean
+	config: Record<string, unknown>
+}
+
+function createInMemoryStore() {
+	const rows = new Map<string, SourceRow>()
+
+	function key(userId: string, sourceId: string) {
+		return `${userId}:${sourceId}`
+	}
+
+	return {
+		rows,
+		seed(userId: string, sourceId: string, data: Partial<SourceRow> = {}) {
+			rows.set(key(userId, sourceId), {
+				userId,
+				sourceId,
+				enabled: data.enabled ?? true,
+				config: data.config ?? {},
+			})
+		},
+		forUser(userId: string) {
+			return {
+				async enabled() {
+					return [...rows.values()].filter((r) => r.userId === userId && r.enabled)
+				},
+				async find(sourceId: string) {
+					return rows.get(key(userId, sourceId))
+				},
+				async updateConfig(sourceId: string, update: { enabled?: boolean; config?: unknown }) {
+					const existing = rows.get(key(userId, sourceId))
+					if (!existing) {
+						throw new SourceNotFoundError(sourceId, userId)
+					}
+					if (update.enabled !== undefined) {
+						existing.enabled = update.enabled
+					}
+					if (update.config !== undefined) {
+						existing.config = update.config as Record<string, unknown>
+					}
+				},
+			}
+		},
+	}
+}
+
+let activeStore: ReturnType<typeof createInMemoryStore>
+
+mock.module("../sources/user-sources.ts", () => ({
+	sources(_db: unknown, userId: string) {
+		return activeStore.forUser(userId)
+	},
+}))
+
+const fakeDb = {} as Database
+
+function createApp(providers: FeedSourceProvider[], userId?: string) {
+	const sessionManager = new UserSessionManager({ providers, db: fakeDb })
+	const app = new Hono()
+	registerSourcesHttpHandlers(app, {
+		sessionManager,
+		authSessionMiddleware: mockAuthSessionMiddleware(userId),
+	})
+	return { app, sessionManager }
+}
+
+function patch(app: Hono, sourceId: string, body: unknown) {
+	return app.request(`/api/sources/${sourceId}`, {
+		method: "PATCH",
+		headers: { "Content-Type": "application/json" },
+		body: JSON.stringify(body),
+	})
+}
+
+// ---------------------------------------------------------------------------
+// Tests
+// ---------------------------------------------------------------------------
+
+describe("PATCH /api/sources/:sourceId", () => {
+	test("returns 401 without auth", async () => {
+		activeStore = createInMemoryStore()
+		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)])
+
+		const res = await patch(app, "aelis.weather", { enabled: true })
+
+		expect(res.status).toBe(401)
+	})
+
+	test("returns 404 for unknown source", async () => {
+		activeStore = createInMemoryStore()
+		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
+
+		const res = await patch(app, "unknown.source", { enabled: true })
+
+		expect(res.status).toBe(404)
+		const body = (await res.json()) as { error: string }
+		expect(body.error).toContain("not found")
+	})
+
+	test("returns 404 when user has no existing row for source", async () => {
+		activeStore = createInMemoryStore()
+		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
+
+		const res = await patch(app, "aelis.weather", { enabled: true })
+
+		expect(res.status).toBe(404)
+		const body = (await res.json()) as { error: string }
+		expect(body.error).toContain("not found")
+	})
+
+	test("returns 204 when body is empty object (no-op) on existing source", async () => {
+		activeStore = createInMemoryStore()
+		activeStore.seed(MOCK_USER_ID, "aelis.weather")
+		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
+
+		const res = await patch(app, "aelis.weather", {})
+
+		expect(res.status).toBe(204)
+	})
+
+	test("returns 404 when body is empty object on nonexistent user source", async () => {
+		activeStore = createInMemoryStore()
+		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
+
+		const res = await patch(app, "aelis.weather", {})
+
+		expect(res.status).toBe(404)
+	})
+
+	test("returns 400 for invalid JSON body", async () => {
+		activeStore = createInMemoryStore()
+		activeStore.seed(MOCK_USER_ID, "aelis.weather")
+		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
+
+		const res = await app.request("/api/sources/aelis.weather", {
+			method: "PATCH",
+			headers: { "Content-Type": "application/json" },
+			body: "not json",
+		})
+
+		expect(res.status).toBe(400)
+		const body = (await res.json()) as { error: string }
+		expect(body.error).toContain("Invalid JSON")
+	})
+
+	test("returns 400 when weather config fails validation", async () => {
+		activeStore = createInMemoryStore()
+		activeStore.seed(MOCK_USER_ID, "aelis.weather")
+		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
+
+		const res = await patch(app, "aelis.weather", {
+			config: { units: "invalid" },
+		})
+
+		expect(res.status).toBe(400)
+	})
+
+	test("returns 204 and updates enabled", async () => {
+		activeStore = createInMemoryStore()
+		activeStore.seed(MOCK_USER_ID, "aelis.weather", {
+			enabled: true,
+			config: { units: "metric" },
+		})
+		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
+
+		const res = await patch(app, "aelis.weather", { enabled: false })
+
+		expect(res.status).toBe(204)
+		const row = activeStore.rows.get(`${MOCK_USER_ID}:aelis.weather`)
+		expect(row!.enabled).toBe(false)
+		expect(row!.config).toEqual({ units: "metric" })
+	})
+
+	test("returns 204 and updates config", async () => {
+		activeStore = createInMemoryStore()
+		activeStore.seed(MOCK_USER_ID, "aelis.weather", {
+			config: { units: "metric" },
+		})
+		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
+
+		const res = await patch(app, "aelis.weather", {
+			config: { units: "imperial" },
+		})
+
+		expect(res.status).toBe(204)
+		const row = activeStore.rows.get(`${MOCK_USER_ID}:aelis.weather`)
+		expect(row!.config).toEqual({ units: "imperial" })
+	})
+
+	test("preserves config when only updating enabled", async () => {
+		activeStore = createInMemoryStore()
+		activeStore.seed(MOCK_USER_ID, "aelis.tfl", {
+			enabled: true,
+			config: { lines: ["bakerloo"] },
+		})
+		const { app } = createApp([createStubProvider("aelis.tfl", tflConfig)], MOCK_USER_ID)
+
+		const res = await patch(app, "aelis.tfl", { enabled: false })
+
+		expect(res.status).toBe(204)
+		const row = activeStore.rows.get(`${MOCK_USER_ID}:aelis.tfl`)
+		expect(row!.enabled).toBe(false)
+		expect(row!.config).toEqual({ lines: ["bakerloo"] })
+	})
+
+	test("deep-merges config on update", async () => {
+		activeStore = createInMemoryStore()
+		activeStore.seed(MOCK_USER_ID, "aelis.weather", {
+			config: { units: "metric", hourlyLimit: 12 },
+		})
+		const { app } = createApp([createStubProvider("aelis.weather", weatherConfig)], MOCK_USER_ID)
+
+		const res = await patch(app, "aelis.weather", {
+			config: { dailyLimit: 5 },
+		})
+
+		expect(res.status).toBe(204)
+		const row = activeStore.rows.get(`${MOCK_USER_ID}:aelis.weather`)
+		expect(row!.config).toEqual({
+			units: "metric",
+			hourlyLimit: 12,
+			dailyLimit: 5,
+		})
+	})
+
+	test("refreshes source in active session after config update", async () => {
+		activeStore = createInMemoryStore()
+		activeStore.seed(MOCK_USER_ID, "aelis.weather", {
+			config: { units: "metric" },
+		})
+		const { app, sessionManager } = createApp(
+			[createStubProvider("aelis.weather", weatherConfig)],
+			MOCK_USER_ID,
+		)
+
+		const session = await sessionManager.getOrCreate(MOCK_USER_ID)
+		const replaceSpy = spyOn(session, "replaceSource")
+
+		const res = await patch(app, "aelis.weather", {
+			config: { units: "imperial" },
+		})
+
+		expect(res.status).toBe(204)
+		expect(replaceSpy).toHaveBeenCalled()
+		replaceSpy.mockRestore()
+	})
+
+	test("removes source from session when disabled", async () => {
+		activeStore = createInMemoryStore()
+		activeStore.seed(MOCK_USER_ID, "aelis.weather", {
+			enabled: true,
+			config: { units: "metric" },
+		})
+		const { app, sessionManager } = createApp(
+			[createStubProvider("aelis.weather", weatherConfig)],
+			MOCK_USER_ID,
+		)
+
+		const session = await sessionManager.getOrCreate(MOCK_USER_ID)
+		const removeSpy = spyOn(session, "removeSource")
+
+		const res = await patch(app, "aelis.weather", { enabled: false })
+
+		expect(res.status).toBe(204)
+		expect(removeSpy).toHaveBeenCalledWith("aelis.weather")
+		removeSpy.mockRestore()
+	})
+
+	test("accepts location source with arbitrary config (no schema)", async () => {
+		activeStore = createInMemoryStore()
+		activeStore.seed(MOCK_USER_ID, "aelis.location")
+		const { app } = createApp([createStubProvider("aelis.location")], MOCK_USER_ID)
+
+		const res = await patch(app, "aelis.location", {
+			config: { something: "value" },
+		})
+
+		expect(res.status).toBe(204)
+	})
+
+	test("updates enabled on location source", async () => {
+		activeStore = createInMemoryStore()
+		activeStore.seed(MOCK_USER_ID, "aelis.location", { enabled: true })
+		const { app } = createApp([createStubProvider("aelis.location")], MOCK_USER_ID)
+
+		const res = await patch(app, "aelis.location", { enabled: false })
+
+		expect(res.status).toBe(204)
+		const row = activeStore.rows.get(`${MOCK_USER_ID}:aelis.location`)
+		expect(row!.enabled).toBe(false)
+	})
+})
--- a/apps/aelis-backend/src/sources/http.ts
+++ b/apps/aelis-backend/src/sources/http.ts
@@ -0,0 +1,85 @@
+import type { Context, Hono } from "hono"
+
+import { type } from "arktype"
+import { createMiddleware } from "hono/factory"
+
+import type { AuthSessionMiddleware } from "../auth/session-middleware.ts"
+import type { UserSessionManager } from "../session/index.ts"
+
+import { InvalidSourceConfigError, SourceNotFoundError } from "./errors.ts"
+
+type Env = {
+	Variables: {
+		sessionManager: UserSessionManager
+	}
+}
+
+interface SourcesHttpHandlersDeps {
+	sessionManager: UserSessionManager
+	authSessionMiddleware: AuthSessionMiddleware
+}
+
+const UpdateSourceConfigRequestBody = type({
+	"enabled?": "boolean",
+	"config?": "unknown",
+})
+
+export function registerSourcesHttpHandlers(
+	app: Hono,
+	{ sessionManager, authSessionMiddleware }: SourcesHttpHandlersDeps,
+) {
+	const inject = createMiddleware<Env>(async (c, next) => {
+		c.set("sessionManager", sessionManager)
+		await next()
+	})
+
+	app.patch("/api/sources/:sourceId", inject, authSessionMiddleware, handleUpdateSource)
+}
+
+async function handleUpdateSource(c: Context<Env>) {
+	const sourceId = c.req.param("sourceId")
+	if (!sourceId) {
+		return c.body(null, 404)
+	}
+
+	const sessionManager = c.get("sessionManager")
+
+	// Validate source exists as a registered provider
+	const provider = sessionManager.getProvider(sourceId)
+	if (!provider) {
+		return c.json({ error: `Source "${sourceId}" not found` }, 404)
+	}
+
+	// Parse request body
+	let body: unknown
+	try {
+		body = await c.req.json()
+	} catch {
+		return c.json({ error: "Invalid JSON" }, 400)
+	}
+
+	const parsed = UpdateSourceConfigRequestBody(body)
+	if (parsed instanceof type.errors) {
+		return c.json({ error: parsed.summary }, 400)
+	}
+
+	const { enabled, config: newConfig } = parsed
+	const user = c.get("user")!
+
+	try {
+		await sessionManager.updateSourceConfig(user.id, sourceId, {
+			enabled,
+			config: newConfig,
+		})
+	} catch (err) {
+		if (err instanceof SourceNotFoundError) {
+			return c.json({ error: err.message }, 404)
+		}
+		if (err instanceof InvalidSourceConfigError) {
+			return c.json({ error: err.message }, 400)
+		}
+		throw err
+	}
+
+	return c.body(null, 204)
+}
--- a/apps/aelis-backend/src/sources/user-sources.ts
+++ b/apps/aelis-backend/src/sources/user-sources.ts
@@ -52,15 +52,24 @@ export function sources(db: Database, userId: string) {
 			}
 		},

-		/** Creates or updates the config for a source. */
-		async upsertConfig(sourceId: string, config: Record<string, unknown>) {
-			await db
-				.insert(userSources)
-				.values({ userId, sourceId, config })
-				.onConflictDoUpdate({
-					target: [userSources.userId, userSources.sourceId],
-					set: { config, updatedAt: new Date() },
-				})
+		/** Updates an existing user source row. Throws if the row doesn't exist. */
+		async updateConfig(sourceId: string, update: { enabled?: boolean; config?: unknown }) {
+			const set: Record<string, unknown> = { updatedAt: new Date() }
+			if (update.enabled !== undefined) {
+				set.enabled = update.enabled
+			}
+			if (update.config !== undefined) {
+				set.config = update.config
+			}
+			const rows = await db
+				.update(userSources)
+				.set(set)
+				.where(and(eq(userSources.userId, userId), eq(userSources.sourceId, sourceId)))
+				.returning({ id: userSources.id })
+
+			if (rows.length === 0) {
+				throw new SourceNotFoundError(sourceId, userId)
+			}
 		},

 		/** Updates the encrypted credentials for a source. Throws if the source row doesn't exist. */