server.js.bak

import express from 'express';
import cors from 'cors';
import rateLimit from 'express-rate-limit';
import pg from 'pg';
import bcrypt from 'bcrypt';
import jwt from 'jsonwebtoken';
import dotenv from 'dotenv';
import {
  createCheckoutSession,
  getSubscriptionStatus,
  createPortalSession,
  handleWebhookEvent,
  verifyWebhookSignature
} from './stripe-billing.js';
import {
  attachSubscription,
  requireActiveSubscription
} from './subscription-middleware.js';

dotenv.config();

const app = express();
const pool = new pg.Pool({
  connectionString: process.env.DATABASE_URL || 'postgresql://tenderpilot:tenderpilot123@localhost:5432/tenderpilot'
});

// Middleware
app.use(cors());

// Raw body parser for webhooks (must be before express.json())
app.use('/api/billing/webhook', express.raw({ type: 'application/json' }));

// JSON parser for all other routes
app.use(express.json());

const limiter = rateLimit({
  windowMs: 15 * 60 * 1000,
  max: 100
});
app.use('/api/', limiter);

// Auth token verification middleware
const verifyToken = (req, res, next) => {
  const token = req.headers.authorization?.split(' ')[1];
  if (!token) return res.status(401).json({ error: 'No token provided' });
  
  try {
    req.user = jwt.verify(token, process.env.JWT_SECRET);
    next();
  } catch (e) {
    res.status(401).json({ error: 'Invalid token' });
  }
};

// Attach subscription info to request (after token verification)
app.use('/api/', attachSubscription(pool));

// Health check
app.get('/health', (req, res) => {
  res.json({ status: 'ok' });
});

// POST /api/auth/register
app.post('/api/auth/register', async (req, res) => {
  try {
    const { email, password, company_name, tier } = req.body;
    
    if (!email || !password) {
      return res.status(400).json({ error: 'Email and password required' });
    }

    const hashedPassword = await bcrypt.hash(password, 10);
    
    const result = await pool.query(
      'INSERT INTO users (email, password_hash, company_name, tier) VALUES ($1, $2, $3, $4) RETURNING id, email, company_name, tier',
      [email, hashedPassword, company_name || '', tier || 'free']
    );

    const user = result.rows[0];
    const token = jwt.sign({ id: user.id, email: user.email }, process.env.JWT_SECRET);
    
    res.status(201).json({ user, token });
  } catch (error) {
    console.error(error);
    if (error.code === '23505') {
      return res.status(400).json({ error: 'Email already exists' });
    }
    res.status(500).json({ error: 'Registration failed' });
  }
});

// POST /api/auth/login
app.post('/api/auth/login', async (req, res) => {
  try {
    const { email, password } = req.body;
    
    if (!email || !password) {
      return res.status(400).json({ error: 'Email and password required' });
    }

    const result = await pool.query('SELECT * FROM users WHERE email = $1', [email]);
    if (result.rows.length === 0) {
      return res.status(401).json({ error: 'Invalid credentials' });
    }

    const user = result.rows[0];
    const passwordMatch = await bcrypt.compare(password, user.password_hash);
    
    if (!passwordMatch) {
      return res.status(401).json({ error: 'Invalid credentials' });
    }

    const token = jwt.sign({ id: user.id, email: user.email }, process.env.JWT_SECRET);
    res.json({ user: { id: user.id, email: user.email, company_name: user.company_name, tier: user.tier }, token });
  } catch (error) {
    console.error(error);
    res.status(500).json({ error: 'Login failed' });
  }
});

// GET /api/tenders
app.get('/api/tenders', verifyToken, async (req, res) => {
  try {
    const { search, sort, limit, offset } = req.query;
    let query = 'SELECT * FROM tenders WHERE status = $1';
    const params = ['open'];
    let paramIndex = 2;

    if (search) {
      query += ` AND (title ILIKE $${paramIndex} OR description ILIKE $${paramIndex})`;
      params.push(`%${search}%`);
      paramIndex++;
    }

    query += ` ORDER BY ${sort === 'value' ? 'value_high DESC' : 'deadline ASC'} LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`;
    params.push(Math.min(parseInt(limit) || 20, 100), parseInt(offset) || 0);

    const result = await pool.query(query, params);
    res.json({ tenders: result.rows, total: result.rows.length });
  } catch (error) {
    console.error(error);
    res.status(500).json({ error: 'Failed to fetch tenders' });
  }
});

// GET /api/tenders/:id
app.get('/api/tenders/:id', verifyToken, async (req, res) => {
  try {
    const result = await pool.query('SELECT * FROM tenders WHERE id = $1', [req.params.id]);
    if (result.rows.length === 0) {
      return res.status(404).json({ error: 'Tender not found' });
    }
    res.json(result.rows[0]);
  } catch (error) {
    console.error(error);
    res.status(500).json({ error: 'Failed to fetch tender' });
  }
});

// POST /api/profile
app.post('/api/profile', verifyToken, async (req, res) => {
  try {
    const { sectors, keywords, min_value, max_value, locations, authority_types } = req.body;
    
    const result = await pool.query(
      `INSERT INTO profiles (user_id, sectors, keywords, min_value, max_value, locations, authority_types)
       VALUES ($1, $2, $3, $4, $5, $6, $7)
       ON CONFLICT (user_id) DO UPDATE SET
       sectors = $2, keywords = $3, min_value = $4, max_value = $5, locations = $6, authority_types = $7, updated_at = CURRENT_TIMESTAMP
       RETURNING *`,
      [req.user.id, sectors || [], keywords || [], min_value || null, max_value || null, locations || [], authority_types || []]
    );

    res.json(result.rows[0]);
  } catch (error) {
    console.error(error);
    res.status(500).json({ error: 'Failed to save profile' });
  }
});

// GET /api/matches
app.get('/api/matches', verifyToken, async (req, res) => {
  try {
    const result = await pool.query(
      `SELECT t.* FROM tenders t
       INNER JOIN matches m ON t.id = m.tender_id
       WHERE m.user_id = $1
       ORDER BY t.deadline ASC`,
      [req.user.id]
    );
    res.json({ matches: result.rows });
  } catch (error) {
    console.error(error);
    res.status(500).json({ error: 'Failed to fetch matches' });
  }
});

// GET /api/alerts/preferences
app.get('/api/alerts/preferences', verifyToken, async (req, res) => {
  try {
    const result = await pool.query(
      'SELECT id, user_id, keywords, sectors, min_value, max_value, locations, authority_types, created_at, updated_at FROM profiles WHERE user_id = $1',
      [req.user.id]
    );

    if (result.rows.length === 0) {
      return res.json({ preferences: null });
    }

    res.json({ preferences: result.rows[0] });
  } catch (error) {
    console.error(error);
    res.status(500).json({ error: 'Failed to fetch alert preferences' });
  }
});

// POST /api/alerts/preferences
app.post('/api/alerts/preferences', verifyToken, async (req, res) => {
  try {
    const { keywords, sectors, min_value, max_value, locations, authority_types } = req.body;

    // Validate value ranges
    if (min_value && max_value && min_value > max_value) {
      return res.status(400).json({ error: 'min_value cannot be greater than max_value' });
    }

    const result = await pool.query(
      `INSERT INTO profiles (user_id, keywords, sectors, min_value, max_value, locations, authority_types)
       VALUES ($1, $2, $3, $4, $5, $6, $7)
       ON CONFLICT (user_id) DO UPDATE SET
       keywords = $2, sectors = $3, min_value = $4, max_value = $5, locations = $6, authority_types = $7, updated_at = CURRENT_TIMESTAMP
       RETURNING id, user_id, keywords, sectors, min_value, max_value, locations, authority_types, created_at, updated_at`,
      [req.user.id, keywords || [], sectors || [], min_value || null, max_value || null, locations || [], authority_types || []]
    );

    res.json({ 
      preferences: result.rows[0],
      message: 'Alert preferences updated successfully'
    });
  } catch (error) {
    console.error(error);
    res.status(500).json({ error: 'Failed to save alert preferences' });
  }
});

// ===== BILLING ROUTES =====

// POST /api/billing/checkout - Create a checkout session
app.post('/api/billing/checkout', verifyToken, async (req, res) => {
  try {
    const { plan, successUrl, cancelUrl } = req.body;

    if (!plan || !successUrl || !cancelUrl) {
      return res.status(400).json({ error: 'plan, successUrl, and cancelUrl are required' });
    }

    const user = await pool.query('SELECT email FROM users WHERE id = $1', [req.user.id]);
    if (user.rows.length === 0) {
      return res.status(404).json({ error: 'User not found' });
    }

    const session = await createCheckoutSession(
      pool,
      req.user.id,
      user.rows[0].email,
      plan,
      successUrl,
      cancelUrl
    );

    res.json({ 
      sessionId: session.id,
      url: session.url
    });
  } catch (error) {
    console.error('Checkout error:', error);
    res.status(500).json({ error: error.message });
  }
});

// POST /api/billing/webhook - Stripe webhook handler
app.post('/api/billing/webhook', async (req, res) => {
  const signature = req.headers['stripe-signature'];

  try {
    const event = verifyWebhookSignature(
      req.body,
      signature,
      process.env.STRIPE_WEBHOOK_SECRET
    );

    await handleWebhookEvent(pool, event);

    res.json({ received: true });
  } catch (error) {
    console.error('Webhook error:', error.message);
    res.status(400).json({ error: 'Webhook signature verification failed' });
  }
});

// GET /api/billing/subscription - Get current subscription status
app.get('/api/billing/subscription', verifyToken, async (req, res) => {
  try {
    const subscription = await getSubscriptionStatus(pool, req.user.id);

    if (!subscription) {
      return res.json({ 
        subscription: null,
        message: 'No active subscription. User is on free tier.'
      });
    }

    res.json({ subscription });
  } catch (error) {
    console.error('Subscription status error:', error);
    res.status(500).json({ error: error.message });
  }
});

// POST /api/billing/portal - Create Stripe Customer Portal session
app.post('/api/billing/portal', verifyToken, async (req, res) => {
  try {
    const { returnUrl } = req.body;

    if (!returnUrl) {
      return res.status(400).json({ error: 'returnUrl is required' });
    }

    const session = await createPortalSession(pool, req.user.id, returnUrl);

    res.json({
      url: session.url
    });
  } catch (error) {
    console.error('Portal session error:', error);
    res.status(500).json({ error: error.message });
  }
});

// Error handling
app.use((err, req, res, next) => {
  console.error(err);
  res.status(500).json({ error: 'Internal server error' });
});

const PORT = process.env.PORT || 3456;
app.listen(PORT, () => {
  console.log(`Server running on port ${PORT}`);
});
feat: visual polish, nav login link, pricing badge fix, cursor fix, button contrast - Hero mockup: enhanced 3D perspective and shadow - Testimonials: illustrated SVG avatars - Growth pricing card: visual prominence (scale, gradient, badge) - Most Popular badge: repositioned to avoid overlapping heading - Nav: added Log In link next to Start Free Trial - Fixed btn-primary text colour on anchor tags (white on blue) - Fixed cursor: default on all non-interactive elements - Disabled user-select on non-form content to prevent text caret 2026-02-14 14:17:15 +00:00			`import express from 'express';`
			`import cors from 'cors';`
			`import rateLimit from 'express-rate-limit';`
			`import pg from 'pg';`
			`import bcrypt from 'bcrypt';`
			`import jwt from 'jsonwebtoken';`
			`import dotenv from 'dotenv';`
			`import {`
			`createCheckoutSession,`
			`getSubscriptionStatus,`
			`createPortalSession,`
			`handleWebhookEvent,`
			`verifyWebhookSignature`
			`} from './stripe-billing.js';`
			`import {`
			`attachSubscription,`
			`requireActiveSubscription`
			`} from './subscription-middleware.js';`

			`dotenv.config();`

			`const app = express();`
			`const pool = new pg.Pool({`
			`connectionString: process.env.DATABASE_URL \|\| 'postgresql://tenderpilot:tenderpilot123@localhost:5432/tenderpilot'`
			`});`

			`// Middleware`
			`app.use(cors());`

			`// Raw body parser for webhooks (must be before express.json())`
			`app.use('/api/billing/webhook', express.raw({ type: 'application/json' }));`

			`// JSON parser for all other routes`
			`app.use(express.json());`

			`const limiter = rateLimit({`
			`windowMs: 15 * 60 * 1000,`
			`max: 100`
			`});`
			`app.use('/api/', limiter);`

			`// Auth token verification middleware`
			`const verifyToken = (req, res, next) => {`
			`const token = req.headers.authorization?.split(' ')[1];`
			`if (!token) return res.status(401).json({ error: 'No token provided' });`

			`try {`
			`req.user = jwt.verify(token, process.env.JWT_SECRET);`
			`next();`
			`} catch (e) {`
			`res.status(401).json({ error: 'Invalid token' });`
			`}`
			`};`

			`// Attach subscription info to request (after token verification)`
			`app.use('/api/', attachSubscription(pool));`

			`// Health check`
			`app.get('/health', (req, res) => {`
			`res.json({ status: 'ok' });`
			`});`

			`// POST /api/auth/register`
			`app.post('/api/auth/register', async (req, res) => {`
			`try {`
			`const { email, password, company_name, tier } = req.body;`

			`if (!email \|\| !password) {`
			`return res.status(400).json({ error: 'Email and password required' });`
			`}`

			`const hashedPassword = await bcrypt.hash(password, 10);`

			`const result = await pool.query(`
			`'INSERT INTO users (email, password_hash, company_name, tier) VALUES ($1, $2, $3, $4) RETURNING id, email, company_name, tier',`
			`[email, hashedPassword, company_name \|\| '', tier \|\| 'free']`
			`);`

			`const user = result.rows[0];`
			`const token = jwt.sign({ id: user.id, email: user.email }, process.env.JWT_SECRET);`

			`res.status(201).json({ user, token });`
			`} catch (error) {`
			`console.error(error);`
			`if (error.code === '23505') {`
			`return res.status(400).json({ error: 'Email already exists' });`
			`}`
			`res.status(500).json({ error: 'Registration failed' });`
			`}`
			`});`

			`// POST /api/auth/login`
			`app.post('/api/auth/login', async (req, res) => {`
			`try {`
			`const { email, password } = req.body;`

			`if (!email \|\| !password) {`
			`return res.status(400).json({ error: 'Email and password required' });`
			`}`

			`const result = await pool.query('SELECT * FROM users WHERE email = $1', [email]);`
			`if (result.rows.length === 0) {`
			`return res.status(401).json({ error: 'Invalid credentials' });`
			`}`

			`const user = result.rows[0];`
			`const passwordMatch = await bcrypt.compare(password, user.password_hash);`

			`if (!passwordMatch) {`
			`return res.status(401).json({ error: 'Invalid credentials' });`
			`}`

			`const token = jwt.sign({ id: user.id, email: user.email }, process.env.JWT_SECRET);`
			`res.json({ user: { id: user.id, email: user.email, company_name: user.company_name, tier: user.tier }, token });`
			`} catch (error) {`
			`console.error(error);`
			`res.status(500).json({ error: 'Login failed' });`
			`}`
			`});`

			`// GET /api/tenders`
			`app.get('/api/tenders', verifyToken, async (req, res) => {`
			`try {`
			`const { search, sort, limit, offset } = req.query;`
			`let query = 'SELECT * FROM tenders WHERE status = $1';`
			`const params = ['open'];`
			`let paramIndex = 2;`

			`if (search) {`
			query += ` AND (title ILIKE $${paramIndex} OR description ILIKE $${paramIndex})`;
			params.push(`%${search}%`);
			`paramIndex++;`
			`}`

			query += ` ORDER BY ${sort === 'value' ? 'value_high DESC' : 'deadline ASC'} LIMIT $${paramIndex} OFFSET $${paramIndex + 1}`;
			`params.push(Math.min(parseInt(limit) \|\| 20, 100), parseInt(offset) \|\| 0);`

			`const result = await pool.query(query, params);`
			`res.json({ tenders: result.rows, total: result.rows.length });`
			`} catch (error) {`
			`console.error(error);`
			`res.status(500).json({ error: 'Failed to fetch tenders' });`
			`}`
			`});`

			`// GET /api/tenders/:id`
			`app.get('/api/tenders/:id', verifyToken, async (req, res) => {`
			`try {`
			`const result = await pool.query('SELECT * FROM tenders WHERE id = $1', [req.params.id]);`
			`if (result.rows.length === 0) {`
			`return res.status(404).json({ error: 'Tender not found' });`
			`}`
			`res.json(result.rows[0]);`
			`} catch (error) {`
			`console.error(error);`
			`res.status(500).json({ error: 'Failed to fetch tender' });`
			`}`
			`});`

			`// POST /api/profile`
			`app.post('/api/profile', verifyToken, async (req, res) => {`
			`try {`
			`const { sectors, keywords, min_value, max_value, locations, authority_types } = req.body;`

			`const result = await pool.query(`
			`INSERT INTO profiles (user_id, sectors, keywords, min_value, max_value, locations, authority_types)
			`VALUES ($1, $2, $3, $4, $5, $6, $7)`
			`ON CONFLICT (user_id) DO UPDATE SET`
			`sectors = $2, keywords = $3, min_value = $4, max_value = $5, locations = $6, authority_types = $7, updated_at = CURRENT_TIMESTAMP`
			RETURNING *`,
			`[req.user.id, sectors \|\| [], keywords \|\| [], min_value \|\| null, max_value \|\| null, locations \|\| [], authority_types \|\| []]`
			`);`

			`res.json(result.rows[0]);`
			`} catch (error) {`
			`console.error(error);`
			`res.status(500).json({ error: 'Failed to save profile' });`
			`}`
			`});`

			`// GET /api/matches`
			`app.get('/api/matches', verifyToken, async (req, res) => {`
			`try {`
			`const result = await pool.query(`
			`SELECT t.* FROM tenders t
			`INNER JOIN matches m ON t.id = m.tender_id`
			`WHERE m.user_id = $1`
			ORDER BY t.deadline ASC`,
			`[req.user.id]`
			`);`
			`res.json({ matches: result.rows });`
			`} catch (error) {`
			`console.error(error);`
			`res.status(500).json({ error: 'Failed to fetch matches' });`
			`}`
			`});`

			`// GET /api/alerts/preferences`
			`app.get('/api/alerts/preferences', verifyToken, async (req, res) => {`
			`try {`
			`const result = await pool.query(`
			`'SELECT id, user_id, keywords, sectors, min_value, max_value, locations, authority_types, created_at, updated_at FROM profiles WHERE user_id = $1',`
			`[req.user.id]`
			`);`

			`if (result.rows.length === 0) {`
			`return res.json({ preferences: null });`
			`}`

			`res.json({ preferences: result.rows[0] });`
			`} catch (error) {`
			`console.error(error);`
			`res.status(500).json({ error: 'Failed to fetch alert preferences' });`
			`}`
			`});`

			`// POST /api/alerts/preferences`
			`app.post('/api/alerts/preferences', verifyToken, async (req, res) => {`
			`try {`
			`const { keywords, sectors, min_value, max_value, locations, authority_types } = req.body;`

			`// Validate value ranges`
			`if (min_value && max_value && min_value > max_value) {`
			`return res.status(400).json({ error: 'min_value cannot be greater than max_value' });`
			`}`

			`const result = await pool.query(`
			`INSERT INTO profiles (user_id, keywords, sectors, min_value, max_value, locations, authority_types)
			`VALUES ($1, $2, $3, $4, $5, $6, $7)`
			`ON CONFLICT (user_id) DO UPDATE SET`
			`keywords = $2, sectors = $3, min_value = $4, max_value = $5, locations = $6, authority_types = $7, updated_at = CURRENT_TIMESTAMP`
			RETURNING id, user_id, keywords, sectors, min_value, max_value, locations, authority_types, created_at, updated_at`,
			`[req.user.id, keywords \|\| [], sectors \|\| [], min_value \|\| null, max_value \|\| null, locations \|\| [], authority_types \|\| []]`
			`);`

			`res.json({`
			`preferences: result.rows[0],`
			`message: 'Alert preferences updated successfully'`
			`});`
			`} catch (error) {`
			`console.error(error);`
			`res.status(500).json({ error: 'Failed to save alert preferences' });`
			`}`
			`});`

			`// ===== BILLING ROUTES =====`

			`// POST /api/billing/checkout - Create a checkout session`
			`app.post('/api/billing/checkout', verifyToken, async (req, res) => {`
			`try {`
			`const { plan, successUrl, cancelUrl } = req.body;`

			`if (!plan \|\| !successUrl \|\| !cancelUrl) {`
			`return res.status(400).json({ error: 'plan, successUrl, and cancelUrl are required' });`
			`}`

			`const user = await pool.query('SELECT email FROM users WHERE id = $1', [req.user.id]);`
			`if (user.rows.length === 0) {`
			`return res.status(404).json({ error: 'User not found' });`
			`}`

			`const session = await createCheckoutSession(`
			`pool,`
			`req.user.id,`
			`user.rows[0].email,`
			`plan,`
			`successUrl,`
			`cancelUrl`
			`);`

			`res.json({`
			`sessionId: session.id,`
			`url: session.url`
			`});`
			`} catch (error) {`
			`console.error('Checkout error:', error);`
			`res.status(500).json({ error: error.message });`
			`}`
			`});`

			`// POST /api/billing/webhook - Stripe webhook handler`
			`app.post('/api/billing/webhook', async (req, res) => {`
			`const signature = req.headers['stripe-signature'];`

			`try {`
			`const event = verifyWebhookSignature(`
			`req.body,`
			`signature,`
			`process.env.STRIPE_WEBHOOK_SECRET`
			`);`

			`await handleWebhookEvent(pool, event);`

			`res.json({ received: true });`
			`} catch (error) {`
			`console.error('Webhook error:', error.message);`
			`res.status(400).json({ error: 'Webhook signature verification failed' });`
			`}`
			`});`

			`// GET /api/billing/subscription - Get current subscription status`
			`app.get('/api/billing/subscription', verifyToken, async (req, res) => {`
			`try {`
			`const subscription = await getSubscriptionStatus(pool, req.user.id);`

			`if (!subscription) {`
			`return res.json({`
			`subscription: null,`
			`message: 'No active subscription. User is on free tier.'`
			`});`
			`}`

			`res.json({ subscription });`
			`} catch (error) {`
			`console.error('Subscription status error:', error);`
			`res.status(500).json({ error: error.message });`
			`}`
			`});`

			`// POST /api/billing/portal - Create Stripe Customer Portal session`
			`app.post('/api/billing/portal', verifyToken, async (req, res) => {`
			`try {`
			`const { returnUrl } = req.body;`

			`if (!returnUrl) {`
			`return res.status(400).json({ error: 'returnUrl is required' });`
			`}`

			`const session = await createPortalSession(pool, req.user.id, returnUrl);`

			`res.json({`
			`url: session.url`
			`});`
			`} catch (error) {`
			`console.error('Portal session error:', error);`
			`res.status(500).json({ error: error.message });`
			`}`
			`});`

			`// Error handling`
			`app.use((err, req, res, next) => {`
			`console.error(err);`
			`res.status(500).json({ error: 'Internal server error' });`
			`});`

			`const PORT = process.env.PORT \|\| 3456;`
			`app.listen(PORT, () => {`
			console.log(`Server running on port ${PORT}`);
			`});`