feat(saas): full SquareMCP SaaS platform v1

- JWT auth with bcrypt password hashing, cookie sessions, forgot/reset password - Per-user encrypted credential storage (Redis + AES-256-GCM) for all 9 platforms - Usage tracking with monthly limits per plan (free/starter/growth/enterprise) - Invoice generation and retrieval (admin + user views) - Admin panel with customer listing (role-based access) - Web app UI at app.squaremcp.com — login, dashboard, connections, usage, invoices - Unified auth middleware: API key, OAuth Bearer, and JWT cookie support - Facebook Graph API fixes: published_posts endpoint, photo/video post support - TikTok sandbox compliance: SELF_ONLY privacy for unaudited apps - URL verification files for TikTok app review
2026-05-13 08:42:33 -04:00
parent 7796de12bf
commit a5e4c55885
46 changed files with 4054 additions and 171 deletions
--- a/.env.example
+++ b/.env.example
@@ -81,3 +81,20 @@ INSTAGRAM_DEFAULT_BUSINESS_ACCOUNT_ID=your-instagram-business-account-id
 # For default account:
 TWITTER_DEFAULT_BEARER_TOKEN=your-twitter-bearer-token
 # For additional accounts, duplicate with TWITTER_{ACCOUNT}_*
+
+# ── TikTok Content Posting API ───────────────────────────────────────────────
+# Get an access token from the TikTok developer app with Content Posting scopes
+# Login Kit / OAuth app credentials:
+TIKTOK_CLIENT_KEY=your-tiktok-client-key
+TIKTOK_CLIENT_SECRET=your-tiktok-client-secret
+TIKTOK_REDIRECT_URI=https://tiktok.squaremcp.com/auth/tiktok/callback
+# For default account:
+TIKTOK_DEFAULT_ACCESS_TOKEN=your-tiktok-access-token
+# For additional accounts, duplicate with TIKTOK_{ACCOUNT}_*
+
+# ── Facebook Graph API ───────────────────────────────────────────────────────
+# Use a Page access token with pages_manage_posts + pages_read_engagement
+# For default account:
+FACEBOOK_DEFAULT_ACCESS_TOKEN=your-facebook-page-access-token
+FACEBOOK_DEFAULT_PAGE_ID=your-facebook-page-id
+# For additional accounts, duplicate with FACEBOOK_{ACCOUNT}_*