eksa-framework 3.3.3 → 3.5.0

data/lib/eksa/cms_controller.rb

@@ -0,0 +1,110 @@
+module Eksa
+  class CmsController < Eksa::Controller
+    def index
+      return unless require_auth
+      
+      @posts = Eksa::MarkdownPost.all(include_unpublished: true)
+      render_internal 'cms/index'
+    end
+
+    def edit
+      return unless require_auth
+      
+      slug = params['slug']
+      @post = Eksa::MarkdownPost.find(slug)
+      
+      if @post
+        render_internal 'cms/edit'
+      else
+        redirect_to "/cms", notice: "Error: Postingan tidak ditemukan."
+      end
+    end
+
+    def update_post
+      return unless require_auth
+      
+      slug = params['slug']
+      post_path = File.join(Eksa::MarkdownPost::POSTS_DIR, "#{slug}.md")
+      
+      unless File.exist?(post_path)
+        return redirect_to "/cms", notice: "Error: Postingan tidak ditemukan."
+      end
+
+      # Existing metadata fetching to preserve unmodified keys like 'date' if not handling them
+      # We parse form params
+      title = params['title']
+      category = params['category']
+      author = params['author']
+      image = params['image']
+      content = params['content']
+      
+      # We'll re-read the original to preserve keys we aren't allowing to edit (like published status and date)
+      original_content = File.read(post_path, encoding: 'utf-8')
+      metadata = {}
+      
+      if original_content =~ /\A(---\s*\r?\n.*?\r?\n)^(---\s*\r?\n?)/m
+        metadata = YAML.safe_load($1, permitted_classes: [Time]) || {}
+      end
+      
+      # Update metadata with form values
+      metadata['title'] = title
+      metadata['category'] = category
+      metadata['author'] = author
+      metadata['image'] = image unless image.nil? || image.strip.empty?
+      
+      # Dump new YAML
+      new_yaml = YAML.dump(metadata)
+      
+      # Join with content
+      new_file_content = "#{new_yaml}---\n\n#{content}"
+      
+      # Write changes
+      File.write(post_path, new_file_content, encoding: 'utf-8')
+      
+      redirect_to "/cms", notice: "Postingan '#{title}' berhasil diperbarui."
+    end
+
+    def toggle_status
+      return unless require_auth
+      
+      slug = params['slug']
+      post_path = File.join(Eksa::MarkdownPost::POSTS_DIR, "#{slug}.md")
+      
+      if File.exist?(post_path)
+        content = File.read(post_path, encoding: 'utf-8')
+        
+        # Simple string replacement for published status in front matter
+        if content.match?(/^published:\s*false/m)
+          new_content = content.sub(/^published:\s*false/m, "published: true")
+          status = "diaktifkan"
+        elsif content.match?(/^published:\s*true/m)
+          new_content = content.sub(/^published:\s*true/m, "published: false")
+          status = "dinonaktifkan"
+        else
+          # If no published tag exists, it's implicitly true, so we set it to false
+          new_content = content.sub(/\A(---\r?\n)/) { "#{$1}published: false\n" }
+          status = "dinonaktifkan"
+        end
+        
+        File.write(post_path, new_content)
+        redirect_to "/cms", notice: "Postingan #{File.basename(post_path)} berhasil #{status}."
+      else
+        redirect_to "/cms", notice: "Error: Postingan tidak ditemukan."
+      end
+    end
+
+    def delete_post
+      return unless require_auth
+
+      slug = params['slug']
+      post_path = File.join(Eksa::MarkdownPost::POSTS_DIR, "#{slug}.md")
+
+      if File.exist?(post_path)
+        File.delete(post_path)
+        redirect_to "/cms", notice: "Postingan berhasil dihapus secara permanen."
+      else
+        redirect_to "/cms", notice: "Error: Postingan tidak ditemukan."
+      end
+    end
+  end
+end

data/lib/eksa/controller.rb

@@ -15,6 +15,23 @@ module Eksa
       @request.params
     end
 
+    def session
+      @request.session
+    end
+
+    def current_user
+      return @current_user if defined?(@current_user)
+      @current_user = session['user_id'] ? Eksa::User.find(session['user_id']) : nil
+    end
+
+    def require_auth
+      unless current_user
+        redirect_to "/auth/login", notice: "Anda harus login untuk mengakses halaman ini."
+        return false
+      end
+      true
+    end
+
     def stylesheet_tag(filename)
       "<link rel='stylesheet' href='/css/#{filename}.css'>"
     end
@@ -38,22 +55,31 @@ module Eksa
       variables.each { |k, v| instance_variable_set("@#{k}", v) }
 
       content_path = File.expand_path("./app/views/#{template_name}.html.erb")
+      internal_content_path = File.expand_path("../../eksa/views/#{template_name}.html.erb", __FILE__)
+      
       layout_path  = File.expand_path("./app/views/layout.html.erb")
+      internal_layout_path  = File.expand_path("../../eksa/views/layout.html.erb", __FILE__)
+
+      actual_content_path = File.exist?(content_path) ? content_path : internal_content_path
+      actual_layout_path = File.exist?(layout_path) ? layout_path : internal_layout_path
 
-      if File.exist?(content_path)
-        @content = ERB.new(File.read(content_path)).result(binding)
-        if File.exist?(layout_path)
-          ERB.new(File.read(layout_path)).result(binding)
+      if File.exist?(actual_content_path)
+        @content = ERB.new(File.read(actual_content_path)).result(binding)
+        if File.exist?(actual_layout_path)
+          ERB.new(File.read(actual_layout_path)).result(binding)
         else
           @content
         end
       else
         "<div class='glass' style='padding: 2rem; border-radius: 1rem; color: #ff5555; background: rgba(255,0,0,0.1); backdrop-filter: blur(10px);'>
           <h2 style='margin-top:0;'>⚠️ View Error</h2>
-          <p>Template <strong>#{template_name}</strong> tidak ditemukan di:</p>
-          <code style='display:block; background:rgba(0,0,0,0.2); padding:0.5rem; border-radius:0.5rem;'>#{content_path}</code>
+          <p>Template <strong>#{template_name}</strong> tidak ditemukan di app/views atau internal eksa/views.</p>
         </div>"
       end
     end
+
+    def render_internal(template_name, variables = {})
+      render(template_name, variables)
+    end
   end
 end

data/lib/eksa/database/mongo_adapter.rb

@@ -0,0 +1,154 @@
+require 'mongo'
+
+module Eksa
+  class MongoAdapter
+    def initialize(config)
+      @uri = config&.[]('uri')
+      @client = nil
+    end
+
+    def connection
+      return @client if @client
+      raise "MongoDB URI not configured in .eksa.json" if @uri.nil? || @uri.empty?
+      
+      # Atlas URIs usually contain the database name, if not, we use 'eksa_db'
+      @client = Mongo::Client.new(@uri)
+      @client
+    end
+
+    def execute(sql, params = [])
+      # Minimal SQL-to-Mongo translator for Eksa models
+      
+      # 1. CREATE TABLE IF NOT EXISTS [table]
+      if sql =~ /CREATE TABLE IF NOT EXISTS (\w+)/i
+        # Mongo creates collections on the fly
+        return []
+      end
+
+      # 2. SELECT * FROM [table] ...
+      if sql =~ /SELECT (.*) FROM (\w+)/i
+        table_name = $2
+        query = {}
+        
+        # Handle WHERE clauses
+        if sql =~ /WHERE (.*) ORDER BY/i || sql =~ /WHERE (.*) LIMIT/i || sql =~ /WHERE (.*)$/i
+          where_clause = $1
+          
+          # Handle OR + LIKE (specific for Search)
+          if where_clause =~ /(\w+) LIKE \? OR (\w+) LIKE \?/i
+            field1 = $1
+            field2 = $2
+            # Extract keyword from params (strip % if present)
+            term1 = params[0].to_s.gsub('%', '')
+            term2 = params[1].to_s.gsub('%', '')
+            
+            query = {
+              '$or' => [
+                { field1.to_sym => /#{Regexp.escape(term1)}/i },
+                { field2.to_sym => /#{Regexp.escape(term2)}/i }
+              ]
+            }
+          # Handle single LIKE
+          elsif where_clause =~ /(\w+) LIKE \?/i
+            field = $1
+            term = params[0].to_s.gsub('%', '')
+            query = { field.to_sym => /#{Regexp.escape(term)}/i }
+          # Handle simple field = ?
+          elsif where_clause =~ /id = \?/i || where_clause =~ /_id = \?/i
+            val = params[0]
+            query = { _id: val.is_a?(String) ? BSON::ObjectId.from_string(val) : val }
+          elsif where_clause =~ /(\w+) = \?/i
+            query = { $1.to_sym => params[0] }
+          end
+        end
+
+        view = connection[table_name.to_sym].find(query)
+        
+        # Handle ORDER BY
+        if sql =~ /ORDER BY (\w+)(?: (ASC|DESC))?/i
+          sort_field = $1
+          direction = ($2 || 'ASC').upcase == 'DESC' ? -1 : 1
+          # Mongo id maps to _id
+          sort_field = '_id' if sort_field == 'id'
+          view = view.sort({ sort_field => direction })
+        end
+
+        view = view.limit(1) if sql =~ /LIMIT 1/i
+        results = view.to_a
+        
+        return results.map do |doc|
+          # Try to make it look like a flat array similar to SQLite row
+          # We don't know the exact schema, but we can return the values
+          # For Eksa::User we specifically need [id, username, password_hash]
+          if table_name == 'eksa_users'
+            [doc['_id'].to_s, doc['username'], doc['password_hash'], doc['created_at']]
+          else
+            # For other models, return a hash-like object if possible, 
+            # or just the values in order. Since User specifically uses indices, 
+            # and generic models might use indices or keys, this is tricky.
+            # Most Eksa models result in array-of-arrays from SQLite gem.
+            doc.values.map { |v| v.is_a?(BSON::ObjectId) ? v.to_s : v }
+          end
+        end
+      end
+
+      # 3. INSERT INTO [table] ([cols]) VALUES ([vals])
+      if sql =~ /INSERT INTO (\w+) \((.*)\) VALUES/i
+        table_name = $1
+        cols = $2.split(',').map(&:strip)
+        doc = {}
+        cols.each_with_index do |col, i|
+          doc[col.to_sym] = params[i]
+        end
+        doc[:created_at] ||= Time.now
+        
+        connection[table_name.to_sym].insert_one(doc)
+        return []
+      end
+
+      # 4. UPDATE [table] SET [col1] = ?, [col2] = ? WHERE [col] = ?
+      if sql =~ /UPDATE (\w+) SET (.*) WHERE (\w+) = \?/i
+        table_name = $1
+        set_clause = $2
+        where_col = $3
+        
+        # Parse set assignments (e.g., "col1 = ?, col2 = ?")
+        # We assume the order matches params[0...n-1]
+        cols = set_clause.split(',').map { |s| s.split('=').first.strip }
+        
+        set_data = {}
+        cols.each_with_index do |col, i|
+          set_data[col.to_sym] = params[i]
+        end
+        
+        # The last parameter is the WHERE value
+        where_val = params.last
+        selector = if where_col == 'id'
+          { _id: where_val.is_a?(String) ? BSON::ObjectId.from_string(where_val) : where_val }
+        else
+          { where_col.to_sym => where_val }
+        end
+
+        connection[table_name.to_sym].update_one(selector, { '$set' => set_data })
+        return []
+      end
+
+      # 5. DELETE FROM [table] WHERE (\w+) = ?
+      if sql =~ /DELETE FROM (\w+) WHERE (\w+) = \?/i
+        table_name = $1
+        where_col = $2
+        
+        selector = if where_col == 'id'
+          { _id: params[0].is_a?(String) ? BSON::ObjectId.from_string(params[0]) : params[0] }
+        else
+          { where_col.to_sym => params[0] }
+        end
+        
+        connection[table_name.to_sym].delete_one(selector)
+        return []
+      end
+
+      raise "Unsupported SQL query for MongoAdapter: #{sql}"
+    end
+  end
+end

data/lib/eksa/database/sqlite_adapter.rb

@@ -0,0 +1,26 @@
+require 'sqlite3'
+require 'fileutils'
+
+module Eksa
+  class SqliteAdapter
+    def initialize(config)
+      @path = config&.[]('path') || File.expand_path("../../../db/eksa_app.db", __FILE__)
+      ensure_db_dir
+    end
+
+    def connection
+      @connection ||= SQLite3::Database.new(@path)
+    end
+
+    def execute(sql, params = [])
+      connection.execute(sql, params)
+    end
+
+    private
+
+    def ensure_db_dir
+      db_dir = File.dirname(@path)
+      FileUtils.mkdir_p(db_dir) unless Dir.exist?(db_dir)
+    end
+  end
+end

data/lib/eksa/database.rb

@@ -0,0 +1,47 @@
+require 'json'
+begin
+  require 'dotenv'
+  Dotenv.load if File.exist?('.env')
+rescue LoadError
+  # Dotenv not available, rely on existing ENV
+end
+
+module Eksa
+  module Database
+    def self.adapter
+      @adapter ||= create_adapter
+    end
+
+    def self.reset_adapter
+      @adapter = nil
+    end
+
+    def self.create_adapter
+      config = load_config
+      type = config.dig('database', 'type') || 'sqlite'
+
+      case type
+      when 'mongo', 'mongodb'
+        require_relative 'database/mongo_adapter'
+        mongo_config = config.dig('database', 'mongodb') || {}
+        
+        # Prioritize Environment Variable for Security
+        env_uri = ENV['EKSA_MONGODB_URI'] || ENV['MONGODB_URI']
+        mongo_config['uri'] = env_uri if env_uri
+
+        MongoAdapter.new(mongo_config)
+      else
+        require_relative 'database/sqlite_adapter'
+        SqliteAdapter.new(config.dig('database', 'sqlite'))
+      end
+    end
+
+    def self.load_config
+      config_path = File.join(Dir.pwd, '.eksa.json')
+      return {} unless File.exist?(config_path)
+      JSON.parse(File.read(config_path))
+    rescue
+      {}
+    end
+  end
+end

data/lib/eksa/markdown_post.rb

@@ -10,16 +10,19 @@ module Eksa
 
     POSTS_DIR = "_posts"
 
-    def self.all
+    def self.all(include_unpublished: false)
       return [] unless Dir.exist?(POSTS_DIR)
       
-      Dir.glob(File.join(POSTS_DIR, "*.md")).map do |file|
+      posts = Dir.glob(File.join(POSTS_DIR, "*.md")).map do |file|
         new(file)
-      end.sort_by { |p| p.date }.reverse
+      end
+      
+      posts.reject! { |p| !p.published? } unless include_unpublished
+      posts.sort_by { |p| p.date }.reverse
     end
 
     def self.find(slug)
-      all.find { |p| p.slug == slug }
+      all(include_unpublished: true).find { |p| p.slug == slug && p.published? }
     end
 
     def initialize(file_path)
@@ -48,6 +51,10 @@ module Eksa
       @metadata['image'] || ""
     end
 
+    def published?
+      @metadata.key?('published') ? @metadata['published'] : true
+    end
+
     def body_html
       Kramdown::Document.new(@content, input: 'GFM').to_html
     end

data/lib/eksa/model.rb

@@ -1,24 +1,10 @@
-require 'sqlite3'
-require 'fileutils'
+require_relative 'database'
 
 module Eksa
   class Model
-    class << self
-      attr_accessor :database_path
-    end
-
     def self.db
-      path = database_path || default_db_path
-      db_dir = File.dirname(path)
-      FileUtils.mkdir_p(db_dir) unless Dir.exist?(db_dir)
-      
-      @db ||= SQLite3::Database.new(path)
       ensure_schema
-      @db
-    end
-
-    def self.default_db_path
-      File.expand_path("../../db/eksa_app.db", __dir__)
+      Eksa::Database.adapter
     end
 
     def self.ensure_schema

data/lib/eksa/user.rb

@@ -0,0 +1,47 @@
+module Eksa
+  class User < Eksa::Model
+    require 'bcrypt'
+
+    def self.setup_schema
+      db.execute <<~SQL
+        CREATE TABLE IF NOT EXISTS eksa_users (
+          id INTEGER PRIMARY KEY AUTOINCREMENT,
+          username TEXT UNIQUE,
+          password_hash TEXT,
+          created_at DATETIME DEFAULT CURRENT_TIMESTAMP
+        )
+      SQL
+    end
+
+    def self.all
+      db.execute("SELECT id, username FROM eksa_users")
+    end
+
+    def self.create(username, password)
+      hash = BCrypt::Password.create(password)
+      db.execute("INSERT INTO eksa_users (username, password_hash) VALUES (?, ?)", [username, hash])
+    end
+
+    def self.update_password(username, new_password)
+      hash = BCrypt::Password.create(new_password)
+      db.execute("UPDATE eksa_users SET password_hash = ? WHERE username = ?", [hash, username])
+    end
+
+    def self.authenticate(username, password)
+      user_data = db.execute("SELECT id, username, password_hash FROM eksa_users WHERE username = ? LIMIT 1", [username]).first
+      return nil unless user_data
+
+      stored_hash = BCrypt::Password.new(user_data[2])
+      if stored_hash == password
+        { id: user_data[0], username: user_data[1] }
+      else
+        nil
+      end
+    end
+
+    def self.find(id)
+      user_data = db.execute("SELECT id, username FROM eksa_users WHERE id = ? LIMIT 1", [id]).first
+      user_data ? { id: user_data[0], username: user_data[1] } : nil
+    end
+  end
+end

data/lib/eksa/version.rb

@@ -1,3 +1,3 @@
 module Eksa
-  VERSION = "3.3.3"
+  VERSION = "3.5.0"
 end

data/lib/eksa/views/auth/login.html.erb

@@ -0,0 +1,44 @@
+<div class="glass max-w-md mx-auto rounded-3xl p-8 animate__animated animate__fadeIn relative overflow-hidden">
+  <div class="absolute inset-0 bg-indigo-500/10 blur-3xl rounded-full translate-x-1/2 -translate-y-1/2"></div>
+  
+  <div class="relative z-10 text-center mb-8">
+    <div class="w-16 h-16 bg-white/10 rounded-2xl flex items-center justify-center mx-auto mb-4 border border-white/20 shadow-xl">
+      <i data-lucide="lock" class="w-8 h-8 text-indigo-300"></i>
+    </div>
+    <h1 class="text-3xl font-extrabold text-white tracking-tight mb-2">Masuk CMS</h1>
+    <p class="text-white/50 text-sm">Masuk untuk mengelola postingan blog Anda.</p>
+  </div>
+
+  <% if @flash && @flash[:notice] %>
+    <div class="relative z-10 mb-6 p-4 rounded-xl bg-red-500/20 border border-red-500/30 text-red-200 text-sm text-center font-medium animate__animated animate__shakeX">
+      <i data-lucide="alert-circle" class="w-4 h-4 inline-block mr-1 -mt-0.5"></i>
+      <%= @flash[:notice] %>
+    </div>
+  <% end %>
+
+  <form action="/auth/process_login" method="post" class="relative z-10 space-y-4">
+    <div>
+      <label class="block text-xs font-bold text-indigo-300 uppercase tracking-widest mb-2">Username</label>
+      <input type="text" name="username" required 
+             class="w-full bg-black/40 border border-white/10 rounded-xl px-4 py-3 text-white focus:outline-none focus:border-indigo-500 focus:ring-1 focus:ring-indigo-500 transition placeholder-white/20"
+             placeholder="Masukkan username...">
+    </div>
+    
+    <div>
+      <label class="block text-xs font-bold text-indigo-300 uppercase tracking-widest mb-2">Password</label>
+      <input type="password" name="password" required 
+             class="w-full bg-black/40 border border-white/10 rounded-xl px-4 py-3 text-white focus:outline-none focus:border-indigo-500 focus:ring-1 focus:ring-indigo-500 transition placeholder-white/20"
+             placeholder="••••••••">
+    </div>
+
+    <button type="submit" class="w-full mt-4 bg-indigo-600 hover:bg-indigo-500 text-white font-bold py-3 px-4 rounded-xl transition duration-300 shadow-lg shadow-indigo-600/30 flex items-center justify-center gap-2">
+      <i data-lucide="log-in" class="w-4 h-4"></i> Sign In
+    </button>
+  </form>
+
+  <div class="relative z-10 mt-6 text-center">
+    <p class="text-white/40 text-xs">Belum punya akun admin? 
+      <a href="/auth/register" class="text-indigo-400 hover:text-white transition font-medium">Register di sini</a>
+    </p>
+  </div>
+</div>

data/lib/eksa/views/auth/register.html.erb

@@ -0,0 +1,53 @@
+<div class="glass max-w-md mx-auto rounded-3xl p-8 animate__animated animate__fadeIn relative overflow-hidden">
+  <div class="absolute inset-0 bg-emerald-500/10 blur-3xl rounded-full translate-x-1/2 -translate-y-1/2"></div>
+  
+  <div class="relative z-10 text-center mb-8">
+    <div class="w-16 h-16 bg-white/10 rounded-2xl flex items-center justify-center mx-auto mb-4 border border-white/20 shadow-xl">
+      <i data-lucide="user-plus" class="w-8 h-8 text-emerald-300"></i>
+    </div>
+    <h1 class="text-3xl font-extrabold text-white tracking-tight mb-2">Registrasi Admin</h1>
+    <p class="text-white/50 text-sm">Buat akun untuk mengelola Eksa Framework.</p>
+  </div>
+
+  <% if @admin_exists %>
+    <div class="relative z-10 text-center bg-emerald-500/20 border border-emerald-500/30 rounded-xl p-6 text-emerald-200">
+      <i data-lucide="badge-check" class="w-12 h-12 mx-auto mb-3 text-emerald-400"></i>
+      <h2 class="text-lg font-bold mb-2 text-white">Akun Admin Sudah Dibuat</h2>
+      <p class="text-sm opacity-80 text-white/70">Hanya satu akun admin yang diizinkan untuk keamanan CMS.</p>
+    </div>
+  <% else %>
+  
+    <% if @flash && @flash[:notice] %>
+      <div class="relative z-10 mb-6 p-4 rounded-xl bg-red-500/20 border border-red-500/30 text-red-200 text-sm text-center font-medium animate__animated animate__shakeX">
+        <i data-lucide="alert-circle" class="w-4 h-4 inline-block mr-1 -mt-0.5"></i>
+        <%= @flash[:notice] %>
+      </div>
+    <% end %>
+
+    <form action="/auth/process_register" method="post" class="relative z-10 space-y-4">
+      <div>
+        <label class="block text-xs font-bold text-emerald-300 uppercase tracking-widest mb-2">Username</label>
+        <input type="text" name="username" required 
+               class="w-full bg-black/40 border border-white/10 rounded-xl px-4 py-3 text-white focus:outline-none focus:border-emerald-500 focus:ring-1 focus:ring-emerald-500 transition placeholder-white/20"
+               placeholder="Pilih username...">
+      </div>
+      
+      <div>
+        <label class="block text-xs font-bold text-emerald-300 uppercase tracking-widest mb-2">Password</label>
+        <input type="password" name="password" required minlength="6"
+               class="w-full bg-black/40 border border-white/10 rounded-xl px-4 py-3 text-white focus:outline-none focus:border-emerald-500 focus:ring-1 focus:ring-emerald-500 transition placeholder-white/20"
+               placeholder="Minimal 6 karakter">
+      </div>
+
+      <button type="submit" class="w-full mt-4 bg-emerald-600 hover:bg-emerald-500 text-white font-bold py-3 px-4 rounded-xl transition duration-300 shadow-lg shadow-emerald-600/30 flex items-center justify-center gap-2">
+        <i data-lucide="shield-check" class="w-4 h-4"></i> Buat Akun
+      </button>
+    </form>
+  <% end %>
+
+  <div class="relative z-10 mt-6 text-center">
+    <p class="text-white/40 text-xs">Sudah punya akun? 
+      <a href="/auth/login" class="text-emerald-400 hover:text-white transition font-medium">Login sekarang</a>
+    </p>
+  </div>
+</div>