@a83/orbiter-admin 0.3.13 → 0.3.14

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@a83/orbiter-admin",
-  "version": "0.3.13",
+  "version": "0.3.14",
   "description": "Standalone admin server for Orbiter CMS",
   "type": "module",
   "main": "./src/server.js",
@@ -29,6 +29,7 @@
     "@a83/orbiter-core": "^0.3.2",
     "@hono/node-server": "^1.14.4",
     "hono": "^4.7.11",
+    "nodemailer": "^8.0.10",
     "sharp": "^0.34.5"
   }
 }

package/public/editor.html

@@ -409,6 +409,9 @@
         <span class="logout" id="logout-btn">Sign out</span>
       </div>
     </header>
+    <div id="lock-banner" style="display:none;background:color-mix(in srgb,var(--gold) 12%,var(--bg2));border-bottom:1px solid color-mix(in srgb,var(--gold) 30%,transparent);padding:7px 20px;font-size:11px;color:var(--text);display:none;align-items:center;gap:8px;">
+      <span style="color:var(--gold);">⚠</span> <span id="lock-banner-msg"></span>
+    </div>
     <div class="editor-shell" id="editor-shell">
       <div class="editor-main" id="editor-main">
         <div id="saved-flash" style="display:none;" class="saved-flash">Entry saved</div>
@@ -517,6 +520,35 @@
 
     if (!colData) { location.replace('/collections.html'); }
 
+    // Entry locking — claim lock, warn if someone else is editing
+    let lockHeld = false;
+    let lockHeartbeat = null;
+    async function claimLock() {
+      if (IS_NEW) return;
+      const res = await fetch(`/api/locks/${COLLECTION}/${SLUG}`,{method:'POST',credentials:'include'}).catch(()=>null);
+      if (!res) return;
+      if (res.status === 409) {
+        const j = await res.json().catch(()=>({}));
+        const banner = document.getElementById('lock-banner');
+        document.getElementById('lock-banner-msg').textContent = `${j.by ?? 'Someone'} is currently editing this entry. Your changes may conflict.`;
+        banner.style.display = 'flex';
+        lockHeld = false;
+      } else {
+        lockHeld = true;
+      }
+    }
+    async function releaseLock() {
+      if (!lockHeld || IS_NEW) return;
+      lockHeld = false;
+      await fetch(`/api/locks/${COLLECTION}/${SLUG}`,{method:'DELETE',credentials:'include'}).catch(()=>{});
+    }
+    claimLock().then(()=>{
+      if (IS_NEW) return;
+      lockHeartbeat = setInterval(()=>fetch(`/api/locks/${COLLECTION}/${SLUG}`,{method:'POST',credentials:'include'}).catch(()=>{}), 60_000);
+    });
+    window.addEventListener('beforeunload', () => { if (lockHeld) releaseLock(); });
+    document.addEventListener('visibilitychange', () => { if (document.hidden && lockHeld) releaseLock(); });
+
     // Breadcrumb
     document.getElementById('back-to-col').textContent = colData.label;
     document.getElementById('back-to-col').href = `/entries.html?col=${COLLECTION}&label=${encodeURIComponent(colData.label)}`;

package/public/schema.html

@@ -390,9 +390,11 @@
         ${total>0?'<div class="delete-warn">Adding fields is non-destructive. Removing fields hides existing data but does not delete it.</div>':''}
         <div id="edit-field-rows" class="field-rows"></div>
         <div class="editor-actions">
-          <div style="display:flex;gap:10px;">
+          <div style="display:flex;gap:10px;flex-wrap:wrap;">
             <button class="btn btn-primary" id="btn-save-edit">Save</button>
             <button class="btn" id="btn-add-edit">+ Add field</button>
+            <button class="btn" id="btn-export-schema">↓ Export schema</button>
+            <label class="btn" style="cursor:pointer;">↑ Import schema<input type="file" id="import-schema-file" accept=".json" style="display:none"></label>
           </div>
           <button class="btn" id="btn-del-col" style="color:var(--red);border-color:var(--red);">Delete collection</button>
         </div>
@@ -401,6 +403,22 @@
       enableFieldDrag(rowsEl);
       Object.entries(schema).forEach(([k,f])=>addFieldRow(rowsEl,k,f.label??k,f.type??'string',!!f.required,(f.options??[]).join(', '),f.collection??'',f.multiple!==false));
       document.getElementById('btn-add-edit').addEventListener('click',()=>addFieldRow(rowsEl));
+      document.getElementById('btn-export-schema').addEventListener('click',()=>{
+        const blob=new Blob([JSON.stringify(serializeSchema(rowsEl),null,2)],{type:'application/json'});
+        const a=document.createElement('a'); a.href=URL.createObjectURL(blob); a.download=`${col.id}-schema.json`; a.click(); URL.revokeObjectURL(a.href);
+      });
+      document.getElementById('import-schema-file').addEventListener('change',e=>{
+        const file=e.target.files[0]; if (!file) return;
+        const reader=new FileReader();
+        reader.onload=ev=>{
+          try {
+            const s=JSON.parse(ev.target.result);
+            rowsEl.innerHTML='';
+            Object.entries(s).forEach(([k,f])=>addFieldRow(rowsEl,k,f.label??k,f.type??'string',!!f.required,(f.options??[]).join(', '),f.collection??'',f.multiple!==false));
+          } catch { alert('Invalid schema JSON'); }
+        };
+        reader.readAsText(file); e.target.value='';
+      });
       // Load existing preview URL for this collection
       fetch(`/api/meta/preview_url~${col.id}`,{credentials:'include'}).then(r=>r.json()).then(d=>{
         const inp=document.getElementById('edit-preview-url'); if(inp)inp.value=d.value??'';

package/public/settings.html

@@ -449,6 +449,42 @@
           </div>
         </div>
 
+        <div class="settings-group">
+          <div class="group-header">Email notifications</div>
+          <div class="setting-row">
+            <div><div class="setting-label">SMTP host</div><div class="setting-desc">e.g. smtp.fastmail.com, smtp.gmail.com</div></div>
+            <input class="input" name="email.smtp_host" value="${get('email.smtp_host')||''}" placeholder="smtp.example.com" />
+          </div>
+          <div class="setting-row">
+            <div><div class="setting-label">SMTP port</div><div class="setting-desc">Usually 587 (STARTTLS) or 465 (SSL)</div></div>
+            <input class="input" name="email.smtp_port" type="number" value="${get('email.smtp_port')||'587'}" placeholder="587" style="max-width:100px" />
+          </div>
+          <div class="setting-row">
+            <div><div class="setting-label">SMTP username</div></div>
+            <input class="input" name="email.smtp_user" value="${get('email.smtp_user')||''}" placeholder="you@example.com" />
+          </div>
+          <div class="setting-row">
+            <div><div class="setting-label">SMTP password</div></div>
+            <input class="input" type="password" name="email.smtp_pass" value="${get('email.smtp_pass')||''}" placeholder="••••••••" />
+          </div>
+          <div class="setting-row">
+            <div><div class="setting-label">From address</div><div class="setting-desc">Defaults to SMTP username if blank</div></div>
+            <input class="input" name="email.smtp_from" value="${get('email.smtp_from')||''}" placeholder="Orbiter &lt;noreply@example.com&gt;" />
+          </div>
+          <div class="setting-row">
+            <div><div class="setting-label">Notify to</div><div class="setting-desc">Recipient email address for notifications</div></div>
+            <input class="input" name="email.notify_to" value="${get('email.notify_to')||''}" placeholder="admin@example.com" />
+          </div>
+          <div class="setting-row">
+            <div><div class="setting-label">Notify on publish</div><div class="setting-desc">Send email when an entry is published</div></div>
+            <input type="checkbox" name="email.notify_publish" value="1" ${get('email.notify_publish')==='1'?'checked':''} style="accent-color:var(--accent);width:14px;height:14px;" />
+          </div>
+          <div class="setting-row">
+            <div><div class="setting-label">Notify on comment</div><div class="setting-desc">Send email when a new comment is posted</div></div>
+            <input type="checkbox" name="email.notify_comment" value="1" ${get('email.notify_comment')==='1'?'checked':''} style="accent-color:var(--accent);width:14px;height:14px;" />
+          </div>
+        </div>
+
         <div class="save-row">
           <button type="submit" class="btn-save">Save settings</button>
         </div>
@@ -668,9 +704,19 @@
         ['media.s3_access_key', fd.get('media.s3_access_key')],
         ['media.s3_secret_key', fd.get('media.s3_secret_key')],
         ['media.s3_public_url', fd.get('media.s3_public_url')],
-        ['api.enabled',         fd.get('api.enabled') ? '1' : '0'],
-        ['api.token',           fd.get('api.token')],
-        ['preview.token',       document.getElementById('preview-token-display').value || null],
+        ['api.enabled',              fd.get('api.enabled') ? '1' : '0'],
+        ['api.token',                fd.get('api.token')],
+        ['preview.token',            document.getElementById('preview-token-display').value || null],
+        ['media.img_max_width',      fd.get('media.img_max_width')],
+        ['media.img_quality',        fd.get('media.img_quality')],
+        ['email.smtp_host',          fd.get('email.smtp_host')],
+        ['email.smtp_port',          fd.get('email.smtp_port')],
+        ['email.smtp_user',          fd.get('email.smtp_user')],
+        ['email.smtp_pass',          fd.get('email.smtp_pass')],
+        ['email.smtp_from',          fd.get('email.smtp_from')],
+        ['email.notify_to',          fd.get('email.notify_to')],
+        ['email.notify_publish',     fd.get('email.notify_publish') ? '1' : '0'],
+        ['email.notify_comment',     fd.get('email.notify_comment') ? '1' : '0'],
       ]);
       showBanner('site-banner','banner-ok','Settings saved');
     });

package/src/email.js

@@ -0,0 +1,50 @@
+import nodemailer from 'nodemailer';
+import { openPod } from '@a83/orbiter-core';
+
+/**
+ * Send a notification email if SMTP is configured.
+ * @param {string} podPath
+ * @param {string} event   — 'publish' | 'comment'
+ * @param {object} ctx     — { collection, slug, username, body? }
+ */
+export async function sendNotification(podPath, event, ctx = {}) {
+  let db;
+  try {
+    db = openPod(podPath);
+    const shouldSend = event === 'publish'
+      ? db.getMeta('email.notify_publish') === '1'
+      : db.getMeta('email.notify_comment') === '1';
+    if (!shouldSend) { db.close(); return; }
+
+    const host = db.getMeta('email.smtp_host') ?? '';
+    const port = parseInt(db.getMeta('email.smtp_port') ?? '587', 10);
+    const user = db.getMeta('email.smtp_user') ?? '';
+    const pass = db.getMeta('email.smtp_pass') ?? '';
+    const from = db.getMeta('email.smtp_from') || user;
+    const to   = db.getMeta('email.notify_to') ?? '';
+    const site = db.getMeta('site.name') ?? 'Orbiter';
+    db.close();
+
+    if (!host || !to) return;
+
+    const transport = nodemailer.createTransport({
+      host, port,
+      secure: port === 465,
+      auth: user ? { user, pass } : undefined,
+    });
+
+    let subject, text;
+    if (event === 'publish') {
+      subject = `[${site}] Entry published: ${ctx.collection}/${ctx.slug}`;
+      text    = `${ctx.username ?? 'Someone'} just published "${ctx.slug}" in the "${ctx.collection}" collection.`;
+    } else {
+      subject = `[${site}] New comment on ${ctx.collection}/${ctx.slug}`;
+      text    = `${ctx.username ?? 'Someone'} commented on "${ctx.slug}":\n\n${ctx.body ?? ''}`;
+    }
+
+    await transport.sendMail({ from, to, subject, text });
+  } catch (e) {
+    console.warn('[email]', e.message);
+    db?.close();
+  }
+}

package/src/routes/comments.js

@@ -1,5 +1,6 @@
 import { Hono } from 'hono';
 import { openPod } from '@a83/orbiter-core';
+import { sendNotification } from '../email.js';
 
 export const commentRoutes = new Hono();
 
@@ -25,6 +26,7 @@ commentRoutes.post('/:collectionId/entries/:slug/comments', async (c) => {
   const username = c.get('user')?.username ?? 'unknown';
   const id = db.createComment(entry.id, username, body.trim());
   db.close();
+  sendNotification(c.get('podPath'), 'comment', { collection: collectionId, slug, username, body: body.trim() }).catch(()=>{});
   return c.json({ ok: true, id }, 201);
 });
 

package/src/routes/entries.js

@@ -1,5 +1,6 @@
 import { Hono } from 'hono';
 import { openPod } from '@a83/orbiter-core';
+import { sendNotification } from '../email.js';
 
 export const entryRoutes = new Hono();
 
@@ -108,6 +109,7 @@ entryRoutes.put('/:collectionId/entries/:slug', async (c) => {
 
   if (body.status === 'published' && before?.status !== 'published') {
     fireWebhook(c.get('podPath'));
+    sendNotification(c.get('podPath'), 'publish', { collection: collectionId, slug: body.slug ?? slug, username }).catch(()=>{});
   }
   return c.json(updated);
 });

package/src/routes/locks.js

@@ -0,0 +1,48 @@
+import { Hono } from 'hono';
+import { openPod } from '@a83/orbiter-core';
+
+export const lockRoutes = new Hono();
+
+const STALE_MS = 90_000; // lock expires after 90 s without refresh
+
+function lockKey(collection, slug) {
+  return `lock.${collection}.${slug}`;
+}
+
+function parseLock(val) {
+  if (!val) return null;
+  const [username, ts] = val.split('|');
+  const age = Date.now() - new Date(ts).getTime();
+  if (age > STALE_MS) return null; // stale — treat as free
+  return { username, ts };
+}
+
+// POST /api/locks/:collection/:slug — claim or refresh lock
+lockRoutes.post('/:collection/:slug', (c) => {
+  const { collection, slug } = c.req.param();
+  const username = c.get('user')?.username ?? 'unknown';
+  const db  = openPod(c.get('podPath'));
+  const key = lockKey(collection, slug);
+  const existing = parseLock(db.getMeta(key));
+
+  if (existing && existing.username !== username) {
+    db.close();
+    return c.json({ locked: true, by: existing.username }, 409);
+  }
+
+  db.setMeta(key, `${username}|${new Date().toISOString()}`);
+  db.close();
+  return c.json({ locked: false });
+});
+
+// DELETE /api/locks/:collection/:slug — release lock
+lockRoutes.delete('/:collection/:slug', (c) => {
+  const { collection, slug } = c.req.param();
+  const username = c.get('user')?.username ?? 'unknown';
+  const db  = openPod(c.get('podPath'));
+  const key = lockKey(collection, slug);
+  const existing = parseLock(db.getMeta(key));
+  if (existing && existing.username === username) db.setMeta(key, '');
+  db.close();
+  return c.json({ ok: true });
+});

package/src/routes/meta.js

@@ -15,6 +15,8 @@ const ALLOWED_KEYS = [
   'dashboard.notes', 'dashboard.todos',
   'ui.theme',
   'format_version',
+  'email.smtp_host', 'email.smtp_port', 'email.smtp_user', 'email.smtp_pass',
+  'email.smtp_from', 'email.notify_publish', 'email.notify_comment', 'email.notify_to',
 ];
 
 const PREVIEW_URL_RE = /^preview_url\.[a-z0-9_-]+$/;

package/src/server.js

@@ -23,6 +23,7 @@ import { githubRoutes }     from './routes/github.js';
 import { infoRoutes }       from './routes/info.js';
 import { importRoutes }     from './routes/import.js';
 import { commentRoutes }    from './routes/comments.js';
+import { lockRoutes }       from './routes/locks.js';
 import { requireAuth }      from './middleware/auth.js';
 
 const { version: adminVersion } = JSON.parse(
@@ -74,6 +75,7 @@ export function createApp(podPath) {
   api.route('/import',       importRoutes);
   api.route('/collections',  commentRoutes);
   api.route('/',             commentRoutes);
+  api.route('/locks',        lockRoutes);
 
   app.route('/api', api);