@actuate-media/cms-core 0.1.0 → 0.2.0

package/prisma/schema.prisma

@@ -0,0 +1,485 @@
+generator client {
+  provider        = "prisma-client"
+  output          = "../generated"
+  previewFeatures = ["fullTextSearchPostgres"]
+}
+
+datasource db {
+  provider = "postgresql"
+}
+
+// ─── Enums ──────────────────────────────────────────────────────────
+
+enum DocumentStatus {
+  DRAFT
+  PUBLISHED
+  ARCHIVED
+  SCHEDULED
+  SCHEDULED_UNPUBLISH
+}
+
+enum UserRole {
+  ADMIN
+  EDITOR
+  AUTHOR
+  CLIENT
+}
+
+enum ChangeType {
+  CREATE
+  UPDATE
+  PUBLISH
+  RESTORE
+  DELETE
+}
+
+enum AuditEvent {
+  login_success
+  login_failed
+  logout
+  password_change
+  password_reset_request
+  password_reset_complete
+  totp_enabled
+  totp_disabled
+  api_key_created
+  api_key_revoked
+  document_created
+  document_updated
+  document_published
+  document_deleted
+  media_uploaded
+  media_deleted
+  user_created
+  user_updated
+  user_deactivated
+  settings_changed
+  version_restored
+  export_requested
+  import_completed
+}
+
+enum NotificationType {
+  DOCUMENT_PUBLISHED
+  DOCUMENT_ASSIGNED
+  REVIEW_REQUESTED
+  REVIEW_APPROVED
+  COMMENT_ADDED
+  SYSTEM_ALERT
+  WORKFLOW_STEP
+}
+
+enum OrderStatus {
+  PENDING
+  CONFIRMED
+  PROCESSING
+  SHIPPED
+  DELIVERED
+  CANCELLED
+  REFUNDED
+}
+
+enum PaymentStatus {
+  PENDING
+  AUTHORIZED
+  CAPTURED
+  FAILED
+  REFUNDED
+  PARTIALLY_REFUNDED
+}
+
+enum WorkflowStage {
+  DRAFT
+  IN_REVIEW
+  APPROVED
+  PUBLISHED
+  ARCHIVED
+}
+
+enum DiscountType {
+  PERCENTAGE
+  FIXED_AMOUNT
+  FREE_SHIPPING
+}
+
+enum ProductType {
+  PHYSICAL
+  DIGITAL
+  SUBSCRIPTION
+  BUNDLE
+}
+
+// ─── Models ─────────────────────────────────────────────────────────
+
+model User {
+  id            String    @id @default(cuid())
+  email         String    @unique
+  name          String
+  avatarUrl     String?
+  role          UserRole  @default(AUTHOR)
+  passwordHash  String?
+  totpSecret    String?
+  totpEnabled   Boolean   @default(false)
+  backupCodes   Json?
+  authProvider  String?
+  isActive      Boolean   @default(true)
+  isApproved    Boolean   @default(false)
+  emailVerified Boolean   @default(false)
+  lastLoginAt   DateTime?
+  createdAt     DateTime  @default(now())
+  updatedAt     DateTime  @updatedAt
+
+  sessions          Session[]
+  oauthAccounts     OAuthAccount[]
+  apiKeys           ApiKey[]
+  documents         Document[]       @relation("CreatedDocuments")
+  updatedDocuments  Document[]       @relation("UpdatedDocuments")
+  versions          Version[]
+  media             Media[]
+  contentLocks      ContentLock[]
+  notifications     InAppNotification[]
+  contentTemplates  ContentTemplate[]
+  workflowAssigned  WorkflowState[]
+
+  @@map("actuate_users")
+}
+
+model OAuthAccount {
+  id                String   @id @default(cuid())
+  userId            String
+  provider          String
+  providerAccountId String
+  accessToken       String?
+  refreshToken      String?
+  expiresAt         DateTime?
+  createdAt         DateTime @default(now())
+
+  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
+
+  @@unique([provider, providerAccountId])
+  @@map("actuate_oauth_accounts")
+}
+
+model Session {
+  id              String    @id @default(cuid())
+  userId          String
+  token           String    @unique
+  expiresAt       DateTime
+  revokedAt       DateTime?
+  ipAddress       String?
+  userAgent       String?
+  fingerprintHash String?
+  createdAt       DateTime  @default(now())
+
+  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
+
+  @@index([userId])
+  @@index([expiresAt])
+  @@map("actuate_sessions")
+}
+
+model ApiKey {
+  id             String    @id @default(cuid())
+  name           String
+  keyHash        String    @unique
+  keyPrefix      String
+  userId         String
+  scopes         Json
+  ipRestrictions Json?
+  expiresAt      DateTime?
+  lastUsedAt     DateTime?
+  revokedAt      DateTime?
+  createdAt      DateTime  @default(now())
+
+  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
+
+  @@map("actuate_api_keys")
+}
+
+model AuditLog {
+  id        String   @id @default(cuid())
+  event     String
+  userId    String?
+  ipAddress String?
+  userAgent String?
+  details   Json?
+  timestamp DateTime @default(now())
+
+  @@index([event])
+  @@index([userId])
+  @@index([timestamp])
+  @@map("actuate_audit_logs")
+}
+
+model Folder {
+  id        String   @id @default(cuid())
+  name      String
+  scope     String
+  parentId  String?
+  position  Int      @default(0)
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+
+  parent   Folder?  @relation("FolderTree", fields: [parentId], references: [id], onDelete: Cascade)
+  children Folder[] @relation("FolderTree")
+
+  documents Document[]
+  media     Media[]
+
+  @@index([scope])
+  @@index([parentId])
+  @@map("actuate_folders")
+}
+
+model Document {
+  id                    String         @id @default(cuid())
+  collection            String
+  title                 String?
+  slug                  String?
+  data                  Json
+  status                DocumentStatus @default(DRAFT)
+  locale                String?
+  localeGroupId         String?
+  createdById           String
+  updatedById           String
+  publishedAt           DateTime?
+  scheduledAt           DateTime?
+  scheduledUnpublishAt  DateTime?
+  deletedAt             DateTime?
+  searchVector          String?
+  plainText             String?
+  contentHash           String?
+  structuredData        Json?
+  contentGraph          Json?
+  siteId                String?
+  templateId            String?
+  workflowStage         WorkflowStage  @default(DRAFT)
+  reviewerId            String?
+  reviewNote            String?
+  folderId              String?
+  createdAt             DateTime       @default(now())
+  updatedAt             DateTime       @updatedAt
+
+  createdBy    User          @relation("CreatedDocuments", fields: [createdById], references: [id])
+  updatedBy    User          @relation("UpdatedDocuments", fields: [updatedById], references: [id])
+  folder       Folder?       @relation(fields: [folderId], references: [id], onDelete: SetNull)
+  versions     Version[]
+  mediaUsages  MediaUsage[]
+  contentLocks ContentLock[]
+
+  @@unique([collection, slug])
+  @@index([collection])
+  @@index([status])
+  @@index([deletedAt])
+  @@index([publishedAt])
+  @@index([folderId])
+  @@index([scheduledAt])
+  @@index([localeGroupId])
+  @@index([createdById])
+  @@map("actuate_documents")
+}
+
+model Version {
+  id          String     @id @default(cuid())
+  documentId  String
+  data        Json
+  changedById String
+  changeType  ChangeType
+  createdAt   DateTime   @default(now())
+
+  document  Document @relation(fields: [documentId], references: [id], onDelete: Cascade)
+  changedBy User     @relation(fields: [changedById], references: [id])
+
+  @@index([documentId])
+  @@map("actuate_versions")
+}
+
+model Media {
+  id           String   @id @default(cuid())
+  filename     String
+  storageKey   String   @unique
+  mimeType     String
+  fileSize     Int
+  width        Int?
+  height       Int?
+  altText      String?
+  title        String?
+  uploadedById String
+  focalPointX  Float?
+  focalPointY  Float?
+  blurHash     String?
+  aiAltText    String?
+  aiTags       Json?
+  aiDescription String?
+  folderId     String?
+  createdAt    DateTime @default(now())
+  updatedAt    DateTime @updatedAt
+
+  uploadedBy  User         @relation(fields: [uploadedById], references: [id])
+  folder      Folder?      @relation(fields: [folderId], references: [id], onDelete: SetNull)
+  mediaUsages MediaUsage[]
+
+  @@index([folderId])
+  @@map("actuate_media")
+}
+
+model MediaUsage {
+  id         String   @id @default(cuid())
+  mediaId    String
+  documentId String
+  fieldName  String
+  createdAt  DateTime @default(now())
+
+  media    Media    @relation(fields: [mediaId], references: [id], onDelete: Cascade)
+  document Document @relation(fields: [documentId], references: [id], onDelete: Cascade)
+
+  @@unique([mediaId, documentId, fieldName])
+  @@index([documentId])
+  @@map("actuate_media_usages")
+}
+
+model ContentLock {
+  id         String   @id @default(cuid())
+  documentId String
+  userId     String
+  lockedAt   DateTime @default(now())
+  expiresAt  DateTime
+
+  document Document @relation(fields: [documentId], references: [id], onDelete: Cascade)
+  user     User     @relation(fields: [userId], references: [id])
+
+  @@map("actuate_content_locks")
+}
+
+model InAppNotification {
+  id        String   @id @default(cuid())
+  userId    String
+  type      String
+  title     String
+  message   String?
+  link      String?
+  read      Boolean  @default(false)
+  createdAt DateTime @default(now())
+
+  user User @relation(fields: [userId], references: [id], onDelete: Cascade)
+
+  @@map("actuate_notifications")
+}
+
+model ContentTemplate {
+  id           String   @id @default(cuid())
+  name         String
+  collection   String
+  templateData Json
+  createdById  String
+  createdAt    DateTime @default(now())
+  updatedAt    DateTime @updatedAt
+
+  createdBy User @relation(fields: [createdById], references: [id])
+
+  @@map("actuate_content_templates")
+}
+
+model Site {
+  id              String   @id @default(cuid())
+  domain          String   @unique
+  name            String
+  configOverrides Json?
+  isDefault       Boolean  @default(false)
+  createdAt       DateTime @default(now())
+  updatedAt       DateTime @updatedAt
+
+  @@map("actuate_sites")
+}
+
+model WorkflowState {
+  id           String   @id @default(cuid())
+  documentId   String   @unique
+  currentStep  Int      @default(0)
+  assignedToId String?
+  status       String   @default("pending")
+  definition   Json
+  createdAt    DateTime @default(now())
+  updatedAt    DateTime @updatedAt
+
+  assignedTo User? @relation(fields: [assignedToId], references: [id])
+
+  @@map("actuate_workflow_states")
+}
+
+model Redirect {
+  id          String   @id @default(cuid())
+  source      String
+  destination String
+  statusCode  Int      @default(301)
+  isRegex     Boolean  @default(false)
+  notes       String?
+  createdAt   DateTime @default(now())
+  updatedAt   DateTime @updatedAt
+
+  @@unique([source])
+  @@map("actuate_redirects")
+}
+
+model FormSubmission {
+  id          String   @id @default(cuid())
+  formId      String
+  data        Json
+  attribution Json?
+  status      String   @default("new")
+  submittedAt DateTime @default(now())
+  createdAt   DateTime @default(now())
+
+  @@index([formId])
+  @@index([status])
+  @@map("actuate_form_submissions")
+}
+
+model BackupRecord {
+  id         String   @id @default(cuid())
+  filename   String
+  storageKey String
+  sizeBytes  Int
+  type       String
+  metadata   Json?
+  createdAt  DateTime @default(now())
+
+  @@map("actuate_backup_records")
+}
+
+model WebhookEndpoint {
+  id        String   @id @default(cuid())
+  url       String
+  events    Json
+  secret    String
+  active    Boolean  @default(true)
+  name      String?
+  createdAt DateTime @default(now())
+  updatedAt DateTime @updatedAt
+
+  deliveries WebhookDeliveryLog[]
+
+  @@map("actuate_webhook_endpoints")
+}
+
+model WebhookDeliveryLog {
+  id             String   @id @default(cuid())
+  endpointId     String
+  event          String
+  payload        Json
+  status         String   @default("pending")
+  attempts       Int      @default(0)
+  maxAttempts    Int      @default(3)
+  lastAttemptAt  DateTime?
+  nextRetryAt    DateTime?
+  responseStatus Int?
+  responseBody   String?
+  createdAt      DateTime @default(now())
+
+  endpoint WebhookEndpoint @relation(fields: [endpointId], references: [id], onDelete: Cascade)
+
+  @@index([endpointId])
+  @@index([status])
+  @@index([nextRetryAt])
+  @@map("actuate_webhook_deliveries")
+}

package/prisma/seed.ts

@@ -0,0 +1,82 @@
+/**
+ * Seed script for Actuate CMS.
+ *
+ * Reads credentials from environment variables (never hardcoded):
+ *   CMS_ADMIN_EMAIL, CMS_ADMIN_PASSWORD, CMS_ADMIN_NAME
+ *
+ * Usage:
+ *   cd packages/cms-core
+ *   pnpm tsx prisma/seed.ts
+ *
+ * Requires DATABASE_URL + CMS_ADMIN_* vars in environment or .env file.
+ */
+
+import 'dotenv/config';
+import pg from 'pg';
+import { PrismaPg } from '@prisma/adapter-pg';
+import { PrismaClient } from '../generated/client.js';
+
+async function main() {
+  const email = process.env.CMS_ADMIN_EMAIL;
+  const password = process.env.CMS_ADMIN_PASSWORD;
+  const name = process.env.CMS_ADMIN_NAME ?? 'Admin';
+
+  if (!email || !password) {
+    console.error('Set CMS_ADMIN_EMAIL and CMS_ADMIN_PASSWORD in your .env file');
+    process.exit(1);
+  }
+
+  const pool = new pg.Pool({ connectionString: process.env.DATABASE_URL });
+  const adapter = new PrismaPg(pool);
+  const prisma = new PrismaClient({ adapter });
+
+  try {
+    const existingCount = await prisma.user.count();
+    if (existingCount > 0) {
+      console.log(`Skipping seed — ${existingCount} user(s) already exist.`);
+      return;
+    }
+
+    const salt = crypto.getRandomValues(new Uint8Array(16));
+    const key = await crypto.subtle.importKey(
+      'raw',
+      new TextEncoder().encode(password),
+      'PBKDF2',
+      false,
+      ['deriveBits'],
+    );
+    const derived = await crypto.subtle.deriveBits(
+      { name: 'PBKDF2', salt, iterations: 100_000, hash: 'SHA-256' },
+      key,
+      256,
+    );
+    const saltHex = Buffer.from(salt).toString('hex');
+    const hashHex = Buffer.from(derived).toString('hex');
+    const passwordHash = `pbkdf2:100000:${saltHex}:${hashHex}`;
+
+    const user = await prisma.user.create({
+      data: {
+        email: email.toLowerCase().trim(),
+        name,
+        passwordHash,
+        role: 'ADMIN',
+        isActive: true,
+        isApproved: true,
+        emailVerified: true,
+      },
+    });
+
+    console.log(`Seeded admin user:`);
+    console.log(`  Email: ${email}`);
+    console.log(`  Role:  ADMIN`);
+    console.log(`  ID:    ${user.id}`);
+  } finally {
+    await prisma.$disconnect();
+    await pool.end();
+  }
+}
+
+main().catch((err) => {
+  console.error('Seed failed:', err);
+  process.exit(1);
+});