@actuate-media/cms-core 0.1.0 → 0.2.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/dist/__tests__/actions/document-crud.test.js +1 -1
- package/dist/__tests__/actions/document-crud.test.js.map +1 -1
- package/dist/__tests__/scheduling/scheduling.test.js +1 -1
- package/dist/__tests__/scheduling/scheduling.test.js.map +1 -1
- package/dist/__tests__/security/access.test.js +1 -1
- package/dist/__tests__/security/access.test.js.map +1 -1
- package/dist/__tests__/security/reauth.test.js +1 -1
- package/dist/__tests__/security/reauth.test.js.map +1 -1
- package/dist/__tests__/security/sanitize.test.js +1 -1
- package/dist/__tests__/security/sanitize.test.js.map +1 -1
- package/dist/__tests__/webhooks/webhooks.test.js +2 -2
- package/dist/__tests__/webhooks/webhooks.test.js.map +1 -1
- package/dist/actions.js +4 -4
- package/dist/actions.js.map +1 -1
- package/dist/api/handler-factory.d.ts.map +1 -1
- package/dist/api/handler-factory.js +26 -7
- package/dist/api/handler-factory.js.map +1 -1
- package/dist/api/handlers.d.ts +1 -1
- package/dist/api/handlers.d.ts.map +1 -1
- package/dist/api/handlers.js +339 -75
- package/dist/api/handlers.js.map +1 -1
- package/dist/api/index.d.ts +3 -3
- package/dist/api/index.d.ts.map +1 -1
- package/dist/api/index.js +2 -2
- package/dist/api/index.js.map +1 -1
- package/dist/auth/index.d.ts +10 -10
- package/dist/auth/index.d.ts.map +1 -1
- package/dist/auth/index.js +8 -8
- package/dist/auth/index.js.map +1 -1
- package/dist/auth/oauth.d.ts +1 -1
- package/dist/auth/oauth.d.ts.map +1 -1
- package/dist/auth/oauth.js +1 -1
- package/dist/auth/oauth.js.map +1 -1
- package/dist/auth/password.d.ts +2 -2
- package/dist/auth/password.d.ts.map +1 -1
- package/dist/auth/password.js +1 -1
- package/dist/auth/password.js.map +1 -1
- package/dist/auth/providers/github.d.ts +1 -1
- package/dist/auth/providers/github.d.ts.map +1 -1
- package/dist/auth/providers/google.d.ts +1 -1
- package/dist/auth/providers/google.d.ts.map +1 -1
- package/dist/auth/providers/microsoft.d.ts +1 -1
- package/dist/auth/providers/microsoft.d.ts.map +1 -1
- package/dist/cache/index.d.ts +1 -1
- package/dist/cache/index.d.ts.map +1 -1
- package/dist/codegen/index.d.ts.map +1 -1
- package/dist/codegen/index.js +2 -2
- package/dist/codegen/index.js.map +1 -1
- package/dist/collections/index.d.ts +1 -1
- package/dist/collections/index.d.ts.map +1 -1
- package/dist/config/define.d.ts +8 -0
- package/dist/config/define.d.ts.map +1 -0
- package/dist/config/define.js +7 -0
- package/dist/config/define.js.map +1 -0
- package/dist/config/index.d.ts +3 -3
- package/dist/config/index.d.ts.map +1 -1
- package/dist/config/index.js +1 -1
- package/dist/config/index.js.map +1 -1
- package/dist/config/types.d.ts +25 -3
- package/dist/config/types.d.ts.map +1 -1
- package/dist/content/index.d.ts +7 -7
- package/dist/content/index.d.ts.map +1 -1
- package/dist/content/index.js +4 -4
- package/dist/content/index.js.map +1 -1
- package/dist/db/adapters/mysql.js +1 -1
- package/dist/db/adapters/mysql.js.map +1 -1
- package/dist/db/adapters/postgres.js +1 -1
- package/dist/db/adapters/postgres.js.map +1 -1
- package/dist/db/adapters/sqlite.js +1 -1
- package/dist/db/adapters/sqlite.js.map +1 -1
- package/dist/fields/index.d.ts +1 -1
- package/dist/fields/index.d.ts.map +1 -1
- package/dist/forms/index.d.ts +4 -4
- package/dist/forms/index.d.ts.map +1 -1
- package/dist/forms/index.js +2 -2
- package/dist/forms/index.js.map +1 -1
- package/dist/graphql/index.d.ts +1 -1
- package/dist/graphql/index.d.ts.map +1 -1
- package/dist/graphql/index.js +4 -4
- package/dist/graphql/index.js.map +1 -1
- package/dist/i18n/index.d.ts +1 -1
- package/dist/i18n/index.d.ts.map +1 -1
- package/dist/index.d.ts +72 -72
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +40 -40
- package/dist/index.js.map +1 -1
- package/dist/media/index.d.ts +2 -2
- package/dist/media/index.d.ts.map +1 -1
- package/dist/media/index.js +1 -1
- package/dist/media/index.js.map +1 -1
- package/dist/middleware.d.ts +10 -2
- package/dist/middleware.d.ts.map +1 -1
- package/dist/middleware.js +1 -1
- package/dist/middleware.js.map +1 -1
- package/dist/next/preview.js +1 -1
- package/dist/next/preview.js.map +1 -1
- package/dist/next.d.ts +2 -2
- package/dist/next.d.ts.map +1 -1
- package/dist/next.js +33 -1
- package/dist/next.js.map +1 -1
- package/dist/search/index.js +1 -1
- package/dist/search/index.js.map +1 -1
- package/dist/security/access.d.ts +1 -1
- package/dist/security/access.d.ts.map +1 -1
- package/dist/security/audit.js +2 -2
- package/dist/security/audit.js.map +1 -1
- package/dist/security/captcha.d.ts +32 -0
- package/dist/security/captcha.d.ts.map +1 -0
- package/dist/security/captcha.js +101 -0
- package/dist/security/captcha.js.map +1 -0
- package/dist/security/index.d.ts +32 -30
- package/dist/security/index.d.ts.map +1 -1
- package/dist/security/index.js +20 -19
- package/dist/security/index.js.map +1 -1
- package/dist/security/middleware.d.ts +2 -2
- package/dist/security/middleware.d.ts.map +1 -1
- package/dist/security/middleware.js +2 -2
- package/dist/security/middleware.js.map +1 -1
- package/dist/security/reauth.js +2 -2
- package/dist/security/reauth.js.map +1 -1
- package/dist/seo/index.d.ts +8 -8
- package/dist/seo/index.d.ts.map +1 -1
- package/dist/seo/index.js +4 -4
- package/dist/seo/index.js.map +1 -1
- package/dist/setup/index.js +1 -1
- package/dist/setup/index.js.map +1 -1
- package/dist/upgrade/index.d.ts +6 -6
- package/dist/upgrade/index.d.ts.map +1 -1
- package/dist/upgrade/index.js +3 -3
- package/dist/upgrade/index.js.map +1 -1
- package/dist/upgrade/upgrade-pr.d.ts +1 -1
- package/dist/upgrade/upgrade-pr.d.ts.map +1 -1
- package/dist/upgrade/upgrade-pr.js +107 -17
- package/dist/upgrade/upgrade-pr.js.map +1 -1
- package/dist/upgrade/version-check.d.ts +10 -2
- package/dist/upgrade/version-check.d.ts.map +1 -1
- package/dist/upgrade/version-check.js +57 -11
- package/dist/upgrade/version-check.js.map +1 -1
- package/dist/webhooks/index.js +2 -2
- package/dist/webhooks/index.js.map +1 -1
- package/dist/workflow/index.js +1 -1
- package/dist/workflow/index.js.map +1 -1
- package/package.json +21 -13
- package/prisma/cms-schema.prisma +237 -0
- package/prisma/migrations/0001_init/migration.sql +384 -0
- package/prisma/migrations/0002_folders/migration.sql +39 -0
- package/prisma/migrations/0003_search_and_webhooks/migration.sql +50 -0
- package/prisma/migrations/migration_lock.toml +3 -0
- package/prisma/schema.prisma +485 -0
- package/prisma/seed.ts +82 -0
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../src/security/audit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"audit.js","sourceRoot":"","sources":["../../src/security/audit.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,KAAK,EAAE,MAAM,UAAU,CAAC;AAyBjC,iCAAiC;AACjC,MAAM,CAAC,KAAK,UAAU,QAAQ,CAAC,KAM9B;IACC,IAAI,CAAC;QACH,MAAM,EAAE,GAAG,KAAK,EAAO,CAAC;QACxB,MAAM,EAAE,CAAC,QAAQ,CAAC,MAAM,CAAC;YACvB,IAAI,EAAE;gBACJ,KAAK,EAAE,KAAK,CAAC,KAAK;gBAClB,MAAM,EAAE,KAAK,CAAC,MAAM,IAAI,IAAI;gBAC5B,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,IAAI;gBAClC,SAAS,EAAE,KAAK,CAAC,SAAS,IAAI,IAAI;gBAClC,OAAO,EAAE,KAAK,CAAC,OAAO,IAAI,EAAE;aAC7B;SACF,CAAC,CAAC;IACL,CAAC;IAAC,MAAM,CAAC;QACP,qEAAqE;IACvE,CAAC;AACH,CAAC;AAED,2DAA2D;AAC3D,MAAM,CAAC,KAAK,UAAU,WAAW,CAAC,UAK9B,EAAE;IACJ,MAAM,EAAE,GAAG,KAAK,EAAO,CAAC;IACxB,MAAM,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,GAAG,CAAC,EAAE,QAAQ,GAAG,EAAE,EAAE,GAAG,OAAO,CAAC;IAE3D,MAAM,KAAK,GAAQ,EAAE,CAAC;IACtB,IAAI,MAAM;QAAE,KAAK,CAAC,MAAM,GAAG,MAAM,CAAC;IAClC,IAAI,KAAK;QAAE,KAAK,CAAC,KAAK,GAAG,KAAK,CAAC;IAE/B,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QACzC,EAAE,CAAC,QAAQ,CAAC,QAAQ,CAAC;YACnB,KAAK;YACL,OAAO,EAAE,EAAE,SAAS,EAAE,MAAM,EAAE;YAC9B,IAAI,EAAE,CAAC,IAAI,GAAG,CAAC,CAAC,GAAG,QAAQ;YAC3B,IAAI,EAAE,QAAQ;SACf,CAAC;QACF,EAAE,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,CAAC;KAC7B,CAAC,CAAC;IAEH,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;AAC5B,CAAC"}
|
|
@@ -0,0 +1,32 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Server-side CAPTCHA verification for reCAPTCHA v3 and Cloudflare Turnstile.
|
|
3
|
+
* Both providers share the same verify interface — only the secret key and
|
|
4
|
+
* verification URL differ.
|
|
5
|
+
*/
|
|
6
|
+
export type CaptchaProvider = 'recaptcha' | 'turnstile' | 'none';
|
|
7
|
+
export interface CaptchaConfig {
|
|
8
|
+
provider: CaptchaProvider;
|
|
9
|
+
/** Public site key (safe to expose to client) */
|
|
10
|
+
siteKey: string;
|
|
11
|
+
/** Server-side secret key (from env) */
|
|
12
|
+
secretKey: string;
|
|
13
|
+
/** Minimum score threshold for reCAPTCHA v3 (0.0–1.0, default 0.5). Ignored by Turnstile. */
|
|
14
|
+
scoreThreshold?: number;
|
|
15
|
+
}
|
|
16
|
+
export interface CaptchaVerifyResult {
|
|
17
|
+
success: boolean;
|
|
18
|
+
score?: number;
|
|
19
|
+
action?: string;
|
|
20
|
+
errorCodes?: string[];
|
|
21
|
+
}
|
|
22
|
+
/**
|
|
23
|
+
* Verifies a CAPTCHA token server-side.
|
|
24
|
+
* Works for both reCAPTCHA v3 and Cloudflare Turnstile.
|
|
25
|
+
*/
|
|
26
|
+
export declare function verifyCaptcha(token: string, config: CaptchaConfig, remoteIp?: string): Promise<CaptchaVerifyResult>;
|
|
27
|
+
/**
|
|
28
|
+
* Resolves CAPTCHA config from environment variables.
|
|
29
|
+
* Returns { provider: 'none' } if no keys are configured.
|
|
30
|
+
*/
|
|
31
|
+
export declare function getCaptchaConfig(): CaptchaConfig;
|
|
32
|
+
//# sourceMappingURL=captcha.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"captcha.d.ts","sourceRoot":"","sources":["../../src/security/captcha.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,MAAM,MAAM,eAAe,GAAG,WAAW,GAAG,WAAW,GAAG,MAAM,CAAC;AAEjE,MAAM,WAAW,aAAa;IAC5B,QAAQ,EAAE,eAAe,CAAC;IAC1B,iDAAiD;IACjD,OAAO,EAAE,MAAM,CAAC;IAChB,wCAAwC;IACxC,SAAS,EAAE,MAAM,CAAC;IAClB,6FAA6F;IAC7F,cAAc,CAAC,EAAE,MAAM,CAAC;CACzB;AAED,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,OAAO,CAAC;IACjB,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,EAAE,CAAC;CACvB;AAOD;;;GAGG;AACH,wBAAsB,aAAa,CACjC,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,aAAa,EACrB,QAAQ,CAAC,EAAE,MAAM,GAChB,OAAO,CAAC,mBAAmB,CAAC,CAyE9B;AAED;;;GAGG;AACH,wBAAgB,gBAAgB,IAAI,aAAa,CAyBhD"}
|
|
@@ -0,0 +1,101 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Server-side CAPTCHA verification for reCAPTCHA v3 and Cloudflare Turnstile.
|
|
3
|
+
* Both providers share the same verify interface — only the secret key and
|
|
4
|
+
* verification URL differ.
|
|
5
|
+
*/
|
|
6
|
+
const VERIFY_URLS = {
|
|
7
|
+
recaptcha: 'https://www.google.com/recaptcha/api/siteverify',
|
|
8
|
+
turnstile: 'https://challenges.cloudflare.com/turnstile/v0/siteverify',
|
|
9
|
+
};
|
|
10
|
+
/**
|
|
11
|
+
* Verifies a CAPTCHA token server-side.
|
|
12
|
+
* Works for both reCAPTCHA v3 and Cloudflare Turnstile.
|
|
13
|
+
*/
|
|
14
|
+
export async function verifyCaptcha(token, config, remoteIp) {
|
|
15
|
+
if (config.provider === 'none') {
|
|
16
|
+
return { success: true };
|
|
17
|
+
}
|
|
18
|
+
if (!token) {
|
|
19
|
+
return { success: false, errorCodes: ['missing-input-response'] };
|
|
20
|
+
}
|
|
21
|
+
const verifyUrl = VERIFY_URLS[config.provider];
|
|
22
|
+
if (!verifyUrl) {
|
|
23
|
+
return { success: false, errorCodes: [`unknown-provider:${config.provider}`] };
|
|
24
|
+
}
|
|
25
|
+
const params = new URLSearchParams({
|
|
26
|
+
secret: config.secretKey,
|
|
27
|
+
response: token,
|
|
28
|
+
});
|
|
29
|
+
if (remoteIp) {
|
|
30
|
+
params.set('remoteip', remoteIp);
|
|
31
|
+
}
|
|
32
|
+
try {
|
|
33
|
+
const res = await fetch(verifyUrl, {
|
|
34
|
+
method: 'POST',
|
|
35
|
+
headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
|
|
36
|
+
body: params.toString(),
|
|
37
|
+
});
|
|
38
|
+
if (!res.ok) {
|
|
39
|
+
return { success: false, errorCodes: [`http-error:${res.status}`] };
|
|
40
|
+
}
|
|
41
|
+
const data = (await res.json());
|
|
42
|
+
if (!data.success) {
|
|
43
|
+
return {
|
|
44
|
+
success: false,
|
|
45
|
+
score: data.score,
|
|
46
|
+
action: data.action,
|
|
47
|
+
errorCodes: data['error-codes'] ?? [],
|
|
48
|
+
};
|
|
49
|
+
}
|
|
50
|
+
// reCAPTCHA v3 returns a score; enforce the threshold
|
|
51
|
+
if (config.provider === 'recaptcha' && typeof data.score === 'number') {
|
|
52
|
+
const threshold = config.scoreThreshold ?? 0.5;
|
|
53
|
+
if (data.score < threshold) {
|
|
54
|
+
return {
|
|
55
|
+
success: false,
|
|
56
|
+
score: data.score,
|
|
57
|
+
action: data.action,
|
|
58
|
+
errorCodes: ['score-below-threshold'],
|
|
59
|
+
};
|
|
60
|
+
}
|
|
61
|
+
}
|
|
62
|
+
return {
|
|
63
|
+
success: true,
|
|
64
|
+
score: data.score,
|
|
65
|
+
action: data.action,
|
|
66
|
+
};
|
|
67
|
+
}
|
|
68
|
+
catch (err) {
|
|
69
|
+
return {
|
|
70
|
+
success: false,
|
|
71
|
+
errorCodes: ['network-error'],
|
|
72
|
+
};
|
|
73
|
+
}
|
|
74
|
+
}
|
|
75
|
+
/**
|
|
76
|
+
* Resolves CAPTCHA config from environment variables.
|
|
77
|
+
* Returns { provider: 'none' } if no keys are configured.
|
|
78
|
+
*/
|
|
79
|
+
export function getCaptchaConfig() {
|
|
80
|
+
const recaptchaSiteKey = process.env.RECAPTCHA_SITE_KEY;
|
|
81
|
+
const recaptchaSecret = process.env.RECAPTCHA_SECRET_KEY;
|
|
82
|
+
if (recaptchaSiteKey && recaptchaSecret) {
|
|
83
|
+
return {
|
|
84
|
+
provider: 'recaptcha',
|
|
85
|
+
siteKey: recaptchaSiteKey,
|
|
86
|
+
secretKey: recaptchaSecret,
|
|
87
|
+
scoreThreshold: parseFloat(process.env.RECAPTCHA_SCORE_THRESHOLD ?? '0.5'),
|
|
88
|
+
};
|
|
89
|
+
}
|
|
90
|
+
const turnstileSiteKey = process.env.TURNSTILE_SITE_KEY;
|
|
91
|
+
const turnstileSecret = process.env.TURNSTILE_SECRET_KEY;
|
|
92
|
+
if (turnstileSiteKey && turnstileSecret) {
|
|
93
|
+
return {
|
|
94
|
+
provider: 'turnstile',
|
|
95
|
+
siteKey: turnstileSiteKey,
|
|
96
|
+
secretKey: turnstileSecret,
|
|
97
|
+
};
|
|
98
|
+
}
|
|
99
|
+
return { provider: 'none', siteKey: '', secretKey: '' };
|
|
100
|
+
}
|
|
101
|
+
//# sourceMappingURL=captcha.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"captcha.js","sourceRoot":"","sources":["../../src/security/captcha.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAqBH,MAAM,WAAW,GAA2B;IAC1C,SAAS,EAAE,iDAAiD;IAC5D,SAAS,EAAE,2DAA2D;CACvE,CAAC;AAEF;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CACjC,KAAa,EACb,MAAqB,EACrB,QAAiB;IAEjB,IAAI,MAAM,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;QAC/B,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;IAC3B,CAAC;IAED,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,wBAAwB,CAAC,EAAE,CAAC;IACpE,CAAC;IAED,MAAM,SAAS,GAAG,WAAW,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC;IAC/C,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,oBAAoB,MAAM,CAAC,QAAQ,EAAE,CAAC,EAAE,CAAC;IACjF,CAAC;IAED,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QACjC,MAAM,EAAE,MAAM,CAAC,SAAS;QACxB,QAAQ,EAAE,KAAK;KAChB,CAAC,CAAC;IACH,IAAI,QAAQ,EAAE,CAAC;QACb,MAAM,CAAC,GAAG,CAAC,UAAU,EAAE,QAAQ,CAAC,CAAC;IACnC,CAAC;IAED,IAAI,CAAC;QACH,MAAM,GAAG,GAAG,MAAM,KAAK,CAAC,SAAS,EAAE;YACjC,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;YAChE,IAAI,EAAE,MAAM,CAAC,QAAQ,EAAE;SACxB,CAAC,CAAC;QAEH,IAAI,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC;YACZ,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,UAAU,EAAE,CAAC,cAAc,GAAG,CAAC,MAAM,EAAE,CAAC,EAAE,CAAC;QACtE,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,GAAG,CAAC,IAAI,EAAE,CAK7B,CAAC;QAEF,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,CAAC;YAClB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,IAAI,CAAC,KAAK;gBACjB,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,UAAU,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI,EAAE;aACtC,CAAC;QACJ,CAAC;QAED,sDAAsD;QACtD,IAAI,MAAM,CAAC,QAAQ,KAAK,WAAW,IAAI,OAAO,IAAI,CAAC,KAAK,KAAK,QAAQ,EAAE,CAAC;YACtE,MAAM,SAAS,GAAG,MAAM,CAAC,cAAc,IAAI,GAAG,CAAC;YAC/C,IAAI,IAAI,CAAC,KAAK,GAAG,SAAS,EAAE,CAAC;gBAC3B,OAAO;oBACL,OAAO,EAAE,KAAK;oBACd,KAAK,EAAE,IAAI,CAAC,KAAK;oBACjB,MAAM,EAAE,IAAI,CAAC,MAAM;oBACnB,UAAU,EAAE,CAAC,uBAAuB,CAAC;iBACtC,CAAC;YACJ,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,IAAI;YACb,KAAK,EAAE,IAAI,CAAC,KAAK;YACjB,MAAM,EAAE,IAAI,CAAC,MAAM;SACpB,CAAC;IACJ,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,OAAO;YACL,OAAO,EAAE,KAAK;YACd,UAAU,EAAE,CAAC,eAAe,CAAC;SAC9B,CAAC;IACJ,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,gBAAgB;IAC9B,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;IACxD,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;IAEzD,IAAI,gBAAgB,IAAI,eAAe,EAAE,CAAC;QACxC,OAAO;YACL,QAAQ,EAAE,WAAW;YACrB,OAAO,EAAE,gBAAgB;YACzB,SAAS,EAAE,eAAe;YAC1B,cAAc,EAAE,UAAU,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB,IAAI,KAAK,CAAC;SAC3E,CAAC;IACJ,CAAC;IAED,MAAM,gBAAgB,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;IACxD,MAAM,eAAe,GAAG,OAAO,CAAC,GAAG,CAAC,oBAAoB,CAAC;IAEzD,IAAI,gBAAgB,IAAI,eAAe,EAAE,CAAC;QACxC,OAAO;YACL,QAAQ,EAAE,WAAW;YACrB,OAAO,EAAE,gBAAgB;YACzB,SAAS,EAAE,eAAe;SAC3B,CAAC;IACJ,CAAC;IAED,OAAO,EAAE,QAAQ,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,EAAE,SAAS,EAAE,EAAE,EAAE,CAAC;AAC1D,CAAC"}
|
package/dist/security/index.d.ts
CHANGED
|
@@ -1,31 +1,33 @@
|
|
|
1
|
-
export { checkAccess, getPermissionsForRole, filterFieldsByRole, filterWritableFields, applyFieldAccess } from "./access";
|
|
2
|
-
export type { Role, Permission, FieldAccessUser } from "./access";
|
|
3
|
-
export { generateToken as generateCsrfToken, validateToken as validateCsrfToken } from "./csrf";
|
|
4
|
-
export { createRateLimiter } from "./rate-limit";
|
|
5
|
-
export type { RateLimiter, RateLimitConfig, RateLimitResult } from "./rate-limit";
|
|
6
|
-
export { sanitizeHtml, stripHtml } from "./sanitize";
|
|
7
|
-
export { validateMimeType, checkMagicBytes } from "./upload";
|
|
8
|
-
export { validateWebhookUrl, resolveAndCheck } from "./webhook";
|
|
9
|
-
export { logEvent, getAuditLog } from "./audit";
|
|
10
|
-
export type { AuditEntry, AuditLogQuery, AuditLogResult } from "./audit";
|
|
11
|
-
export { getSecurityHeaders } from "./headers";
|
|
12
|
-
export type { SecurityHeadersConfig } from "./headers";
|
|
13
|
-
export { applySecurityMiddleware } from "./middleware";
|
|
14
|
-
export type { SecurityMiddlewareConfig, SecurityMiddlewareResult } from "./middleware";
|
|
15
|
-
export { checkBreached } from "./breach-check";
|
|
16
|
-
export { detectLoginAnomaly, checkBruteForce } from "./anomaly-detection";
|
|
17
|
-
export type { LoginAttempt, AnomalyResult } from "./anomaly-detection";
|
|
18
|
-
export { requiresReauth, verifyReauth } from "./reauth";
|
|
19
|
-
export type { ReauthConfig, ReauthContext } from "./reauth";
|
|
20
|
-
export { isIpAllowed } from "./ip-allowlist";
|
|
21
|
-
export { enforceSessionLimits } from "./session-limits";
|
|
22
|
-
export type { SessionInfo, SessionLimitConfig } from "./session-limits";
|
|
23
|
-
export { encryptField, decryptField } from "./encrypted-fields";
|
|
24
|
-
export { getCorsHeaders } from "./cors";
|
|
25
|
-
export type { CorsConfig } from "./cors";
|
|
26
|
-
export { generateCspNonce, buildCspHeader } from "./csp-nonces";
|
|
27
|
-
export { generateSecurityTxt } from "./security-txt";
|
|
28
|
-
export type { SecurityTxtConfig } from "./security-txt";
|
|
29
|
-
export { generateApiKey, validateApiKeyScope } from "./api-key-enhanced";
|
|
30
|
-
export type { ApiKeyScope, EnhancedApiKeyConfig } from "./api-key-enhanced";
|
|
1
|
+
export { checkAccess, getPermissionsForRole, filterFieldsByRole, filterWritableFields, applyFieldAccess } from "./access.js";
|
|
2
|
+
export type { Role, Permission, FieldAccessUser } from "./access.js";
|
|
3
|
+
export { generateToken as generateCsrfToken, validateToken as validateCsrfToken } from "./csrf.js";
|
|
4
|
+
export { createRateLimiter } from "./rate-limit.js";
|
|
5
|
+
export type { RateLimiter, RateLimitConfig, RateLimitResult } from "./rate-limit.js";
|
|
6
|
+
export { sanitizeHtml, stripHtml } from "./sanitize.js";
|
|
7
|
+
export { validateMimeType, checkMagicBytes } from "./upload.js";
|
|
8
|
+
export { validateWebhookUrl, resolveAndCheck } from "./webhook.js";
|
|
9
|
+
export { logEvent, getAuditLog } from "./audit.js";
|
|
10
|
+
export type { AuditEntry, AuditLogQuery, AuditLogResult } from "./audit.js";
|
|
11
|
+
export { getSecurityHeaders } from "./headers.js";
|
|
12
|
+
export type { SecurityHeadersConfig } from "./headers.js";
|
|
13
|
+
export { applySecurityMiddleware } from "./middleware.js";
|
|
14
|
+
export type { SecurityMiddlewareConfig, SecurityMiddlewareResult } from "./middleware.js";
|
|
15
|
+
export { checkBreached } from "./breach-check.js";
|
|
16
|
+
export { detectLoginAnomaly, checkBruteForce } from "./anomaly-detection.js";
|
|
17
|
+
export type { LoginAttempt, AnomalyResult } from "./anomaly-detection.js";
|
|
18
|
+
export { requiresReauth, verifyReauth } from "./reauth.js";
|
|
19
|
+
export type { ReauthConfig, ReauthContext } from "./reauth.js";
|
|
20
|
+
export { isIpAllowed } from "./ip-allowlist.js";
|
|
21
|
+
export { enforceSessionLimits } from "./session-limits.js";
|
|
22
|
+
export type { SessionInfo, SessionLimitConfig } from "./session-limits.js";
|
|
23
|
+
export { encryptField, decryptField } from "./encrypted-fields.js";
|
|
24
|
+
export { getCorsHeaders } from "./cors.js";
|
|
25
|
+
export type { CorsConfig } from "./cors.js";
|
|
26
|
+
export { generateCspNonce, buildCspHeader } from "./csp-nonces.js";
|
|
27
|
+
export { generateSecurityTxt } from "./security-txt.js";
|
|
28
|
+
export type { SecurityTxtConfig } from "./security-txt.js";
|
|
29
|
+
export { generateApiKey, validateApiKeyScope } from "./api-key-enhanced.js";
|
|
30
|
+
export type { ApiKeyScope, EnhancedApiKeyConfig } from "./api-key-enhanced.js";
|
|
31
|
+
export { verifyCaptcha, getCaptchaConfig } from "./captcha.js";
|
|
32
|
+
export type { CaptchaConfig, CaptchaProvider, CaptchaVerifyResult } from "./captcha.js";
|
|
31
33
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,qBAAqB,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,qBAAqB,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAC7H,YAAY,EAAE,IAAI,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAErE,OAAO,EAAE,aAAa,IAAI,iBAAiB,EAAE,aAAa,IAAI,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAEnG,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AACpD,YAAY,EAAE,WAAW,EAAE,eAAe,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAErF,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAExD,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEhE,OAAO,EAAE,kBAAkB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAEnE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AACnD,YAAY,EAAE,UAAU,EAAE,aAAa,EAAE,cAAc,EAAE,MAAM,YAAY,CAAC;AAE5E,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAClD,YAAY,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AAE1D,OAAO,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AAC1D,YAAY,EAAE,wBAAwB,EAAE,wBAAwB,EAAE,MAAM,iBAAiB,CAAC;AAE1F,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAElD,OAAO,EAAE,kBAAkB,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAC7E,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,wBAAwB,CAAC;AAE1E,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAC3D,YAAY,EAAE,YAAY,EAAE,aAAa,EAAE,MAAM,aAAa,CAAC;AAE/D,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAC3D,YAAY,EAAE,WAAW,EAAE,kBAAkB,EAAE,MAAM,qBAAqB,CAAC;AAE3E,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAEnE,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAC3C,YAAY,EAAE,UAAU,EAAE,MAAM,WAAW,CAAC;AAE5C,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAEnE,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AACxD,YAAY,EAAE,iBAAiB,EAAE,MAAM,mBAAmB,CAAC;AAE3D,OAAO,EAAE,cAAc,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAC5E,YAAY,EAAE,WAAW,EAAE,oBAAoB,EAAE,MAAM,uBAAuB,CAAC;AAE/E,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC;AAC/D,YAAY,EAAE,aAAa,EAAE,eAAe,EAAE,mBAAmB,EAAE,MAAM,cAAc,CAAC"}
|
package/dist/security/index.js
CHANGED
|
@@ -1,20 +1,21 @@
|
|
|
1
|
-
export { checkAccess, getPermissionsForRole, filterFieldsByRole, filterWritableFields, applyFieldAccess } from "./access";
|
|
2
|
-
export { generateToken as generateCsrfToken, validateToken as validateCsrfToken } from "./csrf";
|
|
3
|
-
export { createRateLimiter } from "./rate-limit";
|
|
4
|
-
export { sanitizeHtml, stripHtml } from "./sanitize";
|
|
5
|
-
export { validateMimeType, checkMagicBytes } from "./upload";
|
|
6
|
-
export { validateWebhookUrl, resolveAndCheck } from "./webhook";
|
|
7
|
-
export { logEvent, getAuditLog } from "./audit";
|
|
8
|
-
export { getSecurityHeaders } from "./headers";
|
|
9
|
-
export { applySecurityMiddleware } from "./middleware";
|
|
10
|
-
export { checkBreached } from "./breach-check";
|
|
11
|
-
export { detectLoginAnomaly, checkBruteForce } from "./anomaly-detection";
|
|
12
|
-
export { requiresReauth, verifyReauth } from "./reauth";
|
|
13
|
-
export { isIpAllowed } from "./ip-allowlist";
|
|
14
|
-
export { enforceSessionLimits } from "./session-limits";
|
|
15
|
-
export { encryptField, decryptField } from "./encrypted-fields";
|
|
16
|
-
export { getCorsHeaders } from "./cors";
|
|
17
|
-
export { generateCspNonce, buildCspHeader } from "./csp-nonces";
|
|
18
|
-
export { generateSecurityTxt } from "./security-txt";
|
|
19
|
-
export { generateApiKey, validateApiKeyScope } from "./api-key-enhanced";
|
|
1
|
+
export { checkAccess, getPermissionsForRole, filterFieldsByRole, filterWritableFields, applyFieldAccess } from "./access.js";
|
|
2
|
+
export { generateToken as generateCsrfToken, validateToken as validateCsrfToken } from "./csrf.js";
|
|
3
|
+
export { createRateLimiter } from "./rate-limit.js";
|
|
4
|
+
export { sanitizeHtml, stripHtml } from "./sanitize.js";
|
|
5
|
+
export { validateMimeType, checkMagicBytes } from "./upload.js";
|
|
6
|
+
export { validateWebhookUrl, resolveAndCheck } from "./webhook.js";
|
|
7
|
+
export { logEvent, getAuditLog } from "./audit.js";
|
|
8
|
+
export { getSecurityHeaders } from "./headers.js";
|
|
9
|
+
export { applySecurityMiddleware } from "./middleware.js";
|
|
10
|
+
export { checkBreached } from "./breach-check.js";
|
|
11
|
+
export { detectLoginAnomaly, checkBruteForce } from "./anomaly-detection.js";
|
|
12
|
+
export { requiresReauth, verifyReauth } from "./reauth.js";
|
|
13
|
+
export { isIpAllowed } from "./ip-allowlist.js";
|
|
14
|
+
export { enforceSessionLimits } from "./session-limits.js";
|
|
15
|
+
export { encryptField, decryptField } from "./encrypted-fields.js";
|
|
16
|
+
export { getCorsHeaders } from "./cors.js";
|
|
17
|
+
export { generateCspNonce, buildCspHeader } from "./csp-nonces.js";
|
|
18
|
+
export { generateSecurityTxt } from "./security-txt.js";
|
|
19
|
+
export { generateApiKey, validateApiKeyScope } from "./api-key-enhanced.js";
|
|
20
|
+
export { verifyCaptcha, getCaptchaConfig } from "./captcha.js";
|
|
20
21
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,qBAAqB,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/security/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,WAAW,EAAE,qBAAqB,EAAE,kBAAkB,EAAE,oBAAoB,EAAE,gBAAgB,EAAE,MAAM,aAAa,CAAC;AAG7H,OAAO,EAAE,aAAa,IAAI,iBAAiB,EAAE,aAAa,IAAI,iBAAiB,EAAE,MAAM,WAAW,CAAC;AAEnG,OAAO,EAAE,iBAAiB,EAAE,MAAM,iBAAiB,CAAC;AAGpD,OAAO,EAAE,YAAY,EAAE,SAAS,EAAE,MAAM,eAAe,CAAC;AAExD,OAAO,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEhE,OAAO,EAAE,kBAAkB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAEnE,OAAO,EAAE,QAAQ,EAAE,WAAW,EAAE,MAAM,YAAY,CAAC;AAGnD,OAAO,EAAE,kBAAkB,EAAE,MAAM,cAAc,CAAC;AAGlD,OAAO,EAAE,uBAAuB,EAAE,MAAM,iBAAiB,CAAC;AAG1D,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAC;AAElD,OAAO,EAAE,kBAAkB,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AAG7E,OAAO,EAAE,cAAc,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAG3D,OAAO,EAAE,WAAW,EAAE,MAAM,mBAAmB,CAAC;AAEhD,OAAO,EAAE,oBAAoB,EAAE,MAAM,qBAAqB,CAAC;AAG3D,OAAO,EAAE,YAAY,EAAE,YAAY,EAAE,MAAM,uBAAuB,CAAC;AAEnE,OAAO,EAAE,cAAc,EAAE,MAAM,WAAW,CAAC;AAG3C,OAAO,EAAE,gBAAgB,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAEnE,OAAO,EAAE,mBAAmB,EAAE,MAAM,mBAAmB,CAAC;AAGxD,OAAO,EAAE,cAAc,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAC;AAG5E,OAAO,EAAE,aAAa,EAAE,gBAAgB,EAAE,MAAM,cAAc,CAAC"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { type SecurityHeadersConfig } from "./headers";
|
|
2
|
-
import type { RateLimiter } from "./rate-limit";
|
|
1
|
+
import { type SecurityHeadersConfig } from "./headers.js";
|
|
2
|
+
import type { RateLimiter } from "./rate-limit.js";
|
|
3
3
|
export interface SecurityMiddlewareConfig {
|
|
4
4
|
headers?: SecurityHeadersConfig;
|
|
5
5
|
csrf?: {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/security/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,EAAsB,KAAK,qBAAqB,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"middleware.d.ts","sourceRoot":"","sources":["../../src/security/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,EAAsB,KAAK,qBAAqB,EAAE,MAAM,cAAc,CAAC;AAE9E,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,iBAAiB,CAAC;AAEnD,MAAM,WAAW,wBAAwB;IACvC,OAAO,CAAC,EAAE,qBAAqB,CAAC;IAChC,IAAI,CAAC,EAAE;QAAE,OAAO,EAAE,OAAO,CAAC;QAAC,UAAU,CAAC,EAAE,MAAM,CAAA;KAAE,CAAC;IACjD,SAAS,CAAC,EAAE,WAAW,CAAC;IACxB,YAAY,CAAC,EAAE,CAAC,OAAO,EAAE,OAAO,KAAK,MAAM,CAAC;CAC7C;AAED,MAAM,WAAW,wBAAwB;IACvC,OAAO,EAAE,OAAO,CAAC;IACjB,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;IAChC,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,MAAM,CAAC,EAAE,MAAM,CAAC;CACjB;AAED,4FAA4F;AAC5F,wBAAsB,uBAAuB,CAC3C,OAAO,EAAE,OAAO,EAChB,MAAM,EAAE,wBAAwB,GAC/B,OAAO,CAAC,wBAAwB,CAAC,CAiCnC"}
|
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
import { getSecurityHeaders } from "./headers";
|
|
2
|
-
import { validateToken as validateCsrf } from "./csrf";
|
|
1
|
+
import { getSecurityHeaders } from "./headers.js";
|
|
2
|
+
import { validateToken as validateCsrf } from "./csrf.js";
|
|
3
3
|
/** Compose a security middleware pipeline that applies headers, CSRF, and rate limiting. */
|
|
4
4
|
export async function applySecurityMiddleware(request, config) {
|
|
5
5
|
const responseHeaders = getSecurityHeaders(config.headers);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../src/security/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAA8B,MAAM,
|
|
1
|
+
{"version":3,"file":"middleware.js","sourceRoot":"","sources":["../../src/security/middleware.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,kBAAkB,EAA8B,MAAM,cAAc,CAAC;AAC9E,OAAO,EAAE,aAAa,IAAI,YAAY,EAAE,MAAM,WAAW,CAAC;AAiB1D,4FAA4F;AAC5F,MAAM,CAAC,KAAK,UAAU,uBAAuB,CAC3C,OAAgB,EAChB,MAAgC;IAEhC,MAAM,eAAe,GAAG,kBAAkB,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC;IAE3D,IAAI,MAAM,CAAC,SAAS,EAAE,CAAC;QACrB,MAAM,GAAG,GAAG,MAAM,CAAC,YAAY,EAAE,CAAC,OAAO,CAAC,IAAI,WAAW,CAAC,OAAO,CAAC,CAAC;QACnE,MAAM,MAAM,GAAG,MAAM,MAAM,CAAC,SAAS,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QACjD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,eAAe;gBACxB,KAAK,EAAE,qBAAqB;gBAC5B,MAAM,EAAE,GAAG;aACZ,CAAC;QACJ,CAAC;QACD,eAAe,CAAC,uBAAuB,CAAC,GAAG,MAAM,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;QACpE,eAAe,CAAC,mBAAmB,CAAC,GAAG,MAAM,CAAC,OAAO,CAAC,WAAW,EAAE,CAAC;IACtE,CAAC;IAED,IAAI,MAAM,CAAC,IAAI,EAAE,OAAO,IAAI,gBAAgB,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;QAC7D,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,IAAI,EAAE,CAAC;QAC5D,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,IAAI,gBAAgB,CAAC;QAC9D,MAAM,WAAW,GAAG,WAAW,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,EAAE,UAAU,CAAC,CAAC;QACjF,IAAI,CAAC,WAAW,IAAI,CAAC,YAAY,CAAC,SAAS,EAAE,WAAW,CAAC,EAAE,CAAC;YAC1D,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,eAAe;gBACxB,KAAK,EAAE,oBAAoB;gBAC3B,MAAM,EAAE,GAAG;aACZ,CAAC;QACJ,CAAC;IACH,CAAC;IAED,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,eAAe,EAAE,CAAC;AACrD,CAAC;AAED,SAAS,gBAAgB,CAAC,MAAc;IACtC,OAAO,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,MAAM,CAAC,WAAW,EAAE,CAAC,CAAC;AAC3E,CAAC;AAED,SAAS,WAAW,CAAC,OAAgB;IACnC,OAAO,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,EAAE,KAAK,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,EAAE,IAAI,EAAE,IAAI,SAAS,CAAC;AACpF,CAAC;AAED,SAAS,WAAW,CAAC,YAAoB,EAAE,IAAY;IACrD,MAAM,KAAK,GAAG,YAAY,CAAC,KAAK,CAAC,IAAI,MAAM,CAAC,cAAc,IAAI,UAAU,CAAC,CAAC,CAAC;IAC3E,OAAO,KAAK,EAAE,CAAC,CAAC,CAAC,CAAC;AACpB,CAAC"}
|
package/dist/security/reauth.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { verifyPassword } from '../auth/password';
|
|
1
|
+
import { verifyPassword } from '../auth/password.js';
|
|
2
2
|
/** Check whether a sensitive action requires re-authentication. */
|
|
3
3
|
export function requiresReauth(context, config) {
|
|
4
4
|
if (!config.requiredForActions.includes(context.action))
|
|
@@ -12,7 +12,7 @@ export async function verifyReauth(userId, credential, method, db) {
|
|
|
12
12
|
return false;
|
|
13
13
|
}
|
|
14
14
|
if (!db) {
|
|
15
|
-
const { getDB } = await import('../db');
|
|
15
|
+
const { getDB } = await import('../db.js');
|
|
16
16
|
db = getDB();
|
|
17
17
|
}
|
|
18
18
|
const user = await db.user.findUnique({
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"reauth.js","sourceRoot":"","sources":["../../src/security/reauth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"reauth.js","sourceRoot":"","sources":["../../src/security/reauth.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,qBAAqB,CAAC;AAYrD,mEAAmE;AACnE,MAAM,UAAU,cAAc,CAC5B,OAAsB,EACtB,MAAoB;IAEpB,IAAI,CAAC,MAAM,CAAC,kBAAkB,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;QAAE,OAAO,KAAK,CAAC;IACtE,MAAM,OAAO,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,OAAO,CAAC,UAAU,CAAC,OAAO,EAAE,CAAC,GAAG,IAAI,CAAC;IACnE,OAAO,OAAO,GAAG,MAAM,CAAC,aAAa,CAAC;AACxC,CAAC;AAED,uDAAuD;AACvD,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,MAAc,EACd,UAAkB,EAClB,MAA2B,EAC3B,EAAQ;IAER,IAAI,MAAM,KAAK,MAAM,EAAE,CAAC;QACtB,OAAO,KAAK,CAAC;IACf,CAAC;IAED,IAAI,CAAC,EAAE,EAAE,CAAC;QACR,MAAM,EAAE,KAAK,EAAE,GAAG,MAAM,MAAM,CAAC,UAAU,CAAC,CAAC;QAC3C,EAAE,GAAG,KAAK,EAAE,CAAC;IACf,CAAC;IAED,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,UAAU,CAAC;QACpC,KAAK,EAAE,EAAE,EAAE,EAAE,MAAM,EAAE;QACrB,MAAM,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE;KAC/C,CAAC,CAAC;IAEH,IAAI,CAAC,IAAI,IAAI,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;QAClD,OAAO,KAAK,CAAC;IACf,CAAC;IAED,OAAO,cAAc,CAAC,UAAU,EAAE,IAAI,CAAC,YAAY,CAAC,CAAC;AACvD,CAAC;AAED,qEAAqE;AACrE,MAAM,CAAC,MAAM,qBAAqB,GAAiB;IACjD,aAAa,EAAE,GAAG;IAClB,kBAAkB,EAAE;QAClB,aAAa;QACb,kBAAkB;QAClB,iBAAiB;QACjB,aAAa;QACb,sBAAsB;KACvB;CACF,CAAC"}
|
package/dist/seo/index.d.ts
CHANGED
|
@@ -1,9 +1,9 @@
|
|
|
1
|
-
export { analyzeContent, calculateReadability, stripHtmlTags, countSyllables, detectPassiveVoice, splitSentences, splitParagraphs, } from './analysis';
|
|
2
|
-
export type { SEOAnalysisResult, SEOCheck, AnalysisInput, ReadabilityResult, } from './analysis';
|
|
3
|
-
export { generateMetaTags, renderMetaTagsHtml, generateNextMetadata, } from './meta-tags';
|
|
4
|
-
export type { MetaTagInput, } from './meta-tags';
|
|
5
|
-
export { resolveTitle, getDocumentTitle, } from './title-templates';
|
|
6
|
-
export type { TitleTemplateConfig, TitleVariable, } from './title-templates';
|
|
7
|
-
export { generateLlmsTxt, } from './llms-txt';
|
|
8
|
-
export type { LlmsTxtConfig, LlmsTxtPage, } from './llms-txt';
|
|
1
|
+
export { analyzeContent, calculateReadability, stripHtmlTags, countSyllables, detectPassiveVoice, splitSentences, splitParagraphs, } from './analysis.js';
|
|
2
|
+
export type { SEOAnalysisResult, SEOCheck, AnalysisInput, ReadabilityResult, } from './analysis.js';
|
|
3
|
+
export { generateMetaTags, renderMetaTagsHtml, generateNextMetadata, } from './meta-tags.js';
|
|
4
|
+
export type { MetaTagInput, } from './meta-tags.js';
|
|
5
|
+
export { resolveTitle, getDocumentTitle, } from './title-templates.js';
|
|
6
|
+
export type { TitleTemplateConfig, TitleVariable, } from './title-templates.js';
|
|
7
|
+
export { generateLlmsTxt, } from './llms-txt.js';
|
|
8
|
+
export type { LlmsTxtConfig, LlmsTxtPage, } from './llms-txt.js';
|
|
9
9
|
//# sourceMappingURL=index.d.ts.map
|
package/dist/seo/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/seo/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,aAAa,EACb,cAAc,EACd,kBAAkB,EAClB,cAAc,EACd,eAAe,GAChB,MAAM,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/seo/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,aAAa,EACb,cAAc,EACd,kBAAkB,EAClB,cAAc,EACd,eAAe,GAChB,MAAM,eAAe,CAAC;AAEvB,YAAY,EACV,iBAAiB,EACjB,QAAQ,EACR,aAAa,EACb,iBAAiB,GAClB,MAAM,eAAe,CAAC;AAEvB,OAAO,EACL,gBAAgB,EAChB,kBAAkB,EAClB,oBAAoB,GACrB,MAAM,gBAAgB,CAAC;AAExB,YAAY,EACV,YAAY,GACb,MAAM,gBAAgB,CAAC;AAExB,OAAO,EACL,YAAY,EACZ,gBAAgB,GACjB,MAAM,sBAAsB,CAAC;AAE9B,YAAY,EACV,mBAAmB,EACnB,aAAa,GACd,MAAM,sBAAsB,CAAC;AAE9B,OAAO,EACL,eAAe,GAChB,MAAM,eAAe,CAAC;AAEvB,YAAY,EACV,aAAa,EACb,WAAW,GACZ,MAAM,eAAe,CAAC"}
|
package/dist/seo/index.js
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
|
-
export { analyzeContent, calculateReadability, stripHtmlTags, countSyllables, detectPassiveVoice, splitSentences, splitParagraphs, } from './analysis';
|
|
2
|
-
export { generateMetaTags, renderMetaTagsHtml, generateNextMetadata, } from './meta-tags';
|
|
3
|
-
export { resolveTitle, getDocumentTitle, } from './title-templates';
|
|
4
|
-
export { generateLlmsTxt, } from './llms-txt';
|
|
1
|
+
export { analyzeContent, calculateReadability, stripHtmlTags, countSyllables, detectPassiveVoice, splitSentences, splitParagraphs, } from './analysis.js';
|
|
2
|
+
export { generateMetaTags, renderMetaTagsHtml, generateNextMetadata, } from './meta-tags.js';
|
|
3
|
+
export { resolveTitle, getDocumentTitle, } from './title-templates.js';
|
|
4
|
+
export { generateLlmsTxt, } from './llms-txt.js';
|
|
5
5
|
//# sourceMappingURL=index.js.map
|
package/dist/seo/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/seo/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,aAAa,EACb,cAAc,EACd,kBAAkB,EAClB,cAAc,EACd,eAAe,GAChB,MAAM,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/seo/index.ts"],"names":[],"mappings":"AAAA,OAAO,EACL,cAAc,EACd,oBAAoB,EACpB,aAAa,EACb,cAAc,EACd,kBAAkB,EAClB,cAAc,EACd,eAAe,GAChB,MAAM,eAAe,CAAC;AASvB,OAAO,EACL,gBAAgB,EAChB,kBAAkB,EAClB,oBAAoB,GACrB,MAAM,gBAAgB,CAAC;AAMxB,OAAO,EACL,YAAY,EACZ,gBAAgB,GACjB,MAAM,sBAAsB,CAAC;AAO9B,OAAO,EACL,eAAe,GAChB,MAAM,eAAe,CAAC"}
|
package/dist/setup/index.js
CHANGED
|
@@ -5,7 +5,7 @@
|
|
|
5
5
|
* 1. Interactive — setup wizard UI at /admin when no users exist
|
|
6
6
|
* 2. Automated — env-var-based admin creation for CI/headless deploys
|
|
7
7
|
*/
|
|
8
|
-
import { hashPassword } from '../auth/password';
|
|
8
|
+
import { hashPassword } from '../auth/password.js';
|
|
9
9
|
/**
|
|
10
10
|
* Check if the CMS needs first-run setup (no admin users exist).
|
|
11
11
|
* Uses a raw count query to avoid loading the full user model.
|
package/dist/setup/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/setup/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/setup/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,qBAAqB,CAAC;AAmBnD;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CAAC,EAAO;IAC9C,IAAI,CAAC;QACH,MAAM,SAAS,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;QACxC,OAAO,EAAE,aAAa,EAAE,SAAS,KAAK,CAAC,EAAE,SAAS,EAAE,CAAC;IACvD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,aAAa,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC;IAC/C,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,EAAO,EACP,KAAuB;IAEvB,IAAI,CAAC,KAAK,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,QAAQ,IAAI,CAAC,KAAK,CAAC,IAAI,EAAE,CAAC;QACnD,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,wCAAwC,EAAE,CAAC;IAC7E,CAAC;IAED,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;QAC/B,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,yCAAyC,EAAE,CAAC;IAC9E,CAAC;IAED,MAAM,YAAY,GAAG,MAAM,YAAY,CAAC,KAAK,CAAC,QAAQ,CAAC,CAAC;IAExD,IAAI,CAAC;QACH,MAAM,IAAI,GAAG,MAAM,EAAE,CAAC,YAAY,CAAC,KAAK,EAAE,EAAO,EAAE,EAAE;YACnD,MAAM,aAAa,GAAG,MAAM,EAAE,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC;YAC5C,IAAI,aAAa,GAAG,CAAC,EAAE,CAAC;gBACtB,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;YAC3D,CAAC;YAED,OAAO,EAAE,CAAC,IAAI,CAAC,MAAM,CAAC;gBACpB,IAAI,EAAE;oBACJ,KAAK,EAAE,KAAK,CAAC,KAAK,CAAC,WAAW,EAAE,CAAC,IAAI,EAAE;oBACvC,IAAI,EAAE,KAAK,CAAC,IAAI,CAAC,IAAI,EAAE;oBACvB,YAAY;oBACZ,IAAI,EAAE,OAAO;oBACb,QAAQ,EAAE,IAAI;oBACd,UAAU,EAAE,IAAI;oBAChB,aAAa,EAAE,IAAI;iBACpB;aACF,CAAC,CAAC;QACL,CAAC,CAAC,CAAC;QAEH,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,CAAC,EAAE,EAAE,CAAC;IAC5C,CAAC;IAAC,OAAO,GAAG,EAAE,CAAC;QACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,cAAc,CAAC;QACpE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,OAAO,EAAE,CAAC;IAC5C,CAAC;AACH,CAAC;AAED;;;;GAIG;AACH,MAAM,CAAC,KAAK,UAAU,aAAa,CAAC,EAAO;IACzC,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC;IAC1C,MAAM,QAAQ,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC;IAEhD,IAAI,CAAC,KAAK,IAAI,CAAC,QAAQ,EAAE,CAAC;QACxB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,EAAE,aAAa,EAAE,GAAG,MAAM,kBAAkB,CAAC,EAAE,CAAC,CAAC;IACvD,IAAI,CAAC,aAAa,EAAE,CAAC;QACnB,OAAO,IAAI,CAAC;IACd,CAAC;IAED,MAAM,IAAI,GAAG,OAAO,CAAC,GAAG,CAAC,cAAc,IAAI,OAAO,CAAC;IAEnD,OAAO,kBAAkB,CAAC,EAAE,EAAE,EAAE,KAAK,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC;AAC3D,CAAC"}
|
package/dist/upgrade/index.d.ts
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
|
-
export { checkForUpdates, parseSemver } from "./version-check";
|
|
2
|
-
export type { VersionInfo } from "./version-check";
|
|
3
|
-
export { fetchChangelog, parseChangelog } from "./changelog";
|
|
4
|
-
export type { ChangelogEntry } from "./changelog";
|
|
5
|
-
export { createUpgradePR } from "./upgrade-pr";
|
|
6
|
-
export type { UpgradePROptions, UpgradePRResult } from "./upgrade-pr";
|
|
1
|
+
export { checkForUpdates, parseSemver } from "./version-check.js";
|
|
2
|
+
export type { VersionInfo } from "./version-check.js";
|
|
3
|
+
export { fetchChangelog, parseChangelog } from "./changelog.js";
|
|
4
|
+
export type { ChangelogEntry } from "./changelog.js";
|
|
5
|
+
export { createUpgradePR } from "./upgrade-pr.js";
|
|
6
|
+
export type { UpgradePROptions, UpgradePRResult } from "./upgrade-pr.js";
|
|
7
7
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/upgrade/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/upgrade/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAClE,YAAY,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAEtD,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAChE,YAAY,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAErD,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC;AAClD,YAAY,EAAE,gBAAgB,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC"}
|
package/dist/upgrade/index.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
export { checkForUpdates, parseSemver } from "./version-check";
|
|
2
|
-
export { fetchChangelog, parseChangelog } from "./changelog";
|
|
3
|
-
export { createUpgradePR } from "./upgrade-pr";
|
|
1
|
+
export { checkForUpdates, parseSemver } from "./version-check.js";
|
|
2
|
+
export { fetchChangelog, parseChangelog } from "./changelog.js";
|
|
3
|
+
export { createUpgradePR } from "./upgrade-pr.js";
|
|
4
4
|
//# sourceMappingURL=index.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/upgrade/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/upgrade/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AAGlE,OAAO,EAAE,cAAc,EAAE,cAAc,EAAE,MAAM,gBAAgB,CAAC;AAGhE,OAAO,EAAE,eAAe,EAAE,MAAM,iBAAiB,CAAC"}
|
|
@@ -11,6 +11,6 @@ export interface UpgradePRResult {
|
|
|
11
11
|
prUrl: string;
|
|
12
12
|
branchName: string;
|
|
13
13
|
}
|
|
14
|
-
/** Create a GitHub Pull Request
|
|
14
|
+
/** Create a GitHub Pull Request that bumps Actuate CMS package versions. */
|
|
15
15
|
export declare function createUpgradePR(options: UpgradePROptions): Promise<UpgradePRResult>;
|
|
16
16
|
//# sourceMappingURL=upgrade-pr.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"upgrade-pr.d.ts","sourceRoot":"","sources":["../../src/upgrade/upgrade-pr.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;CACpB;
|
|
1
|
+
{"version":3,"file":"upgrade-pr.d.ts","sourceRoot":"","sources":["../../src/upgrade/upgrade-pr.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,gBAAgB;IAC/B,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,CAAC;IACb,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,aAAa,EAAE,MAAM,CAAC;IACtB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,UAAU,EAAE,MAAM,CAAC;CACpB;AAuBD,4EAA4E;AAC5E,wBAAsB,eAAe,CACnC,OAAO,EAAE,gBAAgB,GACxB,OAAO,CAAC,eAAe,CAAC,CA8I1B"}
|
|
@@ -1,34 +1,124 @@
|
|
|
1
|
-
|
|
1
|
+
const GITHUB_API = "https://api.github.com";
|
|
2
|
+
async function ghFetch(path, token, options = {}) {
|
|
3
|
+
return fetch(`${GITHUB_API}${path}`, {
|
|
4
|
+
...options,
|
|
5
|
+
headers: {
|
|
6
|
+
Authorization: `token ${token}`,
|
|
7
|
+
Accept: "application/vnd.github.v3+json",
|
|
8
|
+
"Content-Type": "application/json",
|
|
9
|
+
...options.headers,
|
|
10
|
+
},
|
|
11
|
+
});
|
|
12
|
+
}
|
|
13
|
+
const SAFE_NAME = /^[a-zA-Z0-9._-]+$/;
|
|
14
|
+
const SAFE_VERSION = /^\d+\.\d+\.\d+(-[\w.]+)?$/;
|
|
15
|
+
/** Create a GitHub Pull Request that bumps Actuate CMS package versions. */
|
|
2
16
|
export async function createUpgradePR(options) {
|
|
3
|
-
const
|
|
4
|
-
|
|
17
|
+
const { owner, repo, githubToken, targetVersion, changesDescription } = options;
|
|
18
|
+
if (!SAFE_NAME.test(owner))
|
|
19
|
+
throw new Error("Invalid repository owner");
|
|
20
|
+
if (!SAFE_NAME.test(repo))
|
|
21
|
+
throw new Error("Invalid repository name");
|
|
22
|
+
if (!SAFE_VERSION.test(targetVersion))
|
|
23
|
+
throw new Error("Invalid version format");
|
|
24
|
+
const baseBranch = options.baseBranch ?? "main";
|
|
25
|
+
const branchName = `actuate/upgrade-${targetVersion}`;
|
|
26
|
+
// 1. Get the latest commit SHA on the base branch
|
|
27
|
+
const refRes = await ghFetch(`/repos/${owner}/${repo}/git/ref/heads/${baseBranch}`, githubToken);
|
|
28
|
+
if (!refRes.ok) {
|
|
29
|
+
throw new Error(`Failed to get base branch: ${refRes.status} ${await refRes.text()}`);
|
|
30
|
+
}
|
|
31
|
+
const refData = (await refRes.json());
|
|
32
|
+
const baseSha = refData.object.sha;
|
|
33
|
+
// 2. Get the current package.json from the base branch
|
|
34
|
+
const pkgRes = await ghFetch(`/repos/${owner}/${repo}/contents/package.json?ref=${baseBranch}`, githubToken);
|
|
35
|
+
if (!pkgRes.ok) {
|
|
36
|
+
throw new Error(`Failed to read package.json: ${pkgRes.status}`);
|
|
37
|
+
}
|
|
38
|
+
const pkgData = (await pkgRes.json());
|
|
39
|
+
const pkgContent = atob(pkgData.content.replace(/\n/g, ""));
|
|
40
|
+
const pkg = JSON.parse(pkgContent);
|
|
41
|
+
// 3. Bump @actuate-media/* dependencies to the target version
|
|
42
|
+
const actuatePackages = [
|
|
43
|
+
"@actuate-media/cms-core",
|
|
44
|
+
"@actuate-media/cms-admin",
|
|
45
|
+
"@actuate-media/plugin-seo",
|
|
46
|
+
"@actuate-media/plugin-forms",
|
|
47
|
+
"@actuate-media/plugin-media",
|
|
48
|
+
"@actuate-media/plugin-email",
|
|
49
|
+
"@actuate-media/plugin-blocks",
|
|
50
|
+
"@actuate-media/plugin-redirects",
|
|
51
|
+
"@actuate-media/plugin-navigation",
|
|
52
|
+
"@actuate-media/plugin-commerce",
|
|
53
|
+
"@actuate-media/plugin-ai",
|
|
54
|
+
];
|
|
55
|
+
for (const dep of actuatePackages) {
|
|
56
|
+
if (pkg.dependencies?.[dep]) {
|
|
57
|
+
pkg.dependencies[dep] = `^${targetVersion}`;
|
|
58
|
+
}
|
|
59
|
+
if (pkg.devDependencies?.[dep]) {
|
|
60
|
+
pkg.devDependencies[dep] = `^${targetVersion}`;
|
|
61
|
+
}
|
|
62
|
+
}
|
|
63
|
+
const updatedPkg = JSON.stringify(pkg, null, 2) + "\n";
|
|
64
|
+
const encodedContent = btoa(updatedPkg);
|
|
65
|
+
// 4. Create a new branch from the base
|
|
66
|
+
const createBranchRes = await ghFetch(`/repos/${owner}/${repo}/git/refs`, githubToken, {
|
|
67
|
+
method: "POST",
|
|
68
|
+
body: JSON.stringify({
|
|
69
|
+
ref: `refs/heads/${branchName}`,
|
|
70
|
+
sha: baseSha,
|
|
71
|
+
}),
|
|
72
|
+
});
|
|
73
|
+
if (!createBranchRes.ok) {
|
|
74
|
+
const errText = await createBranchRes.text();
|
|
75
|
+
if (!errText.includes("Reference already exists")) {
|
|
76
|
+
throw new Error(`Failed to create branch: ${createBranchRes.status} ${errText}`);
|
|
77
|
+
}
|
|
78
|
+
}
|
|
79
|
+
// 5. Update package.json on the new branch
|
|
80
|
+
const updateFileRes = await ghFetch(`/repos/${owner}/${repo}/contents/package.json`, githubToken, {
|
|
81
|
+
method: "PUT",
|
|
82
|
+
body: JSON.stringify({
|
|
83
|
+
message: `chore: bump Actuate CMS to ${targetVersion}`,
|
|
84
|
+
content: encodedContent,
|
|
85
|
+
sha: pkgData.sha,
|
|
86
|
+
branch: branchName,
|
|
87
|
+
}),
|
|
88
|
+
});
|
|
89
|
+
if (!updateFileRes.ok) {
|
|
90
|
+
throw new Error(`Failed to update package.json: ${updateFileRes.status} ${await updateFileRes.text()}`);
|
|
91
|
+
}
|
|
92
|
+
// 6. Create the pull request
|
|
93
|
+
const title = `chore: upgrade Actuate CMS to ${targetVersion}`;
|
|
5
94
|
const body = [
|
|
6
|
-
`## Actuate CMS Upgrade to ${
|
|
95
|
+
`## Actuate CMS Upgrade to ${targetVersion}`,
|
|
7
96
|
"",
|
|
8
|
-
|
|
97
|
+
changesDescription,
|
|
98
|
+
"",
|
|
99
|
+
"### After merging",
|
|
100
|
+
"",
|
|
101
|
+
"```bash",
|
|
102
|
+
"npm install",
|
|
103
|
+
"npx prisma migrate deploy",
|
|
104
|
+
"```",
|
|
9
105
|
"",
|
|
10
106
|
"---",
|
|
11
|
-
"*This PR was automatically created by the Actuate CMS
|
|
107
|
+
"*This PR was automatically created by the Actuate CMS admin panel.*",
|
|
12
108
|
].join("\n");
|
|
13
|
-
const
|
|
109
|
+
const prRes = await ghFetch(`/repos/${owner}/${repo}/pulls`, githubToken, {
|
|
14
110
|
method: "POST",
|
|
15
|
-
headers: {
|
|
16
|
-
Authorization: `token ${options.githubToken}`,
|
|
17
|
-
Accept: "application/vnd.github.v3+json",
|
|
18
|
-
"Content-Type": "application/json",
|
|
19
|
-
},
|
|
20
111
|
body: JSON.stringify({
|
|
21
112
|
title,
|
|
22
113
|
body,
|
|
23
114
|
head: branchName,
|
|
24
|
-
base:
|
|
115
|
+
base: baseBranch,
|
|
25
116
|
}),
|
|
26
117
|
});
|
|
27
|
-
if (!
|
|
28
|
-
|
|
29
|
-
throw new Error(`Failed to create PR: ${response.status} ${error}`);
|
|
118
|
+
if (!prRes.ok) {
|
|
119
|
+
throw new Error(`Failed to create PR: ${prRes.status} ${await prRes.text()}`);
|
|
30
120
|
}
|
|
31
|
-
const pr = (await
|
|
121
|
+
const pr = (await prRes.json());
|
|
32
122
|
return {
|
|
33
123
|
prNumber: pr.number,
|
|
34
124
|
prUrl: pr.html_url,
|