@actuate-media/cms-core 0.17.0 → 0.19.0

package/dist/api/handlers.js

@@ -1,4 +1,5 @@
-import { listDocuments, getDocument, createDocument, updateDocument, deleteDocument, getGlobal, updateGlobal, } from '../actions.js';
+import { listDocuments, getDocument, createDocument, updateDocument, deleteDocument, getGlobal, updateGlobal, buildRelationLookup, } from '../actions.js';
+import { populateRelations, parsePopulateParam } from '../fields/relations.js';
 import { verifyPassword, hashPassword, needsRehash, compareToDummyHash } from '../auth/password.js';
 import { createSession, verifySession, revokeSession } from '../auth/session.js';
 import { createPasswordReset, executePasswordReset } from '../auth/reset.js';
@@ -44,6 +45,41 @@ async function importAIPlugin() {
     const mod = '@actuate-media/' + 'plugin-ai';
     return import(/* webpackIgnore: true */ mod);
 }
+/**
+ * Common helper for the read endpoints. Reads the `?populate=` query param,
+ * fetches the target collection's field schema, and expands every relation
+ * reference into a {@link RelationSummary}. When the caller didn't ask for
+ * population (or the doc has no `data` field) we short-circuit and return
+ * the doc untouched.
+ *
+ * Lives here (not in `actions.ts`) because the rest of the actions API
+ * stays purely DB-shaped — population is an HTTP concern.
+ */
+async function maybePopulate(request, collection, doc, dbInstance) {
+    if (!doc)
+        return doc;
+    const url = new URL(request.url);
+    const opts = parsePopulateParam(url.searchParams.get('populate'));
+    if (!opts)
+        return doc;
+    const cfg = getActuateConfig();
+    const fields = cfg?.collections?.[collection]?.fields;
+    if (!fields)
+        return doc;
+    const data = doc.data && typeof doc.data === 'object' ? doc.data : null;
+    if (!data)
+        return doc;
+    try {
+        const populated = await populateRelations(fields, data, buildRelationLookup(dbInstance), opts);
+        return { ...doc, data: populated };
+    }
+    catch (err) {
+        // Never let a populate failure mask the underlying document — log and
+        // return the unpopulated doc.
+        console.error('[actuate][api] populate failed for', collection, err);
+        return doc;
+    }
+}
 const SECURITY_HEADERS = {
     'Content-Type': 'application/json',
     'X-Content-Type-Options': 'nosniff',
@@ -1338,7 +1374,13 @@ export function registerCMSRoutes(router) {
             // top-level page builder envelope and strips internal keys from
             // `data`. Field-level access has been applied as well — we don't
             // need to re-apply it here.
-            return json({ data: doc });
+            //
+            // Opt-in relation population: ?populate=author,relatedPosts (or *)
+            // replaces stored IDs with `{ id, title, slug, status, collection }`
+            // summaries. We only run this when the caller asked because it's an
+            // extra DB roundtrip and most internal callers don't need it.
+            const populated = await maybePopulate(request, params.slug, doc, db());
+            return json({ data: populated });
         }
         catch (err) {
             return internalError(err);
@@ -3736,26 +3778,85 @@ export function registerCMSRoutes(router) {
             if (!matchedCollection || !docSlug) {
                 return errorResponse('Could not resolve path', 404);
             }
+            // ?preview=<token> — when a valid preview token is presented we drop
+            // the `status: PUBLISHED` filter so admins (and clients with a signed
+            // share link) can render an unpublished draft at the document's real
+            // URL. The token is tied to a (collection, documentId) pair so we
+            // verify the URL actually points at the document the token was
+            // minted for; this prevents using one token to peek at unrelated
+            // drafts in the same collection.
+            const previewToken = url.searchParams.get('preview');
+            let previewSession = null;
+            if (previewToken) {
+                try {
+                    const preview = createPreviewAdapter(getSessionSecret(), db());
+                    const session = await preview.validatePreviewToken(previewToken);
+                    if (session) {
+                        previewSession = {
+                            collection: session.collection,
+                            documentId: session.documentId,
+                            expiresAt: session.expiresAt,
+                        };
+                    }
+                }
+                catch (err) {
+                    console.error('[actuate][api] resolve preview token validation failed:', err);
+                }
+            }
             const isRootPath = segments.length === 0;
-            const doc = await db().document.findFirst({
-                where: {
-                    collection: matchedCollection,
-                    deletedAt: null,
-                    status: 'PUBLISHED',
-                    OR: isRootPath
-                        ? [
-                            { data: { path: ['slug'], equals: 'home' } },
-                            { data: { path: ['slug'], equals: 'index' } },
-                            { slug: 'home' },
-                            { slug: 'index' },
-                        ]
-                        : [{ data: { path: ['slug'], equals: docSlug } }, { slug: docSlug }],
-                },
-            });
+            const slugFilter = {
+                OR: isRootPath
+                    ? [
+                        { data: { path: ['slug'], equals: 'home' } },
+                        { data: { path: ['slug'], equals: 'index' } },
+                        { slug: 'home' },
+                        { slug: 'index' },
+                    ]
+                    : [{ data: { path: ['slug'], equals: docSlug } }, { slug: docSlug }],
+            };
+            const doc = previewSession
+                ? await db().document.findFirst({
+                    where: {
+                        collection: matchedCollection,
+                        deletedAt: null,
+                        ...slugFilter,
+                    },
+                })
+                : await db().document.findFirst({
+                    where: {
+                        collection: matchedCollection,
+                        deletedAt: null,
+                        status: 'PUBLISHED',
+                        ...slugFilter,
+                    },
+                });
             if (!doc) {
                 return errorResponse('Document not found', 404);
             }
-            const docData = doc.data && typeof doc.data === 'object' ? doc.data : {};
+            // Enforce the token ↔ document binding. A leaked or copied token can
+            // only unlock the exact document it was issued for.
+            if (previewSession &&
+                (previewSession.documentId !== doc.id || previewSession.collection !== matchedCollection)) {
+                return errorResponse('Preview token does not match this URL', 403);
+            }
+            let docData = doc.data && typeof doc.data === 'object' ? doc.data : {};
+            // Opt-in: ?populate=author,relatedPosts (or *) — expand relation IDs
+            // into `{ id, title, slug, status, collection }` summaries so the
+            // frontend renders authors / related case studies without a second
+            // request per reference. `resolve` is the highest-leverage place to
+            // do this because it's what marketing pages call from SSR.
+            const populateOpts = parsePopulateParam(new URL(request.url).searchParams.get('populate'));
+            if (populateOpts) {
+                const fields = getActuateConfig()?.collections?.[matchedCollection]?.fields;
+                if (fields) {
+                    try {
+                        docData = await populateRelations(fields, docData, buildRelationLookup(db()), populateOpts);
+                    }
+                    catch (err) {
+                        console.error('[actuate][api] resolve populate failed:', err);
+                    }
+                }
+            }
             const layout = await resolveLayout(pathParam, docData, matchedCollection);
             const { _layout: _omit, ...cleanData } = docData;
             // Compose page meta + JSON-LD up front so client renderers (Next.js
@@ -3800,6 +3901,14 @@ export function registerCMSRoutes(router) {
                 jsonLd: composed.jsonLd,
                 jsonLdHtml: composed.jsonLdHtml,
                 ...(Object.keys(layout).length > 0 ? { layout } : {}),
+                ...(previewSession
+                    ? {
+                        preview: {
+                            active: true,
+                            expiresAt: previewSession.expiresAt.toISOString(),
+                        },
+                    }
+                    : {}),
             });
         }
         catch (err) {
@@ -4007,9 +4116,36 @@ export function registerCMSRoutes(router) {
             if (!body.collection || !body.documentId) {
                 return errorResponse('collection and documentId are required', 400);
             }
+            // Verify the document actually exists so we don't issue tokens for
+            // hypothetical ids — a leaked token would otherwise silently work
+            // once a doc with that id appeared.
+            const doc = await db().document.findFirst({
+                where: { id: body.documentId, collection: body.collection, deletedAt: null },
+                select: { id: true, slug: true },
+            });
+            if (!doc)
+                return errorResponse('Document not found', 404);
             const preview = createPreviewAdapter(getSessionSecret(), db());
-            const session = await preview.createPreviewSession(body.collection, body.documentId);
-            return json({ data: { token: session.token, expiresAt: session.expiresAt } });
+            const session = await preview.createPreviewSession(body.collection, body.documentId, {
+                ttlSeconds: body.ttlSeconds,
+                issuedBy: auth.session.userId,
+            });
+            await logEvent({
+                event: 'preview_token_issued',
+                userId: auth.session.userId,
+                details: {
+                    collection: body.collection,
+                    documentId: body.documentId,
+                    expiresAt: session.expiresAt.toISOString(),
+                },
+            });
+            return json({
+                data: {
+                    token: session.token,
+                    expiresAt: session.expiresAt,
+                    slug: doc.slug,
+                },
+            });
         }
         catch (err) {
             return internalError(err, 'create preview token');
@@ -4144,6 +4280,138 @@ export function registerCMSRoutes(router) {
         }
     });
     // ---------------------------------------------------------------------------
+    // Per-document scheduling — sets `scheduledAt` (when to publish) and/or
+    // `scheduledUnpublishAt` (when to unpublish). The actual transitions are
+    // performed by the scheduling cron (`/cron/publish`). Decoupling the
+    // schedule from the publish action means a missed cron tick just delays
+    // the publish — it can never accidentally publish twice or skip a doc.
+    // ---------------------------------------------------------------------------
+    router.post('/collections/:slug/:id/schedule', async (request, params) => {
+        try {
+            const auth = await requireAuth(request);
+            if (auth.error)
+                return auth.error;
+            const roleErr = requireRole(auth.session.role, WRITE_ROLES);
+            if (roleErr)
+                return roleErr;
+            const body = (await request.json());
+            const parseFuture = (v, label) => {
+                if (v === null || v === undefined)
+                    return null;
+                const d = new Date(v);
+                if (Number.isNaN(d.getTime())) {
+                    throw new Error(`${label} is not a valid ISO date`);
+                }
+                if (d.getTime() <= Date.now()) {
+                    throw new Error(`${label} must be in the future`);
+                }
+                return d;
+            };
+            let publishAt;
+            let unpublishAt;
+            try {
+                publishAt = parseFuture(body.scheduledAt, 'scheduledAt');
+                unpublishAt = parseFuture(body.scheduledUnpublishAt, 'scheduledUnpublishAt');
+            }
+            catch (err) {
+                return errorResponse(err instanceof Error ? err.message : 'Invalid schedule', 400);
+            }
+            if (!publishAt && !unpublishAt) {
+                return errorResponse('At least one of scheduledAt or scheduledUnpublishAt is required', 400);
+            }
+            if (publishAt && unpublishAt && unpublishAt <= publishAt) {
+                return errorResponse('scheduledUnpublishAt must be after scheduledAt', 400);
+            }
+            const doc = await db().document.findFirst({
+                where: { id: params.id, collection: params.slug, deletedAt: null },
+            });
+            if (!doc)
+                return errorResponse('Document not found', 404);
+            // If we're scheduling a future publish, force status → SCHEDULED so the
+            // cron picks it up. If we're only scheduling an unpublish on an already
+            // published doc we leave status as PUBLISHED.
+            const nextStatus = publishAt ? 'SCHEDULED' : doc.status;
+            const updateData = {
+                updatedById: auth.session.userId,
+            };
+            if (publishAt) {
+                updateData.scheduledAt = publishAt;
+                updateData.status = nextStatus;
+            }
+            if (body.scheduledUnpublishAt !== undefined) {
+                updateData.scheduledUnpublishAt = unpublishAt;
+            }
+            const updated = await db().document.update({
+                where: { id: doc.id },
+                data: updateData,
+            });
+            await logEvent({
+                event: 'document_scheduled',
+                userId: auth.session.userId,
+                details: {
+                    collection: params.slug,
+                    documentId: doc.id,
+                    scheduledAt: publishAt?.toISOString() ?? null,
+                    scheduledUnpublishAt: unpublishAt?.toISOString() ?? null,
+                },
+            });
+            return json({
+                data: {
+                    id: updated.id,
+                    status: updated.status,
+                    scheduledAt: updated.scheduledAt,
+                    scheduledUnpublishAt: updated.scheduledUnpublishAt,
+                },
+            });
+        }
+        catch (err) {
+            return internalError(err, 'schedule document');
+        }
+    });
+    router.delete('/collections/:slug/:id/schedule', async (request, params) => {
+        try {
+            const auth = await requireAuth(request);
+            if (auth.error)
+                return auth.error;
+            const roleErr = requireRole(auth.session.role, WRITE_ROLES);
+            if (roleErr)
+                return roleErr;
+            const doc = await db().document.findFirst({
+                where: { id: params.id, collection: params.slug, deletedAt: null },
+            });
+            if (!doc)
+                return errorResponse('Document not found', 404);
+            // If the doc was SCHEDULED (not yet published) cancelling drops it
+            // back to DRAFT. PUBLISHED docs with a future unpublish stay live.
+            const nextStatus = doc.status === 'SCHEDULED' ? 'DRAFT' : doc.status;
+            const updated = await db().document.update({
+                where: { id: doc.id },
+                data: {
+                    scheduledAt: null,
+                    scheduledUnpublishAt: null,
+                    status: nextStatus,
+                    updatedById: auth.session.userId,
+                },
+            });
+            await logEvent({
+                event: 'document_schedule_cancelled',
+                userId: auth.session.userId,
+                details: { collection: params.slug, documentId: doc.id },
+            });
+            return json({
+                data: {
+                    id: updated.id,
+                    status: updated.status,
+                    scheduledAt: null,
+                    scheduledUnpublishAt: null,
+                },
+            });
+        }
+        catch (err) {
+            return internalError(err, 'cancel schedule');
+        }
+    });
+    // ---------------------------------------------------------------------------
     // Scheduling routes
     // ---------------------------------------------------------------------------
     router.post('/scheduling/run', async (request) => {