@actuate-media/cms-core 0.31.0 → 0.33.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/__tests__/api/form-webhooks.test.d.ts +2 -0
- package/dist/__tests__/api/form-webhooks.test.d.ts.map +1 -0
- package/dist/__tests__/api/form-webhooks.test.js +162 -0
- package/dist/__tests__/api/form-webhooks.test.js.map +1 -0
- package/dist/__tests__/api/public-forms.test.d.ts +2 -0
- package/dist/__tests__/api/public-forms.test.d.ts.map +1 -0
- package/dist/__tests__/api/public-forms.test.js +125 -0
- package/dist/__tests__/api/public-forms.test.js.map +1 -0
- package/dist/__tests__/forms/notify.test.d.ts +2 -0
- package/dist/__tests__/forms/notify.test.d.ts.map +1 -0
- package/dist/__tests__/forms/notify.test.js +114 -0
- package/dist/__tests__/forms/notify.test.js.map +1 -0
- package/dist/__tests__/forms/spam.test.d.ts +2 -0
- package/dist/__tests__/forms/spam.test.d.ts.map +1 -0
- package/dist/__tests__/forms/spam.test.js +115 -0
- package/dist/__tests__/forms/spam.test.js.map +1 -0
- package/dist/__tests__/forms/submission-files.test.d.ts +2 -0
- package/dist/__tests__/forms/submission-files.test.d.ts.map +1 -0
- package/dist/__tests__/forms/submission-files.test.js +65 -0
- package/dist/__tests__/forms/submission-files.test.js.map +1 -0
- package/dist/__tests__/forms/submission-pipeline.test.d.ts +2 -0
- package/dist/__tests__/forms/submission-pipeline.test.d.ts.map +1 -0
- package/dist/__tests__/forms/submission-pipeline.test.js +131 -0
- package/dist/__tests__/forms/submission-pipeline.test.js.map +1 -0
- package/dist/__tests__/forms/submission-validation.test.d.ts +2 -0
- package/dist/__tests__/forms/submission-validation.test.d.ts.map +1 -0
- package/dist/__tests__/forms/submission-validation.test.js +108 -0
- package/dist/__tests__/forms/submission-validation.test.js.map +1 -0
- package/dist/__tests__/forms/webhooks.test.d.ts +2 -0
- package/dist/__tests__/forms/webhooks.test.d.ts.map +1 -0
- package/dist/__tests__/forms/webhooks.test.js +203 -0
- package/dist/__tests__/forms/webhooks.test.js.map +1 -0
- package/dist/api/handler-factory.d.ts.map +1 -1
- package/dist/api/handler-factory.js +2 -2
- package/dist/api/handler-factory.js.map +1 -1
- package/dist/api/handlers.d.ts.map +1 -1
- package/dist/api/handlers.js +420 -56
- package/dist/api/handlers.js.map +1 -1
- package/dist/api/router.d.ts +2 -1
- package/dist/api/router.d.ts.map +1 -1
- package/dist/api/router.js +3 -0
- package/dist/api/router.js.map +1 -1
- package/dist/config/types.d.ts +11 -6
- package/dist/config/types.d.ts.map +1 -1
- package/dist/forms/entries.d.ts.map +1 -1
- package/dist/forms/entries.js +16 -1
- package/dist/forms/entries.js.map +1 -1
- package/dist/forms/files.d.ts +38 -0
- package/dist/forms/files.d.ts.map +1 -0
- package/dist/forms/files.js +134 -0
- package/dist/forms/files.js.map +1 -0
- package/dist/forms/index.d.ts +6 -0
- package/dist/forms/index.d.ts.map +1 -1
- package/dist/forms/index.js +6 -0
- package/dist/forms/index.js.map +1 -1
- package/dist/forms/notify.d.ts +37 -0
- package/dist/forms/notify.d.ts.map +1 -0
- package/dist/forms/notify.js +198 -0
- package/dist/forms/notify.js.map +1 -0
- package/dist/forms/spam.d.ts +33 -0
- package/dist/forms/spam.d.ts.map +1 -0
- package/dist/forms/spam.js +93 -0
- package/dist/forms/spam.js.map +1 -0
- package/dist/forms/submission.d.ts +116 -0
- package/dist/forms/submission.d.ts.map +1 -0
- package/dist/forms/submission.js +336 -0
- package/dist/forms/submission.js.map +1 -0
- package/dist/forms/validation.d.ts +19 -0
- package/dist/forms/validation.d.ts.map +1 -0
- package/dist/forms/validation.js +235 -0
- package/dist/forms/validation.js.map +1 -0
- package/dist/forms/webhooks.d.ts +54 -0
- package/dist/forms/webhooks.d.ts.map +1 -0
- package/dist/forms/webhooks.js +292 -0
- package/dist/forms/webhooks.js.map +1 -0
- package/dist/index.d.ts +2 -2
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +1 -1
- package/dist/index.js.map +1 -1
- package/dist/security/client-ip.d.ts +11 -21
- package/dist/security/client-ip.d.ts.map +1 -1
- package/dist/security/client-ip.js +38 -0
- package/dist/security/client-ip.js.map +1 -1
- package/package.json +1 -1
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"handler-factory.js","sourceRoot":"","sources":["../../src/api/handler-factory.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAA;AAC3C,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;AAC7C,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAA;AACpE,OAAO,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,UAAU,CAAA;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAA;AACxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAA;AAC7D,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAA;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA;AACjD,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAA;AACvD,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAA;AAChG,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAA;AAEhE;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,iBAAiB,GAA0B;IAC/C,aAAa;IACb,cAAc;IACd,kBAAkB;IAClB,uBAAuB;IACvB,sBAAsB;IACtB,cAAc;IACd,qBAAqB;IACrB,QAAQ;IACR,wEAAwE;IACxE,sEAAsE;IACtE,wEAAwE;IACxE,YAAY;CACb,CAAA;AAED,SAAS,gBAAgB,CAAC,QAAgB;IACxC,IACE,iBAAiB,CAAC,IAAI,CACpB,CAAC,CAAC,EAAE,EAAE,CACJ,QAAQ,KAAK,CAAC;QACd,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC;QAC5B,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAC9C,EACD,CAAC;QACD,OAAO,IAAI,CAAA;IACb,CAAC;IACD,
|
|
1
|
+
{"version":3,"file":"handler-factory.js","sourceRoot":"","sources":["../../src/api/handler-factory.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,aAAa,EAAE,MAAM,aAAa,CAAA;AAC3C,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAA;AAC7C,OAAO,EAAE,iBAAiB,EAAE,iBAAiB,EAAE,MAAM,eAAe,CAAA;AACpE,OAAO,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,UAAU,CAAA;AAClD,OAAO,EAAE,iBAAiB,EAAE,MAAM,sBAAsB,CAAA;AACxD,OAAO,EAAE,iBAAiB,EAAE,MAAM,2BAA2B,CAAA;AAC7D,OAAO,EAAE,WAAW,EAAE,MAAM,0BAA0B,CAAA;AACtD,OAAO,EAAE,aAAa,EAAE,MAAM,mBAAmB,CAAA;AACjD,OAAO,EAAE,iBAAiB,EAAE,MAAM,qBAAqB,CAAA;AACvD,OAAO,EAAE,gBAAgB,EAAE,gBAAgB,EAAE,qBAAqB,EAAE,MAAM,sBAAsB,CAAA;AAChG,OAAO,EAAE,gBAAgB,EAAE,MAAM,+BAA+B,CAAA;AAEhE;;;;;;;;;;;;;;;;;GAiBG;AACH,MAAM,iBAAiB,GAA0B;IAC/C,aAAa;IACb,cAAc;IACd,kBAAkB;IAClB,uBAAuB;IACvB,sBAAsB;IACtB,cAAc;IACd,qBAAqB;IACrB,QAAQ;IACR,wEAAwE;IACxE,sEAAsE;IACtE,wEAAwE;IACxE,YAAY;CACb,CAAA;AAED,SAAS,gBAAgB,CAAC,QAAgB;IACxC,IACE,iBAAiB,CAAC,IAAI,CACpB,CAAC,CAAC,EAAE,EAAE,CACJ,QAAQ,KAAK,CAAC;QACd,QAAQ,CAAC,UAAU,CAAC,GAAG,CAAC,GAAG,CAAC;QAC5B,CAAC,CAAC,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,QAAQ,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,CAC9C,EACD,CAAC;QACD,OAAO,IAAI,CAAA;IACb,CAAC;IACD,6EAA6E;IAC7E,OAAO,CACL,0BAA0B,CAAC,IAAI,CAAC,QAAQ,CAAC,IAAI,kCAAkC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAC/F,CAAA;AACH,CAAC;AAED;;;;;;;;;GASG;AACH,SAAS,eAAe,CAAC,OAAgB;IACvC,MAAM,IAAI,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,eAAe,CAAC,CAAA;IACjD,IAAI,CAAC,IAAI,EAAE,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,KAAK,CAAA;IAC9C,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,CAAC,CAAC,CAAA;IAC3B,OAAO,yBAAyB,CAAC,IAAI,CAAC,KAAK,CAAC,CAAA;AAC9C,CAAC;AAED,MAAM,QAAQ,GAAG,aAAa,CAAC,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;AAC/C,MAAM,EAAE,OAAO,EAAE,gBAAgB,EAAE,GAAG,QAAQ,CAAC,oBAAoB,CAAwB,CAAA;AAQ3F,IAAI,aAAa,GAEN,IAAI,CAAA;AAEf,MAAM,UAAU,gBAAgB,CAAC,UAAmC,EAAE;IACpE,qBAAqB,CAAC,gBAAgB,CAAC,CAAA;IAEvC,IAAI,OAAO,CAAC,MAAM,EAAE,CAAC;QACnB,sEAAsE;QACtE,sEAAsE;QACtE,0EAA0E;QAC1E,+CAA+C;QAC/C,gBAAgB,CAAC,OAAO,CAAC,MAAe,CAAC,CAAA;QAEzC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAa,CAAA;QACpC,MAAM,KAAK,GAAU,EAAE,CAAA;QACvB,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,EAAE,CAAC;YAClC,KAAK,MAAM,MAAM,IAAI,MAAM,CAAC,OAAO,EAAE,CAAC;gBACpC,IAAI,KAAK,CAAC,OAAO,CAAC,MAAM,EAAE,KAAK,CAAC,EAAE,CAAC;oBACjC,KAAK,CAAC,IAAI,CAAC,GAAG,MAAM,CAAC,KAAK,CAAC,CAAA;gBAC7B,CAAC;YACH,CAAC;QACH,CAAC;QACD,CAAC;QAAC,MAAc,CAAC,YAAY,GAAG,KAAK,CAAA;QAErC,uEAAuE;QACvE,qEAAqE;QACrE,qEAAqE;QACrE,qEAAqE;QACrE,MAAM,eAAe,GAAG,MAAM,CAAC,QAAQ,EAAE,OAAO,CAAA;QAChD,IACE,eAAe;YACf,OAAO,eAAe,KAAK,QAAQ;YACnC,OAAQ,eAAuB,CAAC,MAAM,KAAK,UAAU,EACrD,CAAC;YACD,IAAI,CAAC;gBACH,iBAAiB,CAAC,eAAe,CAAC,CAAA;YACpC,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,IAAI,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,MAAM,EAAE,CAAC;oBACpC,OAAO,CAAC,IAAI,CAAC,4DAA4D,EAAE,GAAG,CAAC,CAAA;gBACjF,CAAC;YACH,CAAC;QACH,CAAC;IACH,CAAC;IAED,MAAM,MAAM,GAAG,eAAe,EAAE,CAAA;IAEhC,MAAM,WAAW,GAAG,iBAAiB,CAAC,EAAE,QAAQ,EAAE,KAAK,EAAE,WAAW,EAAE,GAAG,EAAE,CAAC,CAAA;IAE5E,MAAM,CAAC,GAAG,CAAC,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;QACjC,yEAAyE;QACzE,yEAAyE;QACzE,uEAAuE;QACvE,oEAAoE;QACpE,MAAM,EAAE,GAAG,WAAW,CAAC,OAAO,CAAC,CAAA;QAC/B,MAAM,MAAM,GAAG,EAAE,KAAK,SAAS,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAA;QAC5D,MAAM,eAAe,GAAG,MAAM,WAAW,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;QACvD,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,CAAC;YAC7B,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,EAAE;gBAClE,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE;oBACP,cAAc,EAAE,kBAAkB;oBAClC,aAAa,EAAE,eAAe,CAAC,UAAU,EAAE,QAAQ,EAAE,IAAI,IAAI;iBAC9D;aACF,CAAC,CAAA;QACJ,CAAC;QAED,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC,EAAE,CAAC;YAChE,mEAAmE;YACnE,mEAAmE;YACnE,mEAAmE;YACnE,IAAI,CAAC,gBAAgB,CAAC,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,eAAe,CAAC,OAAO,CAAC,EAAE,CAAC;gBAClF,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAA;gBACrD,MAAM,UAAU,GAAG,iBAAiB,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,cAAc,CAAC,CAAA;gBACzF,IAAI,CAAC,SAAS,IAAI,CAAC,UAAU,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,UAAU,CAAC,EAAE,CAAC;oBAC3E,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC,EAAE;wBACnE,MAAM,EAAE,GAAG;wBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;qBAChD,CAAC,CAAA;gBACJ,CAAC;YACH,CAAC;QACH,CAAC;QAED,OAAO,IAAI,EAAE,CAAA;IACf,CAAC,CAAC,CAAA;IAEF,iBAAiB,CAAC,MAAM,CAAC,CAAA;IAEzB,IAAI,SAAS,GAAG,KAAK,CAAA;IAErB,OAAO,KAAK,UAAU,OAAO,CAAC,OAAgB;QAC5C,kEAAkE;QAClE,+DAA+D;QAC/D,kCAAkC;QAClC,MAAM,SAAS,GAAG,WAAW,CAAC,GAAG,EAAE,CAAA;QACnC,MAAM,QAAQ,GAAG,CAAC,GAAG,EAAE;YACrB,IAAI,CAAC;gBACH,OAAO,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,QAAQ,CAAA;YACtC,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO,GAAG,CAAA;YACZ,CAAC;QACH,CAAC,CAAC,EAAE,CAAA;QAEJ,MAAM,QAAQ,GAAG,MAAM,UAAU,CAAC,OAAO,CAAC,CAAA;QAC1C,+DAA+D;QAC/D,8DAA8D;QAC9D,gEAAgE;QAChE,IAAI,CAAC;YACH,gBAAgB,CAAC;gBACf,QAAQ;gBACR,MAAM,EAAE,QAAQ,CAAC,MAAM;gBACvB,UAAU,EAAE,WAAW,CAAC,GAAG,EAAE,GAAG,SAAS;aAC1C,CAAC,CAAA;QACJ,CAAC;QAAC,MAAM,CAAC;YACP,oDAAoD;QACtD,CAAC;QACD,OAAO,QAAQ,CAAA;IACjB,CAAC,CAAA;IAED,KAAK,UAAU,UAAU,CAAC,OAAgB;QACxC,IAAI,CAAC;YACH,IAAI,CAAC,eAAe,EAAE,EAAE,CAAC;gBACvB,MAAM,MAAM,GACV,OAAO,CAAC,YAAY;oBACpB,CAAC,OAAO,CAAC,kBAAkB,CAAC,CAAC,CAAC,MAAM,OAAO,CAAC,kBAAkB,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,CAAA;gBAC1E,IAAI,MAAM,EAAE,CAAC;oBACX,MAAM,CAAC,MAAM,CAAC,CAAA;oBACd,aAAa,CAAC,MAAM,CAAC,CAAC,KAAK,CAAC,GAAG,EAAE,GAAE,CAAC,CAAC,CAAA;gBACvC,CAAC;YACH,CAAC;YAED,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,SAAS,GAAG,IAAI,CAAA;gBAChB,IAAI,CAAC;oBACH,MAAM,MAAM,GAAG,OAAO,CAAC,YAAmD,CAAA;oBAC1E,IAAI,MAAM,EAAE,CAAC;wBACX,MAAM,QAAQ,GAAG,CAAC,UAAU,EAAE,MAAM,EAAE,SAAS,EAAE,OAAO,CAAC,CAAA;wBACzD,MAAM,OAAO,GAAG,QAAQ,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,CAAC,IAAI,MAAM,CAAC,CAAC,CAAA;wBACtD,IAAI,OAAO,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;4BACvB,OAAO,CAAC,IAAI,CACV,kDAAkD,OAAO,CAAC,IAAI,CAAC,IAAI,CAAC,IAAI;gCACtE,sEAAsE;gCACtE,+EAA+E,CAClF,CAAA;wBACH,CAAC;oBACH,CAAC;gBACH,CAAC;gBAAC,MAAM,CAAC,CAAA,CAAC;YACZ,CAAC;YAED,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;YAChC,MAAM,YAAY,GAAG,GAAG,CAAC,QAAQ,CAAA;YAEjC,IAAI,YAAY,KAAK,kBAAkB,IAAI,YAAY,CAAC,UAAU,CAAC,kBAAkB,CAAC,EAAE,CAAC;gBACvF,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,UAAU,CAAA;gBACrC,IAAI,CAAC,MAAM,IAAI,MAAM,CAAC,MAAM,GAAG,EAAE,EAAE,CAAC;oBAClC,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,EAAE;wBACxE,MAAM,EAAE,GAAG;wBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;qBAChD,CAAC,CAAA;gBACJ,CAAC;gBAED,MAAM,EAAE,GAAG,WAAW,CAAC,OAAO,CAAC,CAAA;gBAC/B,MAAM,MAAM,GAAG,EAAE,KAAK,SAAS,CAAC,CAAC,CAAC,aAAa,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAA;gBAC5D,MAAM,eAAe,GAAG,MAAM,WAAW,CAAC,KAAK,CAAC,MAAM,CAAC,CAAA;gBACvD,IAAI,CAAC,eAAe,CAAC,OAAO,EAAE,CAAC;oBAC7B,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,CAAC,EAAE;wBAClE,MAAM,EAAE,GAAG;wBACX,OAAO,EAAE;4BACP,cAAc,EAAE,kBAAkB;4BAClC,aAAa,EAAE,eAAe,CAAC,UAAU,EAAE,QAAQ,EAAE,IAAI,IAAI;yBAC9D;qBACF,CAAC,CAAA;gBACJ,CAAC;gBAED,IACE,CAAC,MAAM,EAAE,KAAK,EAAE,OAAO,EAAE,QAAQ,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,CAAC;oBAC3D,CAAC,eAAe,CAAC,OAAO,CAAC,EACzB,CAAC;oBACD,MAAM,SAAS,GAAG,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,cAAc,CAAC,CAAA;oBACrD,MAAM,UAAU,GAAG,iBAAiB,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC,CAAC,cAAc,CAAC,CAAA;oBACzF,IAAI,CAAC,SAAS,IAAI,CAAC,UAAU,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,UAAU,CAAC,EAAE,CAAC;wBAC3E,OAAO,IAAI,QAAQ,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,KAAK,EAAE,oBAAoB,EAAE,CAAC,EAAE;4BACnE,MAAM,EAAE,GAAG;4BACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;yBAChD,CAAC,CAAA;oBACJ,CAAC;gBACH,CAAC;gBAED,MAAM,MAAM,GAAG,gBAAgB,EAAE,CAAA;gBACjC,IAAI,MAAM,EAAE,CAAC;oBACX,IAAI,CAAC,aAAa,EAAE,CAAC;wBACnB,MAAM,EAAE,oBAAoB,EAAE,GAAG,MAAM,MAAM,CAAC,qBAAqB,CAAC,CAAA;wBACpE,aAAa,GAAG,oBAAoB,CAAC,EAAE,MAAM,EAAE,MAAM,EAAE,CAAC,CAAA;oBAC1D,CAAC;oBACD,OAAO,aAAa,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;gBACtC,CAAC;YACH,CAAC;YAED,MAAM,SAAS,GAAG,UAAU,CAAA;YAC5B,IAAI,YAAY,CAAC,UAAU,CAAC,SAAS,CAAC,EAAE,CAAC;gBACvC,MAAM,YAAY,GAAG,YAAY,CAAC,KAAK,CAAC,SAAS,CAAC,MAAM,CAAC,IAAI,GAAG,CAAA;gBAChE,MAAM,YAAY,GAAG,IAAI,GAAG,CAAC,YAAY,EAAE,GAAG,CAAC,MAAM,CAAC,CAAA;gBACtD,YAAY,CAAC,MAAM,GAAG,GAAG,CAAC,MAAM,CAAA;gBAEhC,MAAM,gBAAgB,GAAG,IAAI,OAAO,CAAC,YAAY,CAAC,QAAQ,EAAE,EAAE;oBAC5D,MAAM,EAAE,OAAO,CAAC,MAAM;oBACtB,OAAO,EAAE,OAAO,CAAC,OAAO;oBACxB,IAAI,EAAE,OAAO,CAAC,IAAI;oBAClB,oEAAoE;oBACpE,kEAAkE;oBAClE,oEAAoE;oBACpE,oEAAoE;oBACpE,MAAM,EAAE,MAAM;iBACf,CAAC,CAAA;gBAEF,OAAO,MAAM,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAA;YACxC,CAAC;YAED,OAAO,MAAM,CAAC,MAAM,CAAC,OAAO,CAAC,CAAA;QAC/B,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,OAAO,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;YAChE,MAAM,KAAK,GAAG,GAAG,YAAY,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,CAAC,CAAC,SAAS,CAAA;YAC1D,OAAO,CAAC,KAAK,CAAC,iDAAiD,OAAO,EAAE,EAAE,KAAK,CAAC,CAAA;YAEhF,MAAM,KAAK,GAAG,OAAO,CAAC,GAAG,CAAC,QAAQ,KAAK,YAAY,CAAA;YACnD,OAAO,IAAI,QAAQ,CACjB,IAAI,CAAC,SAAS,CAAC;gBACb,KAAK,EAAE,oBAAoB;gBAC3B,GAAG,CAAC,KAAK,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC;aACzC,CAAC,EACF;gBACE,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;aAChD,CACF,CAAA;QACH,CAAC;IACH,CAAC;AACH,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"handlers.d.ts","sourceRoot":"","sources":["../../src/api/handlers.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;
|
|
1
|
+
{"version":3,"file":"handlers.d.ts","sourceRoot":"","sources":["../../src/api/handlers.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,SAAS,EAAE,MAAM,aAAa,CAAA;AA8/B5C,iFAAiF;AACjF,wBAAgB,wBAAwB,IAAI,IAAI,CAE/C;AA8JD,wBAAgB,iBAAiB,CAAC,YAAY,EAAE,MAAM,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAS9E;AAkQD,wBAAgB,iBAAiB,CAAC,MAAM,EAAE,SAAS,GAAG,IAAI,CAuoUzD"}
|
package/dist/api/handlers.js
CHANGED
|
@@ -23,8 +23,13 @@ import { schedulingCronHandler } from '../scheduling/index.js';
|
|
|
23
23
|
import { isAuthorizedCronRequest, processCleanup, processSeoScan } from '../cron/index.js';
|
|
24
24
|
import { processContentHealthScan } from '../content-health/cron.js';
|
|
25
25
|
import { verifyCaptcha, getCaptchaConfig } from '../security/captcha.js';
|
|
26
|
-
import { listForms as listFormsService, getFormById as getFormByIdService, createForm as createFormService, updateForm as updateFormService, duplicateForm as duplicateFormService, deleteForm as deleteFormService, saveFormSchema as saveFormSchemaService, getFormSchema as getFormSchemaService, getNotificationSettings as getFormNotificationSettingsService, updateNotificationSettings as updateFormNotificationSettingsService, setNotifyEnabled as setFormNotifyEnabledService, getEmbedSettings as getFormEmbedSettingsService, updateEmbedSettings as updateFormEmbedSettingsService, getFormStats as getFormStatsService, getFormsSidebarCounts as getFormsSidebarCountsService, FormNotFoundError, FormValidationError, FormConflictError, FormHasSubmissionsError, } from '../forms/service.js';
|
|
26
|
+
import { listForms as listFormsService, getFormById as getFormByIdService, getFormBySlug as getFormBySlugService, createForm as createFormService, updateForm as updateFormService, duplicateForm as duplicateFormService, deleteForm as deleteFormService, saveFormSchema as saveFormSchemaService, getFormSchema as getFormSchemaService, getNotificationSettings as getFormNotificationSettingsService, updateNotificationSettings as updateFormNotificationSettingsService, setNotifyEnabled as setFormNotifyEnabledService, getEmbedSettings as getFormEmbedSettingsService, updateEmbedSettings as updateFormEmbedSettingsService, getFormStats as getFormStatsService, getFormsSidebarCounts as getFormsSidebarCountsService, FormNotFoundError, FormValidationError, FormConflictError, FormHasSubmissionsError, } from '../forms/service.js';
|
|
27
27
|
import { listEntries as listEntriesService, getEntryWithSchema as getEntryWithSchemaService, getEntryCounts as getEntryCountsService, updateEntry as updateEntryService, bulkUpdateEntries as bulkUpdateEntriesService, deleteEntry as deleteEntryService, } from '../forms/entries.js';
|
|
28
|
+
import { processSubmission, buildPublicForm, SubmissionValidationError, } from '../forms/submission.js';
|
|
29
|
+
import { validateSubmissionFiles, FORM_UPLOAD_ALLOWED_MIME_TYPES, DEFAULT_MAX_FILE_BYTES, } from '../forms/files.js';
|
|
30
|
+
import { resolveSubmissionFields } from '../forms/submission.js';
|
|
31
|
+
import { createFormWebhook, listFormWebhooks, updateFormWebhook, deleteFormWebhook, testFormWebhook, FormWebhookError, } from '../forms/webhooks.js';
|
|
32
|
+
import { sendFormNotifications } from '../forms/notify.js';
|
|
28
33
|
import { checkForUpdates } from '../upgrade/version-check.js';
|
|
29
34
|
import { createUpgradePR } from '../upgrade/upgrade-pr.js';
|
|
30
35
|
import { encryptField, decryptField } from '../security/encrypted-fields.js';
|
|
@@ -287,6 +292,8 @@ function mapFormError(err) {
|
|
|
287
292
|
if (err instanceof FormHasSubmissionsError) {
|
|
288
293
|
return json({ error: err.message, code: 'FORM_HAS_SUBMISSIONS', submissionCount: err.submissionCount }, 409);
|
|
289
294
|
}
|
|
295
|
+
if (err instanceof FormWebhookError)
|
|
296
|
+
return errorResponse(err.message, err.status);
|
|
290
297
|
return null;
|
|
291
298
|
}
|
|
292
299
|
function parseFormsQuery(url) {
|
|
@@ -332,6 +339,228 @@ function parseEntriesQuery(url) {
|
|
|
332
339
|
pageSize: sp.get('pageSize') ? Number(sp.get('pageSize')) : undefined,
|
|
333
340
|
};
|
|
334
341
|
}
|
|
342
|
+
// ─── Public form submission helpers ─────────────────────────────────────────
|
|
343
|
+
/**
|
|
344
|
+
* Build CORS headers for the public form endpoints. When the form has no
|
|
345
|
+
* embed allowlist we reflect the requesting origin (open embedding). When an
|
|
346
|
+
* allowlist is set we only echo the origin if it matches, so a disallowed site
|
|
347
|
+
* cannot read the response. Browser-level CORS is complemented by a hard
|
|
348
|
+
* server-side origin check in the submit handler.
|
|
349
|
+
*/
|
|
350
|
+
function formCorsHeaders(request, allowedDomains) {
|
|
351
|
+
const origin = request.headers.get('origin');
|
|
352
|
+
const headers = {
|
|
353
|
+
'Access-Control-Allow-Methods': 'GET, POST, OPTIONS',
|
|
354
|
+
'Access-Control-Allow-Headers': 'Content-Type, X-Requested-With',
|
|
355
|
+
'Access-Control-Max-Age': '600',
|
|
356
|
+
Vary: 'Origin',
|
|
357
|
+
};
|
|
358
|
+
if (!allowedDomains || allowedDomains.length === 0) {
|
|
359
|
+
headers['Access-Control-Allow-Origin'] = origin || '*';
|
|
360
|
+
}
|
|
361
|
+
else if (origin && isOriginAllowed(origin, allowedDomains)) {
|
|
362
|
+
headers['Access-Control-Allow-Origin'] = origin;
|
|
363
|
+
}
|
|
364
|
+
return headers;
|
|
365
|
+
}
|
|
366
|
+
function normalizeAllowedHost(domain) {
|
|
367
|
+
return domain
|
|
368
|
+
.trim()
|
|
369
|
+
.toLowerCase()
|
|
370
|
+
.replace(/^https?:\/\//, '')
|
|
371
|
+
.replace(/\/.*$/, '')
|
|
372
|
+
.replace(/^\*\./, '');
|
|
373
|
+
}
|
|
374
|
+
function isOriginAllowed(origin, allowedDomains) {
|
|
375
|
+
let host;
|
|
376
|
+
try {
|
|
377
|
+
host = new URL(origin).hostname.toLowerCase();
|
|
378
|
+
}
|
|
379
|
+
catch {
|
|
380
|
+
return false;
|
|
381
|
+
}
|
|
382
|
+
return allowedDomains
|
|
383
|
+
.map(normalizeAllowedHost)
|
|
384
|
+
.some((a) => a !== '' && (host === a || host.endsWith(`.${a}`)));
|
|
385
|
+
}
|
|
386
|
+
function jsonWithHeaders(data, status, extra) {
|
|
387
|
+
return new Response(JSON.stringify(data), {
|
|
388
|
+
status,
|
|
389
|
+
headers: { ...SECURITY_HEADERS, ...extra },
|
|
390
|
+
});
|
|
391
|
+
}
|
|
392
|
+
/**
|
|
393
|
+
* Parse a public submission request into field values, files, and metadata.
|
|
394
|
+
* Supports both `application/json` (no files) and `multipart/form-data`
|
|
395
|
+
* (files + fields). Unknown/oversized bodies are rejected by the caller's
|
|
396
|
+
* Content-Length gate before this runs.
|
|
397
|
+
*/
|
|
398
|
+
async function parseSubmissionRequest(request) {
|
|
399
|
+
const contentType = request.headers.get('content-type') ?? '';
|
|
400
|
+
if (contentType.includes('multipart/form-data')) {
|
|
401
|
+
const form = await request.formData();
|
|
402
|
+
const values = {};
|
|
403
|
+
const files = [];
|
|
404
|
+
let attribution = null;
|
|
405
|
+
let elapsedMs = null;
|
|
406
|
+
let pageUrl = null;
|
|
407
|
+
let captchaToken = '';
|
|
408
|
+
for (const [key, value] of form.entries()) {
|
|
409
|
+
if (typeof value === 'object' && value !== null && 'arrayBuffer' in value) {
|
|
410
|
+
const file = value;
|
|
411
|
+
if (file.size === 0 && !file.name)
|
|
412
|
+
continue;
|
|
413
|
+
const buffer = Buffer.from(await file.arrayBuffer());
|
|
414
|
+
files.push({
|
|
415
|
+
fieldKey: key,
|
|
416
|
+
fileName: file.name || 'file',
|
|
417
|
+
mimeType: file.type || 'application/octet-stream',
|
|
418
|
+
size: buffer.byteLength,
|
|
419
|
+
buffer,
|
|
420
|
+
});
|
|
421
|
+
continue;
|
|
422
|
+
}
|
|
423
|
+
const str = String(value);
|
|
424
|
+
if (key === '__attribution') {
|
|
425
|
+
attribution = safeJsonObject(str);
|
|
426
|
+
}
|
|
427
|
+
else if (key === '__elapsedMs') {
|
|
428
|
+
const n = Number(str);
|
|
429
|
+
elapsedMs = Number.isFinite(n) ? n : null;
|
|
430
|
+
}
|
|
431
|
+
else if (key === '__pageUrl') {
|
|
432
|
+
pageUrl = str || null;
|
|
433
|
+
}
|
|
434
|
+
else if (key === '__captchaToken' || key === 'captchaToken') {
|
|
435
|
+
captchaToken = str;
|
|
436
|
+
}
|
|
437
|
+
else if (Object.prototype.hasOwnProperty.call(values, key)) {
|
|
438
|
+
// Repeated keys (e.g. multi-checkbox) collapse into an array.
|
|
439
|
+
const existing = values[key];
|
|
440
|
+
values[key] = Array.isArray(existing) ? [...existing, str] : [existing, str];
|
|
441
|
+
}
|
|
442
|
+
else {
|
|
443
|
+
values[key] = str;
|
|
444
|
+
}
|
|
445
|
+
}
|
|
446
|
+
return { values, files, meta: { attribution, elapsedMs, pageUrl, captchaToken } };
|
|
447
|
+
}
|
|
448
|
+
// JSON body.
|
|
449
|
+
const body = (await request.json().catch(() => null));
|
|
450
|
+
if (!body)
|
|
451
|
+
return null;
|
|
452
|
+
const values = body.fields && typeof body.fields === 'object' && !Array.isArray(body.fields)
|
|
453
|
+
? body.fields
|
|
454
|
+
: null;
|
|
455
|
+
if (!values)
|
|
456
|
+
return null;
|
|
457
|
+
return {
|
|
458
|
+
values,
|
|
459
|
+
files: [],
|
|
460
|
+
meta: {
|
|
461
|
+
attribution: safeJsonObject(body.attribution),
|
|
462
|
+
elapsedMs: typeof body.elapsedMs === 'number' && Number.isFinite(body.elapsedMs)
|
|
463
|
+
? body.elapsedMs
|
|
464
|
+
: null,
|
|
465
|
+
pageUrl: typeof body.pageUrl === 'string' ? body.pageUrl : null,
|
|
466
|
+
captchaToken: typeof body.captchaToken === 'string' ? body.captchaToken : '',
|
|
467
|
+
},
|
|
468
|
+
};
|
|
469
|
+
}
|
|
470
|
+
function safeJsonObject(value) {
|
|
471
|
+
if (value && typeof value === 'object' && !Array.isArray(value)) {
|
|
472
|
+
return value;
|
|
473
|
+
}
|
|
474
|
+
if (typeof value === 'string' && value.trim()) {
|
|
475
|
+
try {
|
|
476
|
+
const parsed = JSON.parse(value);
|
|
477
|
+
if (parsed && typeof parsed === 'object' && !Array.isArray(parsed)) {
|
|
478
|
+
return parsed;
|
|
479
|
+
}
|
|
480
|
+
}
|
|
481
|
+
catch {
|
|
482
|
+
/* ignore malformed attribution blob */
|
|
483
|
+
}
|
|
484
|
+
}
|
|
485
|
+
return null;
|
|
486
|
+
}
|
|
487
|
+
/**
|
|
488
|
+
* Shared public-submission handler used by both the slug-based public route and
|
|
489
|
+
* the legacy by-id route. Enforces per-IP+form rate limiting, embed-origin
|
|
490
|
+
* allowlisting, optional CAPTCHA, file validation, then runs the core
|
|
491
|
+
* submission pipeline. Always responds with CORS headers so embedded forms can
|
|
492
|
+
* read the result.
|
|
493
|
+
*/
|
|
494
|
+
async function submitToForm(request, form) {
|
|
495
|
+
const allowedDomains = form.embedSettings?.allowedDomains;
|
|
496
|
+
const cors = formCorsHeaders(request, allowedDomains);
|
|
497
|
+
const ip = getClientIp(request);
|
|
498
|
+
const rlKey = isResolvedIp(ip) ? `formsubmit:${ip}:${form.id}` : `formsubmit:_unknown:${form.id}`;
|
|
499
|
+
if (!(await checkRateLimitAsync(formLimiterGlobal, rlKey))) {
|
|
500
|
+
return jsonWithHeaders({ error: 'Too many submissions. Please try again later.' }, 429, cors);
|
|
501
|
+
}
|
|
502
|
+
// Hard server-side origin check when an embed allowlist is configured —
|
|
503
|
+
// browser CORS alone does not prevent a non-browser client from posting.
|
|
504
|
+
if (allowedDomains && allowedDomains.length > 0) {
|
|
505
|
+
const origin = request.headers.get('origin');
|
|
506
|
+
if (origin && !isOriginAllowed(origin, allowedDomains)) {
|
|
507
|
+
return jsonWithHeaders({ error: 'This form cannot be submitted from this origin.' }, 403, cors);
|
|
508
|
+
}
|
|
509
|
+
}
|
|
510
|
+
const parsed = await parseSubmissionRequest(request);
|
|
511
|
+
if (!parsed) {
|
|
512
|
+
return jsonWithHeaders({ error: 'Invalid or missing submission body.' }, 400, cors);
|
|
513
|
+
}
|
|
514
|
+
const captchaConfig = getCaptchaConfig();
|
|
515
|
+
if (captchaConfig.provider !== 'none') {
|
|
516
|
+
const result = await verifyCaptcha(parsed.meta.captchaToken, captchaConfig, isResolvedIp(ip) ? ip : undefined);
|
|
517
|
+
if (!result.success) {
|
|
518
|
+
return jsonWithHeaders({ error: 'CAPTCHA verification failed. Please try again.' }, 403, cors);
|
|
519
|
+
}
|
|
520
|
+
}
|
|
521
|
+
if (parsed.files.length > 0) {
|
|
522
|
+
const fileCfg = getActuateConfig()?.forms?.fileUpload;
|
|
523
|
+
if (fileCfg?.enabled === false) {
|
|
524
|
+
return jsonWithHeaders({ error: 'File uploads are not enabled for this site.' }, 400, cors);
|
|
525
|
+
}
|
|
526
|
+
const { fields } = await resolveSubmissionFields(form);
|
|
527
|
+
const fileCheck = validateSubmissionFiles(fields, parsed.files, {
|
|
528
|
+
maxSizeBytes: fileCfg?.maxSizeMB ? fileCfg.maxSizeMB * 1024 * 1024 : DEFAULT_MAX_FILE_BYTES,
|
|
529
|
+
allowedMimeTypes: fileCfg?.allowedMimeTypes ?? FORM_UPLOAD_ALLOWED_MIME_TYPES,
|
|
530
|
+
});
|
|
531
|
+
if (!fileCheck.ok) {
|
|
532
|
+
return jsonWithHeaders({ error: 'File validation failed.', code: 'INVALID_FILES', details: fileCheck.errors }, 422, cors);
|
|
533
|
+
}
|
|
534
|
+
}
|
|
535
|
+
const ctx = {
|
|
536
|
+
values: parsed.values,
|
|
537
|
+
files: parsed.files,
|
|
538
|
+
ip,
|
|
539
|
+
userAgent: request.headers.get('user-agent'),
|
|
540
|
+
referrer: request.headers.get('referer'),
|
|
541
|
+
origin: request.headers.get('origin'),
|
|
542
|
+
pageUrl: parsed.meta.pageUrl,
|
|
543
|
+
attribution: parsed.meta.attribution,
|
|
544
|
+
elapsedMs: parsed.meta.elapsedMs,
|
|
545
|
+
};
|
|
546
|
+
try {
|
|
547
|
+
const result = await processSubmission(form, ctx);
|
|
548
|
+
return jsonWithHeaders({
|
|
549
|
+
data: {
|
|
550
|
+
success: true,
|
|
551
|
+
submissionId: result.submissionId,
|
|
552
|
+
entryNumber: result.entryNumber,
|
|
553
|
+
confirmation: result.confirmation,
|
|
554
|
+
},
|
|
555
|
+
}, 201, cors);
|
|
556
|
+
}
|
|
557
|
+
catch (err) {
|
|
558
|
+
if (err instanceof SubmissionValidationError) {
|
|
559
|
+
return jsonWithHeaders({ error: 'Validation failed.', code: 'VALIDATION_ERROR', details: err.fieldErrors }, 422, cors);
|
|
560
|
+
}
|
|
561
|
+
return internalError(err);
|
|
562
|
+
}
|
|
563
|
+
}
|
|
335
564
|
function normalizeRedirect(redirect) {
|
|
336
565
|
return {
|
|
337
566
|
...redirect,
|
|
@@ -4094,66 +4323,60 @@ export function registerCMSRoutes(router) {
|
|
|
4094
4323
|
return internalError(err);
|
|
4095
4324
|
}
|
|
4096
4325
|
});
|
|
4097
|
-
|
|
4326
|
+
// Public, unauthenticated form schema — what an embedded form needs to render.
|
|
4327
|
+
// CSRF-exempt and CORS-enabled (see handler-factory + formCorsHeaders).
|
|
4328
|
+
router.options('/public/forms/:slug', async (request, params) => {
|
|
4329
|
+
const form = await getFormBySlugService(params.slug).catch(() => null);
|
|
4330
|
+
return new Response(null, {
|
|
4331
|
+
status: 204,
|
|
4332
|
+
headers: formCorsHeaders(request, form?.embedSettings?.allowedDomains),
|
|
4333
|
+
});
|
|
4334
|
+
});
|
|
4335
|
+
router.get('/public/forms/:slug', async (request, params) => {
|
|
4098
4336
|
try {
|
|
4099
|
-
const
|
|
4100
|
-
if (!
|
|
4101
|
-
return
|
|
4337
|
+
const form = await getFormBySlugService(params.slug);
|
|
4338
|
+
if (!form || form.status !== 'active') {
|
|
4339
|
+
return jsonWithHeaders({ error: 'Form not found' }, 404, formCorsHeaders(request));
|
|
4102
4340
|
}
|
|
4103
|
-
const
|
|
4104
|
-
const
|
|
4105
|
-
|
|
4341
|
+
const cors = formCorsHeaders(request, form.embedSettings?.allowedDomains);
|
|
4342
|
+
const { fields, versionId } = await resolveSubmissionFields(form);
|
|
4343
|
+
const captcha = getCaptchaConfig();
|
|
4344
|
+
const publicForm = buildPublicForm(form, fields, versionId, {
|
|
4345
|
+
captcha: { provider: captcha.provider, siteKey: captcha.siteKey },
|
|
4106
4346
|
});
|
|
4107
|
-
|
|
4108
|
-
|
|
4109
|
-
|
|
4110
|
-
|
|
4111
|
-
|
|
4112
|
-
|
|
4113
|
-
|
|
4347
|
+
return jsonWithHeaders({ data: publicForm }, 200, cors);
|
|
4348
|
+
}
|
|
4349
|
+
catch (err) {
|
|
4350
|
+
return internalError(err);
|
|
4351
|
+
}
|
|
4352
|
+
});
|
|
4353
|
+
router.options('/public/forms/:slug/submit', async (request, params) => {
|
|
4354
|
+
const form = await getFormBySlugService(params.slug).catch(() => null);
|
|
4355
|
+
return new Response(null, {
|
|
4356
|
+
status: 204,
|
|
4357
|
+
headers: formCorsHeaders(request, form?.embedSettings?.allowedDomains),
|
|
4358
|
+
});
|
|
4359
|
+
});
|
|
4360
|
+
router.post('/public/forms/:slug/submit', async (request, params) => {
|
|
4361
|
+
try {
|
|
4362
|
+
const form = await getFormBySlugService(params.slug);
|
|
4363
|
+
if (!form || form.status !== 'active') {
|
|
4364
|
+
return jsonWithHeaders({ error: 'Form not found' }, 404, formCorsHeaders(request));
|
|
4114
4365
|
}
|
|
4115
|
-
|
|
4116
|
-
|
|
4117
|
-
|
|
4118
|
-
|
|
4119
|
-
|
|
4120
|
-
|
|
4121
|
-
|
|
4366
|
+
return submitToForm(request, form);
|
|
4367
|
+
}
|
|
4368
|
+
catch (err) {
|
|
4369
|
+
return internalError(err);
|
|
4370
|
+
}
|
|
4371
|
+
});
|
|
4372
|
+
// Legacy by-id submission endpoint — same pipeline, kept for existing embeds.
|
|
4373
|
+
router.post('/forms/:id/submit', async (request, params) => {
|
|
4374
|
+
try {
|
|
4375
|
+
const form = await getFormByIdService(params.id);
|
|
4376
|
+
if (!form || form.status !== 'active') {
|
|
4377
|
+
return jsonWithHeaders({ error: 'Form not found' }, 404, formCorsHeaders(request));
|
|
4122
4378
|
}
|
|
4123
|
-
|
|
4124
|
-
data: {
|
|
4125
|
-
formId,
|
|
4126
|
-
data: body.fields,
|
|
4127
|
-
attribution: body.attribution ?? null,
|
|
4128
|
-
submittedAt: new Date(),
|
|
4129
|
-
},
|
|
4130
|
-
});
|
|
4131
|
-
(async () => {
|
|
4132
|
-
try {
|
|
4133
|
-
const config = getActuateConfig();
|
|
4134
|
-
const hooks = (config?._pluginHooks ?? []);
|
|
4135
|
-
const formHooks = hooks.filter((h) => h?.event === 'afterCreate:form-submissions');
|
|
4136
|
-
for (const hook of formHooks) {
|
|
4137
|
-
await hook.handler({ formId, data: body.fields });
|
|
4138
|
-
}
|
|
4139
|
-
}
|
|
4140
|
-
catch (hookErr) {
|
|
4141
|
-
console.error('[cms] Form hook error:', hookErr);
|
|
4142
|
-
}
|
|
4143
|
-
})();
|
|
4144
|
-
const confirmation = formData.confirmation ?? {
|
|
4145
|
-
type: 'message',
|
|
4146
|
-
message: 'Thank you! Your submission has been received.',
|
|
4147
|
-
};
|
|
4148
|
-
const analytics = formData.analytics ?? null;
|
|
4149
|
-
return json({
|
|
4150
|
-
data: {
|
|
4151
|
-
success: true,
|
|
4152
|
-
submissionId: submission.id,
|
|
4153
|
-
confirmation,
|
|
4154
|
-
analytics,
|
|
4155
|
-
},
|
|
4156
|
-
}, 201);
|
|
4379
|
+
return submitToForm(request, form);
|
|
4157
4380
|
}
|
|
4158
4381
|
catch (err) {
|
|
4159
4382
|
return internalError(err);
|
|
@@ -4501,6 +4724,147 @@ export function registerCMSRoutes(router) {
|
|
|
4501
4724
|
return mapFormError(err) ?? internalError(err);
|
|
4502
4725
|
}
|
|
4503
4726
|
});
|
|
4727
|
+
// ── Per-form webhooks (CRUD + test) ──────────────────────────────────────
|
|
4728
|
+
router.get('/forms/:id/webhooks', async (request, params) => {
|
|
4729
|
+
try {
|
|
4730
|
+
const auth = await requireAuth(request);
|
|
4731
|
+
if (auth.error)
|
|
4732
|
+
return auth.error;
|
|
4733
|
+
const roleErr = requireRole(auth.session.role, WRITE_ROLES);
|
|
4734
|
+
if (roleErr)
|
|
4735
|
+
return roleErr;
|
|
4736
|
+
const form = await getFormByIdService(params.id);
|
|
4737
|
+
if (!form)
|
|
4738
|
+
return errorResponse('Form not found', 404);
|
|
4739
|
+
const webhooks = await listFormWebhooks(params.id);
|
|
4740
|
+
return json({ data: webhooks });
|
|
4741
|
+
}
|
|
4742
|
+
catch (err) {
|
|
4743
|
+
return mapFormError(err) ?? internalError(err);
|
|
4744
|
+
}
|
|
4745
|
+
});
|
|
4746
|
+
router.post('/forms/:id/webhooks', async (request, params) => {
|
|
4747
|
+
try {
|
|
4748
|
+
const auth = await requireAuth(request);
|
|
4749
|
+
if (auth.error)
|
|
4750
|
+
return auth.error;
|
|
4751
|
+
const roleErr = requireRole(auth.session.role, WRITE_ROLES);
|
|
4752
|
+
if (roleErr)
|
|
4753
|
+
return roleErr;
|
|
4754
|
+
const form = await getFormByIdService(params.id);
|
|
4755
|
+
if (!form)
|
|
4756
|
+
return errorResponse('Form not found', 404);
|
|
4757
|
+
const body = (await request.json().catch(() => ({})));
|
|
4758
|
+
if (!body.url || typeof body.url !== 'string') {
|
|
4759
|
+
return errorResponse('A webhook url is required', 400);
|
|
4760
|
+
}
|
|
4761
|
+
const ctx = buildActionContext(auth.session, db());
|
|
4762
|
+
const webhook = await createFormWebhook(ctx, params.id, body);
|
|
4763
|
+
// The plaintext secret is returned exactly once here, on creation.
|
|
4764
|
+
return json({ data: webhook }, 201);
|
|
4765
|
+
}
|
|
4766
|
+
catch (err) {
|
|
4767
|
+
return mapFormError(err) ?? internalError(err);
|
|
4768
|
+
}
|
|
4769
|
+
});
|
|
4770
|
+
router.patch('/forms/:id/webhooks/:webhookId', async (request, params) => {
|
|
4771
|
+
try {
|
|
4772
|
+
const auth = await requireAuth(request);
|
|
4773
|
+
if (auth.error)
|
|
4774
|
+
return auth.error;
|
|
4775
|
+
const roleErr = requireRole(auth.session.role, WRITE_ROLES);
|
|
4776
|
+
if (roleErr)
|
|
4777
|
+
return roleErr;
|
|
4778
|
+
const body = (await request.json().catch(() => ({})));
|
|
4779
|
+
const ctx = buildActionContext(auth.session, db());
|
|
4780
|
+
const webhook = await updateFormWebhook(ctx, params.webhookId, body);
|
|
4781
|
+
return json({ data: webhook });
|
|
4782
|
+
}
|
|
4783
|
+
catch (err) {
|
|
4784
|
+
return mapFormError(err) ?? internalError(err);
|
|
4785
|
+
}
|
|
4786
|
+
});
|
|
4787
|
+
router.delete('/forms/:id/webhooks/:webhookId', async (request, params) => {
|
|
4788
|
+
try {
|
|
4789
|
+
const auth = await requireAuth(request);
|
|
4790
|
+
if (auth.error)
|
|
4791
|
+
return auth.error;
|
|
4792
|
+
const roleErr = requireRole(auth.session.role, WRITE_ROLES);
|
|
4793
|
+
if (roleErr)
|
|
4794
|
+
return roleErr;
|
|
4795
|
+
const ctx = buildActionContext(auth.session, db());
|
|
4796
|
+
await deleteFormWebhook(ctx, params.webhookId);
|
|
4797
|
+
return json({ data: { success: true } });
|
|
4798
|
+
}
|
|
4799
|
+
catch (err) {
|
|
4800
|
+
return mapFormError(err) ?? internalError(err);
|
|
4801
|
+
}
|
|
4802
|
+
});
|
|
4803
|
+
router.post('/forms/:id/webhooks/:webhookId/test', async (request, params) => {
|
|
4804
|
+
try {
|
|
4805
|
+
const auth = await requireAuth(request);
|
|
4806
|
+
if (auth.error)
|
|
4807
|
+
return auth.error;
|
|
4808
|
+
const roleErr = requireRole(auth.session.role, WRITE_ROLES);
|
|
4809
|
+
if (roleErr)
|
|
4810
|
+
return roleErr;
|
|
4811
|
+
const ctx = buildActionContext(auth.session, db());
|
|
4812
|
+
const result = await testFormWebhook(ctx, params.webhookId);
|
|
4813
|
+
return json({ data: result });
|
|
4814
|
+
}
|
|
4815
|
+
catch (err) {
|
|
4816
|
+
return mapFormError(err) ?? internalError(err);
|
|
4817
|
+
}
|
|
4818
|
+
});
|
|
4819
|
+
// ── Test notification email ──────────────────────────────────────────────
|
|
4820
|
+
router.post('/forms/:id/notifications/test', async (request, params) => {
|
|
4821
|
+
try {
|
|
4822
|
+
const auth = await requireAuth(request);
|
|
4823
|
+
if (auth.error)
|
|
4824
|
+
return auth.error;
|
|
4825
|
+
const roleErr = requireRole(auth.session.role, WRITE_ROLES);
|
|
4826
|
+
if (roleErr)
|
|
4827
|
+
return roleErr;
|
|
4828
|
+
const form = await getFormByIdService(params.id);
|
|
4829
|
+
if (!form)
|
|
4830
|
+
return errorResponse('Form not found', 404);
|
|
4831
|
+
const settings = await getFormNotificationSettingsService(params.id);
|
|
4832
|
+
const primaryRecipient = (settings?.recipients ?? [])[0];
|
|
4833
|
+
if (!settings?.enabled || !primaryRecipient) {
|
|
4834
|
+
return errorResponse('Configure at least one recipient before sending a test', 400);
|
|
4835
|
+
}
|
|
4836
|
+
// Sample values so operators see a realistic email. The autoresponder is
|
|
4837
|
+
// suppressed for tests so we never email an arbitrary sample address.
|
|
4838
|
+
const fields = form.fields ?? [];
|
|
4839
|
+
const sampleData = {};
|
|
4840
|
+
for (const field of fields) {
|
|
4841
|
+
if (field.type === 'honeypot' || field.type === 'divider' || field.type === 'richtext') {
|
|
4842
|
+
continue;
|
|
4843
|
+
}
|
|
4844
|
+
if (field.type === 'email')
|
|
4845
|
+
sampleData[field.key] = primaryRecipient;
|
|
4846
|
+
else if (field.type === 'checkbox' || field.type === 'consent')
|
|
4847
|
+
sampleData[field.key] = true;
|
|
4848
|
+
else
|
|
4849
|
+
sampleData[field.key] = `Sample ${field.label || field.key}`;
|
|
4850
|
+
}
|
|
4851
|
+
const ctx = {
|
|
4852
|
+
formId: form.id,
|
|
4853
|
+
formName: form.name,
|
|
4854
|
+
entryNumber: null,
|
|
4855
|
+
submittedAt: new Date().toISOString(),
|
|
4856
|
+
fields,
|
|
4857
|
+
data: sampleData,
|
|
4858
|
+
senderName: 'Test Submission',
|
|
4859
|
+
senderEmail: primaryRecipient,
|
|
4860
|
+
};
|
|
4861
|
+
const result = await sendFormNotifications({ ...settings, autoresponderEnabled: false }, ctx);
|
|
4862
|
+
return json({ data: result });
|
|
4863
|
+
}
|
|
4864
|
+
catch (err) {
|
|
4865
|
+
return mapFormError(err) ?? internalError(err);
|
|
4866
|
+
}
|
|
4867
|
+
});
|
|
4504
4868
|
// ---------------------------------------------------------------------------
|
|
4505
4869
|
// Redirects routes
|
|
4506
4870
|
// ---------------------------------------------------------------------------
|