@aphexcms/cms-core 0.1.0 → 0.1.3

package/src/routes/documents-publish.ts

@@ -1,211 +0,0 @@
-// Aphex CMS Document Publish API Handlers
-import { json } from '@sveltejs/kit';
-import type { RequestHandler } from '@sveltejs/kit';
-import { validateField } from '../field-validation/utils.js';
-import { canWrite } from '../types/auth.js';
-
-// POST /api/documents/[id]/publish - Publish document
-export const POST: RequestHandler = async ({ params, locals }) => {
-	try {
-		const { databaseAdapter, cmsEngine } = locals.aphexCMS;
-		const auth = locals.auth;
-		const { id } = params;
-
-		if (!auth) {
-			return json(
-				{
-					success: false,
-					error: 'Unauthorized',
-					message: 'Authentication required'
-				},
-				{ status: 401 }
-			);
-		}
-
-		// Check write permissions (viewers are read-only)
-		if (!canWrite(auth)) {
-			return json(
-				{
-					success: false,
-					error: 'Forbidden',
-					message: 'You do not have permission to publish documents. Viewers have read-only access.'
-				},
-				{ status: 403 }
-			);
-		}
-
-		if (!id) {
-			return json(
-				{
-					success: false,
-					error: 'Missing document ID',
-					message: 'Document ID is required'
-				},
-				{ status: 400 }
-			);
-		}
-
-		// Get document to validate
-		const document = await databaseAdapter.findByDocId(auth.organizationId, id);
-		if (!document || !document.draftData) {
-			return json(
-				{
-					success: false,
-					error: 'Document not found or cannot be published',
-					message: 'Document may not exist or may not have draft content'
-				},
-				{ status: 404 }
-			);
-		}
-
-		// Get schema for validation (from config to preserve validation functions)
-		const schema = cmsEngine.getSchemaTypeByName(document.type);
-		if (!schema) {
-			return json(
-				{
-					success: false,
-					error: 'Invalid document type',
-					message: `Schema type '${document.type}' not found`
-				},
-				{ status: 400 }
-			);
-		}
-
-		// VALIDATE before publishing - block if errors exist
-		const validationErrors: Array<{ field: string; errors: string[] }> = [];
-
-		for (const field of schema.fields) {
-			const value = document.draftData[field.name];
-			const result = await validateField(field, value, document.draftData);
-
-			if (!result.isValid) {
-				const errorMessages = result.errors
-					.filter((e) => e.level === 'error')
-					.map((e) => e.message);
-
-				if (errorMessages.length > 0) {
-					validationErrors.push({
-						field: field.name,
-						errors: errorMessages
-					});
-				}
-			}
-		}
-
-		// Block publishing if validation errors exist
-		if (validationErrors.length > 0) {
-			return json(
-				{
-					success: false,
-					error: 'Cannot publish: validation errors',
-					message: 'Please fix all validation errors before publishing',
-					validationErrors
-				},
-				{ status: 400 }
-			);
-		}
-
-		// All validation passed - proceed with publish
-		const publishedDocument = await databaseAdapter.publishDoc(auth.organizationId, id);
-
-		if (!publishedDocument) {
-			return json(
-				{
-					success: false,
-					error: 'Document not found or cannot be published',
-					message: 'Document may not exist or may not have draft content'
-				},
-				{ status: 404 }
-			);
-		}
-
-		return json({
-			success: true,
-			data: publishedDocument,
-			message: 'Document published successfully'
-		});
-	} catch (error) {
-		console.error('Failed to publish document:', error);
-		return json(
-			{
-				success: false,
-				error: 'Failed to publish document',
-				message: error instanceof Error ? error.message : 'Unknown error'
-			},
-			{ status: 500 }
-		);
-	}
-};
-
-// DELETE /api/documents/[id]/publish - Unpublish document
-export const DELETE: RequestHandler = async ({ params, locals }) => {
-	try {
-		const { databaseAdapter } = locals.aphexCMS;
-		const auth = locals.auth;
-		const { id } = params;
-
-		if (!auth) {
-			return json(
-				{
-					success: false,
-					error: 'Unauthorized',
-					message: 'Authentication required'
-				},
-				{ status: 401 }
-			);
-		}
-
-		// Check write permissions (viewers are read-only)
-		if (!canWrite(auth)) {
-			return json(
-				{
-					success: false,
-					error: 'Forbidden',
-					message:
-						'You do not have permission to unpublish documents. Viewers have read-only access.'
-				},
-				{ status: 403 }
-			);
-		}
-
-		if (!id) {
-			return json(
-				{
-					success: false,
-					error: 'Missing document ID',
-					message: 'Document ID is required'
-				},
-				{ status: 400 }
-			);
-		}
-
-		const unpublishedDocument = await databaseAdapter.unpublishDoc(auth.organizationId, id);
-
-		if (!unpublishedDocument) {
-			return json(
-				{
-					success: false,
-					error: 'Document not found',
-					message: `No document found with ID: ${id}`
-				},
-				{ status: 404 }
-			);
-		}
-
-		return json({
-			success: true,
-			data: unpublishedDocument,
-			message: 'Document unpublished successfully'
-		});
-	} catch (error) {
-		console.error('Failed to unpublish document:', error);
-		return json(
-			{
-				success: false,
-				error: 'Failed to unpublish document',
-				message: error instanceof Error ? error.message : 'Unknown error'
-			},
-			{ status: 500 }
-		);
-	}
-};

package/src/routes/documents.ts

@@ -1,172 +0,0 @@
-// Aphex CMS Document API Handlers
-import { json } from '@sveltejs/kit';
-import type { RequestHandler } from '@sveltejs/kit';
-import { canWrite } from '../types/auth.js';
-
-// Default values for API
-const DEFAULT_API_LIMIT = 20;
-const DEFAULT_API_OFFSET = 0;
-
-// GET /api/documents - List documents with filtering
-export const GET: RequestHandler = async ({ url, locals }) => {
-	try {
-		const { databaseAdapter } = locals.aphexCMS;
-		const auth = locals.auth;
-
-		if (!auth) {
-			return json(
-				{
-					success: false,
-					error: 'Unauthorized',
-					message: 'Authentication required'
-				},
-				{ status: 401 }
-			);
-		}
-
-		const docType = url.searchParams.get('docType');
-		const status = url.searchParams.get('status') || undefined;
-		const limitParam = url.searchParams.get('limit');
-		const offsetParam = url.searchParams.get('offset');
-		const depthParam = url.searchParams.get('depth');
-		const organizationIdsParam = url.searchParams.get('organizationIds'); // Comma-separated list
-
-		// Parse with defaults
-		const limit = limitParam ? parseInt(limitParam) : DEFAULT_API_LIMIT;
-		const offset = offsetParam ? parseInt(offsetParam) : DEFAULT_API_OFFSET;
-		const depth = depthParam ? parseInt(depthParam) : 0;
-
-		// Parse organizationIds if provided
-		const filterOrganizationIds = organizationIdsParam
-			? organizationIdsParam
-					.split(',')
-					.map((id) => id.trim())
-					.filter(Boolean)
-			: undefined;
-
-		const filters = {
-			...(docType && { type: docType }),
-			...(status && { status }),
-			...(filterOrganizationIds && { filterOrganizationIds }),
-			limit: isNaN(limit) ? DEFAULT_API_LIMIT : limit,
-			offset: isNaN(offset) ? DEFAULT_API_OFFSET : offset,
-			depth: isNaN(depth) ? 0 : Math.max(0, Math.min(depth, 5)) // Clamp between 0-5 for safety
-		};
-		const documents = await databaseAdapter.findManyDoc(auth.organizationId, filters);
-
-		return json({
-			success: true,
-			data: documents,
-			meta: {
-				count: documents.length,
-				limit: filters.limit,
-				offset: filters.offset,
-				filters: {
-					docType,
-					status
-				}
-			}
-		});
-	} catch (error) {
-		console.error('Failed to fetch documents:', error);
-		return json(
-			{
-				success: false,
-				error: 'Failed to fetch documents',
-				message: error instanceof Error ? error.message : 'Unknown error'
-			},
-			{ status: 500 }
-		);
-	}
-};
-
-// POST /api/documents - Create new document
-export const POST: RequestHandler = async ({ request, locals }) => {
-	try {
-		const { databaseAdapter } = locals.aphexCMS;
-		const auth = locals.auth;
-
-		if (!auth) {
-			return json(
-				{
-					success: false,
-					error: 'Unauthorized',
-					message: 'Authentication required'
-				},
-				{ status: 401 }
-			);
-		}
-
-		// Check write permissions (viewers are read-only)
-		if (!canWrite(auth)) {
-			return json(
-				{
-					success: false,
-					error: 'Forbidden',
-					message: 'You do not have permission to create documents. Viewers have read-only access.'
-				},
-				{ status: 403 }
-			);
-		}
-
-		const body = await request.json();
-
-		// Validate required fields (support both old and new format)
-		const documentType = body.type;
-		const documentData = body.draftData || body.data;
-
-		if (!documentType || !documentData) {
-			return json(
-				{
-					success: false,
-					error: 'Missing required fields',
-					message: 'Document type and data are required'
-				},
-				{ status: 400 }
-			);
-		}
-
-		// Validate document type exists
-		const { cmsEngine } = locals.aphexCMS;
-		const schema = cmsEngine.getSchemaTypeByName(documentType);
-		if (!schema) {
-			return json(
-				{
-					success: false,
-					error: 'Invalid document type',
-					message: `Schema type '${documentType}' not found`
-				},
-				{ status: 400 }
-			);
-		}
-
-		// NO VALIDATION FOR DRAFTS - Sanity-style: drafts can have any state
-		// Validation only happens on publish
-
-		// Create document (always starts as draft)
-		const newDocument = await databaseAdapter.createDocument({
-			type: documentType,
-			draftData: documentData,
-			organizationId: auth.organizationId,
-			createdBy: auth.type === 'session' ? auth.user.id : undefined
-		});
-
-		return json(
-			{
-				success: true,
-				data: newDocument
-			},
-			{ status: 201 }
-		);
-	} catch (error) {
-		console.error('Failed to create document:', error);
-		return json(
-			{
-				success: false,
-				error: 'Failed to create document',
-				message: error instanceof Error ? error.message : 'Unknown error'
-			},
-			{ status: 500 }
-		);
-	}
-};

package/src/routes/index.ts

@@ -1,13 +0,0 @@
-// Aphex CMS API Route Handlers
-// These will be imported and re-exported by your app's API routes
-
-// Document management routes
-export * as documents from './documents.js';
-export * as documentsById from './documents-by-id.js';
-
-// Asset management routes
-export * as assets from './assets.js';
-
-// Schema information routes
-export * as schemas from './schemas.js';
-export * as schemasByType from './schemas-by-type.js';

package/src/routes/organizations-by-id.ts

@@ -1,258 +0,0 @@
-// Aphex CMS Organization by ID API Handlers
-import { json } from '@sveltejs/kit';
-import type { RequestHandler } from '@sveltejs/kit';
-
-// GET /api/organizations/[id] - Get organization by ID
-export const GET: RequestHandler = async ({ params, locals }) => {
-	try {
-		const { databaseAdapter } = locals.aphexCMS;
-		const auth = locals.auth;
-		const { id } = params;
-
-		if (!auth || auth.type !== 'session') {
-			return json(
-				{
-					success: false,
-					error: 'Unauthorized',
-					message: 'Session authentication required'
-				},
-				{ status: 401 }
-			);
-		}
-
-		if (!id) {
-			return json(
-				{
-					success: false,
-					error: 'Missing required field',
-					message: 'Organization ID is required'
-				},
-				{ status: 400 }
-			);
-		}
-
-		// Check if user is a member of this organization
-		const membership = await databaseAdapter.findUserMembership(auth.user.id, id);
-		if (!membership) {
-			return json(
-				{
-					success: false,
-					error: 'Forbidden',
-					message: 'You are not a member of this organization'
-				},
-				{ status: 403 }
-			);
-		}
-
-		const organization = await databaseAdapter.findOrganizationById(id);
-		if (!organization) {
-			return json(
-				{
-					success: false,
-					error: 'Organization not found'
-				},
-				{ status: 404 }
-			);
-		}
-
-		return json({
-			success: true,
-			data: organization
-		});
-	} catch (error) {
-		console.error('Failed to fetch organization:', error);
-		return json(
-			{
-				success: false,
-				error: 'Failed to fetch organization',
-				message: error instanceof Error ? error.message : 'Unknown error'
-			},
-			{ status: 500 }
-		);
-	}
-};
-
-// PATCH /api/organizations/[id] - Update organization
-export const PATCH: RequestHandler = async ({ params, request, locals }) => {
-	try {
-		const { databaseAdapter } = locals.aphexCMS;
-		const auth = locals.auth;
-		const { id } = params;
-
-		if (!auth || auth.type !== 'session') {
-			return json(
-				{
-					success: false,
-					error: 'Unauthorized',
-					message: 'Session authentication required'
-				},
-				{ status: 401 }
-			);
-		}
-
-		if (!id) {
-			return json(
-				{
-					success: false,
-					error: 'Missing required field',
-					message: 'Organization ID is required'
-				},
-				{ status: 400 }
-			);
-		}
-
-		// Check if user is owner or admin of this organization
-		const membership = await databaseAdapter.findUserMembership(auth.user.id, id);
-		if (!membership || (membership.role !== 'owner' && membership.role !== 'admin')) {
-			return json(
-				{
-					success: false,
-					error: 'Forbidden',
-					message: 'Only owners and admins can update organization settings'
-				},
-				{ status: 403 }
-			);
-		}
-
-		const body = await request.json();
-
-		// Validate: if slug is being changed, check it's not already taken
-		if (body.slug) {
-			const existingOrg = await databaseAdapter.findOrganizationBySlug(body.slug);
-			if (existingOrg && existingOrg.id !== id) {
-				return json(
-					{
-						success: false,
-						error: 'Slug already exists',
-						message: `Organization with slug '${body.slug}' already exists`
-					},
-					{ status: 409 }
-				);
-			}
-		}
-
-		// Update organization
-		const updateData: {
-			name?: string;
-			slug?: string;
-			metadata?: any;
-		} = {};
-
-		if (body.name !== undefined) updateData.name = body.name;
-		if (body.slug !== undefined) updateData.slug = body.slug;
-		if (body.metadata !== undefined) updateData.metadata = body.metadata;
-
-		const updatedOrganization = await databaseAdapter.updateOrganization(id, updateData);
-
-		if (!updatedOrganization) {
-			return json(
-				{
-					success: false,
-					error: 'Organization not found'
-				},
-				{ status: 404 }
-			);
-		}
-
-		return json({
-			success: true,
-			data: updatedOrganization
-		});
-	} catch (error) {
-		console.error('Failed to update organization:', error);
-		return json(
-			{
-				success: false,
-				error: 'Failed to update organization',
-				message: error instanceof Error ? error.message : 'Unknown error'
-			},
-			{ status: 500 }
-		);
-	}
-};
-
-// DELETE /api/organizations/[id] - Delete an organization
-export const DELETE: RequestHandler = async ({ params, locals }) => {
-	try {
-		const { databaseAdapter } = locals.aphexCMS;
-		const auth = locals.auth;
-		const { id } = params;
-
-		if (!auth || auth.type !== 'session') {
-			return json(
-				{
-					success: false,
-					error: 'Unauthorized',
-					message: 'Session authentication required'
-				},
-				{ status: 401 }
-			);
-		}
-
-		if (!id) {
-			return json(
-				{
-					success: false,
-					error: 'Missing required field',
-					message: 'Organization ID is required'
-				},
-				{ status: 400 }
-			);
-		}
-
-		// Only owners can delete an organization
-		const membership = await databaseAdapter.findUserMembership(auth.user.id, id);
-		if (!membership || membership.role !== 'owner') {
-			return json(
-				{
-					success: false,
-					error: 'Forbidden',
-					message: 'Only owners can delete an organization'
-				},
-				{ status: 403 }
-			);
-		}
-
-		// Get all members of the organization
-		const members = await databaseAdapter.findOrganizationMembers(id);
-
-		// Handle member lifecycle
-		for (const member of members) {
-			const userSession = await databaseAdapter.findUserSession(member.userId);
-			if (userSession?.activeOrganizationId === id) {
-				const otherOrgs = await databaseAdapter.findUserOrganizations(member.userId);
-				const remainingOrgs = otherOrgs.filter((org) => org.organization.id !== id);
-
-				if (remainingOrgs.length > 0 && remainingOrgs[0]) {
-					await databaseAdapter.updateUserSession(member.userId, remainingOrgs[0].organization.id);
-				} else {
-					await databaseAdapter.deleteUserSession(member.userId);
-				}
-			}
-		}
-
-		// Delete all members from the organization
-		await databaseAdapter.removeAllMembers(id);
-
-		// Delete all invitations for the organization
-		await databaseAdapter.removeAllInvitations(id);
-
-		// Delete the organization
-		await databaseAdapter.deleteOrganization(id);
-
-		return json({
-			success: true,
-			message: 'Organization deleted successfully'
-		});
-	} catch (error) {
-		console.error('Failed to delete organization:', error);
-		return json(
-			{
-				success: false,
-				error: 'Failed to delete organization',
-				message: error instanceof Error ? error.message : 'Unknown error'
-			},
-			{ status: 500 }
-		);
-	}
-};