npm - @aphexcms/cms-core - Versions diffs - 0.1.10 → 0.1.11 - Mend

@aphexcms/cms-core 0.1.10 → 0.1.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (351) hide show

package/package.json +2 -2
package/src/lib/api/assets.ts +75 -0
package/src/lib/api/client.ts +150 -0
package/src/lib/api/documents.ts +102 -0
package/src/lib/api/index.ts +7 -0
package/src/lib/api/organizations.ts +154 -0
package/src/lib/api/types.ts +34 -0
package/src/lib/auth/auth-errors.ts +23 -0
package/src/lib/auth/auth-hooks.ts +132 -0
package/src/lib/auth/provider.ts +25 -0
package/{dist/client/index.js → src/lib/client/index.ts} +18 -7
package/{dist → src/lib}/components/AdminApp.svelte +43 -11
package/{dist/components/index.js → src/lib/components/index.ts} +5 -1
package/src/lib/config.ts +18 -0
package/{dist/db/adapters/index.js → src/lib/db/adapters/index.ts} +0 -1
package/{dist/db/index.js → src/lib/db/index.ts} +2 -1
package/src/lib/db/interfaces/asset.ts +61 -0
package/src/lib/db/interfaces/document.ts +53 -0
package/src/lib/db/interfaces/index.ts +98 -0
package/src/lib/db/interfaces/organization.ts +51 -0
package/src/lib/db/interfaces/schema.ts +13 -0
package/src/lib/db/interfaces/user.ts +16 -0
package/src/lib/db/utils/reference-resolver.ts +119 -0
package/src/lib/define.ts +7 -0
package/{dist/email/index.js → src/lib/email/index.ts} +2 -1
package/src/lib/email/interfaces/email.ts +45 -0
package/src/lib/engine.ts +85 -0
package/src/lib/field-validation/rule.ts +287 -0
package/src/lib/field-validation/utils.ts +91 -0
package/src/lib/hooks.ts +142 -0
package/{dist/index.js → src/lib/index.ts} +2 -1
package/{dist/is-mobile.svelte.js → src/lib/is-mobile.svelte.ts} +5 -3
package/src/lib/routes/assets-by-id.ts +161 -0
package/src/lib/routes/assets-cdn.ts +185 -0
package/src/lib/routes/assets.ts +116 -0
package/src/lib/routes/documents-by-id.ts +188 -0
package/src/lib/routes/documents-publish.ts +211 -0
package/src/lib/routes/documents.ts +172 -0
package/src/lib/routes/index.ts +13 -0
package/src/lib/routes/organizations-by-id.ts +258 -0
package/src/lib/routes/organizations-invitations.ts +183 -0
package/src/lib/routes/organizations-members.ts +301 -0
package/src/lib/routes/organizations-switch.ts +74 -0
package/src/lib/routes/organizations.ts +147 -0
package/src/lib/routes/schemas-by-type.ts +35 -0
package/src/lib/routes/schemas.ts +19 -0
package/src/lib/routes-exports.ts +42 -0
package/src/lib/schema-context.svelte.ts +24 -0
package/src/lib/schema-utils/cleanup.ts +116 -0
package/src/lib/schema-utils/index.ts +4 -0
package/src/lib/schema-utils/utils.ts +47 -0
package/src/lib/schema-utils/validator.ts +58 -0
package/src/lib/server/index.ts +40 -0
package/src/lib/services/asset-service.ts +256 -0
package/src/lib/services/index.ts +6 -0
package/src/lib/storage/adapters/index.ts +2 -0
package/src/lib/storage/adapters/local-storage-adapter.ts +215 -0
package/{dist/storage/index.js → src/lib/storage/index.ts} +4 -2
package/src/lib/storage/interfaces/index.ts +2 -0
package/src/lib/storage/interfaces/storage.ts +114 -0
package/src/lib/storage/providers/storage.ts +83 -0
package/src/lib/types/asset.ts +81 -0
package/src/lib/types/auth.ts +80 -0
package/src/lib/types/config.ts +45 -0
package/src/lib/types/document.ts +38 -0
package/src/lib/types/index.ts +8 -0
package/src/lib/types/organization.ts +119 -0
package/src/lib/types/schemas.ts +156 -0
package/src/lib/types/sidebar.ts +37 -0
package/src/lib/types/user.ts +17 -0
package/src/lib/utils/content-hash.ts +75 -0
package/src/lib/utils/image-url.ts +204 -0
package/src/lib/utils/index.ts +12 -0
package/src/lib/utils/slug.ts +33 -0
package/src/lib/utils.ts +13 -0
package/dist/api/assets.d.ts +0 -48
package/dist/api/assets.d.ts.map +0 -1
package/dist/api/assets.js +0 -52
package/dist/api/client.d.ts +0 -37
package/dist/api/client.d.ts.map +0 -1
package/dist/api/client.js +0 -125
package/dist/api/documents.d.ts +0 -56
package/dist/api/documents.d.ts.map +0 -1
package/dist/api/documents.js +0 -77
package/dist/api/index.d.ts +0 -7
package/dist/api/index.d.ts.map +0 -1
package/dist/api/index.js +0 -5
package/dist/api/organizations.d.ts +0 -101
package/dist/api/organizations.d.ts.map +0 -1
package/dist/api/organizations.js +0 -92
package/dist/api/types.d.ts +0 -23
package/dist/api/types.d.ts.map +0 -1
package/dist/api/types.js +0 -1
package/dist/auth/auth-errors.d.ts +0 -7
package/dist/auth/auth-errors.d.ts.map +0 -1
package/dist/auth/auth-errors.js +0 -13
package/dist/auth/auth-hooks.d.ts +0 -6
package/dist/auth/auth-hooks.d.ts.map +0 -1
package/dist/auth/auth-hooks.js +0 -108
package/dist/auth/provider.d.ts +0 -17
package/dist/auth/provider.d.ts.map +0 -1
package/dist/auth/provider.js +0 -1
package/dist/client/index.d.ts +0 -24
package/dist/client/index.d.ts.map +0 -1
package/dist/components/AdminApp.svelte.d.ts +0 -24
package/dist/components/AdminApp.svelte.d.ts.map +0 -1
package/dist/components/admin/AdminLayout.svelte.d.ts +0 -15
package/dist/components/admin/AdminLayout.svelte.d.ts.map +0 -1
package/dist/components/admin/DocumentEditor.svelte.d.ts +0 -18
package/dist/components/admin/DocumentEditor.svelte.d.ts.map +0 -1
package/dist/components/admin/DocumentTypesList.svelte.d.ts +0 -14
package/dist/components/admin/DocumentTypesList.svelte.d.ts.map +0 -1
package/dist/components/admin/ObjectModal.svelte.d.ts +0 -15
package/dist/components/admin/ObjectModal.svelte.d.ts.map +0 -1
package/dist/components/admin/SchemaField.svelte.d.ts +0 -19
package/dist/components/admin/SchemaField.svelte.d.ts.map +0 -1
package/dist/components/admin/fields/ArrayField.svelte.d.ts +0 -12
package/dist/components/admin/fields/ArrayField.svelte.d.ts.map +0 -1
package/dist/components/admin/fields/BooleanField.svelte.d.ts +0 -13
package/dist/components/admin/fields/BooleanField.svelte.d.ts.map +0 -1
package/dist/components/admin/fields/ImageField.svelte.d.ts +0 -15
package/dist/components/admin/fields/ImageField.svelte.d.ts.map +0 -1
package/dist/components/admin/fields/NumberField.svelte.d.ts +0 -14
package/dist/components/admin/fields/NumberField.svelte.d.ts.map +0 -1
package/dist/components/admin/fields/ReferenceField.svelte.d.ts +0 -12
package/dist/components/admin/fields/ReferenceField.svelte.d.ts.map +0 -1
package/dist/components/admin/fields/SlugField.svelte.d.ts +0 -15
package/dist/components/admin/fields/SlugField.svelte.d.ts.map +0 -1
package/dist/components/admin/fields/StringField.svelte.d.ts +0 -14
package/dist/components/admin/fields/StringField.svelte.d.ts.map +0 -1
package/dist/components/admin/fields/TextareaField.svelte.d.ts +0 -14
package/dist/components/admin/fields/TextareaField.svelte.d.ts.map +0 -1
package/dist/components/fields/index.d.ts +0 -9
package/dist/components/fields/index.d.ts.map +0 -1
package/dist/components/index.d.ts +0 -7
package/dist/components/index.d.ts.map +0 -1
package/dist/components/layout/OrganizationSwitcher.svelte.d.ts +0 -11
package/dist/components/layout/OrganizationSwitcher.svelte.d.ts.map +0 -1
package/dist/components/layout/Sidebar.svelte.d.ts +0 -14
package/dist/components/layout/Sidebar.svelte.d.ts.map +0 -1
package/dist/components/layout/sidebar/AppSidebar.svelte.d.ts +0 -4
package/dist/components/layout/sidebar/AppSidebar.svelte.d.ts.map +0 -1
package/dist/components/layout/sidebar/NavMain.svelte.d.ts +0 -19
package/dist/components/layout/sidebar/NavMain.svelte.d.ts.map +0 -1
package/dist/components/layout/sidebar/NavSecondary.svelte.d.ts +0 -9
package/dist/components/layout/sidebar/NavSecondary.svelte.d.ts.map +0 -1
package/dist/components/layout/sidebar/NavUser.svelte.d.ts +0 -9
package/dist/components/layout/sidebar/NavUser.svelte.d.ts.map +0 -1
package/dist/config.d.ts +0 -3
package/dist/config.d.ts.map +0 -1
package/dist/config.js +0 -15
package/dist/db/adapters/index.d.ts +0 -1
package/dist/db/adapters/index.d.ts.map +0 -1
package/dist/db/index.d.ts +0 -2
package/dist/db/index.d.ts.map +0 -1
package/dist/db/interfaces/asset.d.ts +0 -51
package/dist/db/interfaces/asset.d.ts.map +0 -1
package/dist/db/interfaces/asset.js +0 -1
package/dist/db/interfaces/document.d.ts +0 -36
package/dist/db/interfaces/document.d.ts.map +0 -1
package/dist/db/interfaces/document.js +0 -1
package/dist/db/interfaces/index.d.ts +0 -73
package/dist/db/interfaces/index.d.ts.map +0 -1
package/dist/db/interfaces/index.js +0 -1
package/dist/db/interfaces/organization.d.ts +0 -27
package/dist/db/interfaces/organization.d.ts.map +0 -1
package/dist/db/interfaces/organization.js +0 -1
package/dist/db/interfaces/schema.d.ts +0 -21
package/dist/db/interfaces/schema.d.ts.map +0 -1
package/dist/db/interfaces/schema.js +0 -1
package/dist/db/interfaces/user.d.ts +0 -15
package/dist/db/interfaces/user.d.ts.map +0 -1
package/dist/db/interfaces/user.js +0 -1
package/dist/db/utils/reference-resolver.d.ts +0 -18
package/dist/db/utils/reference-resolver.d.ts.map +0 -1
package/dist/db/utils/reference-resolver.js +0 -80
package/dist/define.d.ts +0 -3
package/dist/define.d.ts.map +0 -1
package/dist/define.js +0 -4
package/dist/email/index.d.ts +0 -2
package/dist/email/index.d.ts.map +0 -1
package/dist/email/interfaces/email.d.ts +0 -42
package/dist/email/interfaces/email.d.ts.map +0 -1
package/dist/email/interfaces/email.js +0 -1
package/dist/engine.d.ts +0 -26
package/dist/engine.d.ts.map +0 -1
package/dist/engine.js +0 -66
package/dist/field-validation/rule.d.ts +0 -51
package/dist/field-validation/rule.d.ts.map +0 -1
package/dist/field-validation/rule.js +0 -221
package/dist/field-validation/utils.d.ts +0 -21
package/dist/field-validation/utils.d.ts.map +0 -1
package/dist/field-validation/utils.js +0 -66
package/dist/hooks.d.ts +0 -23
package/dist/hooks.d.ts.map +0 -1
package/dist/hooks.js +0 -96
package/dist/index.d.ts +0 -2
package/dist/index.d.ts.map +0 -1
package/dist/is-mobile.svelte.d.ts +0 -5
package/dist/is-mobile.svelte.d.ts.map +0 -1
package/dist/routes/assets-by-id.d.ts +0 -5
package/dist/routes/assets-by-id.d.ts.map +0 -1
package/dist/routes/assets-by-id.js +0 -138
package/dist/routes/assets-cdn.d.ts +0 -3
package/dist/routes/assets-cdn.d.ts.map +0 -1
package/dist/routes/assets-cdn.js +0 -155
package/dist/routes/assets.d.ts +0 -4
package/dist/routes/assets.d.ts.map +0 -1
package/dist/routes/assets.js +0 -94
package/dist/routes/documents-by-id.d.ts +0 -5
package/dist/routes/documents-by-id.d.ts.map +0 -1
package/dist/routes/documents-by-id.js +0 -142
package/dist/routes/documents-publish.d.ts +0 -4
package/dist/routes/documents-publish.d.ts.map +0 -1
package/dist/routes/documents-publish.js +0 -151
package/dist/routes/documents.d.ts +0 -4
package/dist/routes/documents.d.ts.map +0 -1
package/dist/routes/documents.js +0 -131
package/dist/routes/index.d.ts +0 -6
package/dist/routes/index.d.ts.map +0 -1
package/dist/routes/index.js +0 -10
package/dist/routes/organizations-by-id.d.ts +0 -5
package/dist/routes/organizations-by-id.d.ts.map +0 -1
package/dist/routes/organizations-by-id.js +0 -187
package/dist/routes/organizations-invitations.d.ts +0 -4
package/dist/routes/organizations-invitations.d.ts.map +0 -1
package/dist/routes/organizations-invitations.js +0 -125
package/dist/routes/organizations-members.d.ts +0 -5
package/dist/routes/organizations-members.d.ts.map +0 -1
package/dist/routes/organizations-members.js +0 -206
package/dist/routes/organizations-switch.d.ts +0 -3
package/dist/routes/organizations-switch.d.ts.map +0 -1
package/dist/routes/organizations-switch.js +0 -53
package/dist/routes/organizations.d.ts +0 -4
package/dist/routes/organizations.d.ts.map +0 -1
package/dist/routes/organizations.js +0 -109
package/dist/routes/schemas-by-type.d.ts +0 -3
package/dist/routes/schemas-by-type.d.ts.map +0 -1
package/dist/routes/schemas-by-type.js +0 -25
package/dist/routes/schemas.d.ts +0 -3
package/dist/routes/schemas.d.ts.map +0 -1
package/dist/routes/schemas.js +0 -11
package/dist/routes-exports.d.ts +0 -14
package/dist/routes-exports.d.ts.map +0 -1
package/dist/routes-exports.js +0 -19
package/dist/schema-context.svelte.d.ts +0 -10
package/dist/schema-context.svelte.d.ts.map +0 -1
package/dist/schema-context.svelte.js +0 -18
package/dist/schema-utils/cleanup.d.ts +0 -21
package/dist/schema-utils/cleanup.d.ts.map +0 -1
package/dist/schema-utils/cleanup.js +0 -80
package/dist/schema-utils/index.d.ts +0 -4
package/dist/schema-utils/index.d.ts.map +0 -1
package/dist/schema-utils/index.js +0 -4
package/dist/schema-utils/utils.d.ts +0 -30
package/dist/schema-utils/utils.d.ts.map +0 -1
package/dist/schema-utils/utils.js +0 -37
package/dist/schema-utils/validator.d.ts +0 -6
package/dist/schema-utils/validator.d.ts.map +0 -1
package/dist/schema-utils/validator.js +0 -45
package/dist/server/index.d.ts +0 -16
package/dist/server/index.d.ts.map +0 -1
package/dist/server/index.js +0 -28
package/dist/services/asset-service.d.ts +0 -86
package/dist/services/asset-service.d.ts.map +0 -1
package/dist/services/asset-service.js +0 -187
package/dist/services/index.d.ts +0 -3
package/dist/services/index.d.ts.map +0 -1
package/dist/services/index.js +0 -4
package/dist/storage/adapters/index.d.ts +0 -2
package/dist/storage/adapters/index.d.ts.map +0 -1
package/dist/storage/adapters/index.js +0 -2
package/dist/storage/adapters/local-storage-adapter.d.ts +0 -54
package/dist/storage/adapters/local-storage-adapter.d.ts.map +0 -1
package/dist/storage/adapters/local-storage-adapter.js +0 -187
package/dist/storage/index.d.ts +0 -3
package/dist/storage/index.d.ts.map +0 -1
package/dist/storage/interfaces/index.d.ts +0 -2
package/dist/storage/interfaces/index.d.ts.map +0 -1
package/dist/storage/interfaces/index.js +0 -2
package/dist/storage/interfaces/storage.d.ts +0 -91
package/dist/storage/interfaces/storage.d.ts.map +0 -1
package/dist/storage/interfaces/storage.js +0 -1
package/dist/storage/providers/storage.d.ts +0 -43
package/dist/storage/providers/storage.d.ts.map +0 -1
package/dist/storage/providers/storage.js +0 -64
package/dist/types/asset.d.ts +0 -73
package/dist/types/asset.d.ts.map +0 -1
package/dist/types/asset.js +0 -2
package/dist/types/auth.d.ts +0 -50
package/dist/types/auth.d.ts.map +0 -1
package/dist/types/auth.js +0 -41
package/dist/types/config.d.ts +0 -47
package/dist/types/config.d.ts.map +0 -1
package/dist/types/config.js +0 -1
package/dist/types/document.d.ts +0 -34
package/dist/types/document.d.ts.map +0 -1
package/dist/types/document.js +0 -1
package/dist/types/index.d.ts +0 -9
package/dist/types/index.d.ts.map +0 -1
package/dist/types/index.js +0 -8
package/dist/types/organization.d.ts +0 -105
package/dist/types/organization.d.ts.map +0 -1
package/dist/types/organization.js +0 -3
package/dist/types/schemas.d.ts +0 -114
package/dist/types/schemas.d.ts.map +0 -1
package/dist/types/schemas.js +0 -1
package/dist/types/sidebar.d.ts +0 -33
package/dist/types/sidebar.d.ts.map +0 -1
package/dist/types/sidebar.js +0 -1
package/dist/types/user.d.ts +0 -14
package/dist/types/user.d.ts.map +0 -1
package/dist/types/user.js +0 -1
package/dist/utils/content-hash.d.ts +0 -22
package/dist/utils/content-hash.d.ts.map +0 -1
package/dist/utils/content-hash.js +0 -67
package/dist/utils/image-url.d.ts +0 -88
package/dist/utils/image-url.d.ts.map +0 -1
package/dist/utils/image-url.js +0 -165
package/dist/utils/index.d.ts +0 -6
package/dist/utils/index.d.ts.map +0 -1
package/dist/utils/index.js +0 -9
package/dist/utils/slug.d.ts +0 -13
package/dist/utils/slug.d.ts.map +0 -1
package/dist/utils/slug.js +0 -30
package/dist/utils.d.ts +0 -13
package/dist/utils.d.ts.map +0 -1
package/dist/utils.js +0 -5
/package/{dist → src/lib}/app.d.ts +0 -0
/package/{dist → src/lib}/auth/MULTI_TENANCY_PLAN.md +0 -0
/package/{dist → src/lib}/components/admin/AdminLayout.svelte +0 -0
/package/{dist → src/lib}/components/admin/DocumentEditor.svelte +0 -0
/package/{dist → src/lib}/components/admin/DocumentTypesList.svelte +0 -0
/package/{dist → src/lib}/components/admin/ObjectModal.svelte +0 -0
/package/{dist → src/lib}/components/admin/SchemaField.svelte +0 -0
/package/{dist → src/lib}/components/admin/fields/ArrayField.svelte +0 -0
/package/{dist → src/lib}/components/admin/fields/BooleanField.svelte +0 -0
/package/{dist → src/lib}/components/admin/fields/ImageField.svelte +0 -0
/package/{dist → src/lib}/components/admin/fields/NumberField.svelte +0 -0
/package/{dist → src/lib}/components/admin/fields/ReferenceField.svelte +0 -0
/package/{dist → src/lib}/components/admin/fields/SlugField.svelte +0 -0
/package/{dist → src/lib}/components/admin/fields/StringField.svelte +0 -0
/package/{dist → src/lib}/components/admin/fields/TextareaField.svelte +0 -0
/package/{dist/components/fields/index.js → src/lib/components/fields/index.ts} +0 -0
/package/{dist → src/lib}/components/layout/OrganizationSwitcher.svelte +0 -0
/package/{dist → src/lib}/components/layout/Sidebar.svelte +0 -0
/package/{dist → src/lib}/components/layout/sidebar/AppSidebar.svelte +0 -0
/package/{dist → src/lib}/components/layout/sidebar/NavMain.svelte +0 -0
/package/{dist → src/lib}/components/layout/sidebar/NavSecondary.svelte +0 -0
/package/{dist → src/lib}/components/layout/sidebar/NavUser.svelte +0 -0
/package/{dist → src/lib}/plugins/README.md +0 -0

package/src/lib/routes/organizations-invitations.ts ADDED Viewed

@@ -0,0 +1,183 @@
+// Aphex CMS Organization Invitations API Handlers
+import { json } from '@sveltejs/kit';
+import type { RequestHandler } from '@sveltejs/kit';
+// POST /api/organizations/invitations - Create/send an invitation
+export const POST: RequestHandler = async ({ request, locals }) => {
+	try {
+		const { databaseAdapter } = locals.aphexCMS;
+		const auth = locals.auth;
+		if (!auth || auth.type !== 'session') {
+			return json(
+				{
+					success: false,
+					error: 'Unauthorized',
+					message: 'Session authentication required'
+				},
+				{ status: 401 }
+			);
+		}
+		// Only owners and admins can invite members
+		if (auth.organizationRole !== 'owner' && auth.organizationRole !== 'admin') {
+			return json(
+				{
+					success: false,
+					error: 'Forbidden',
+					message: 'Only owners and admins can invite members'
+				},
+				{ status: 403 }
+			);
+		}
+		const body = await request.json();
+		if (!body.email || !body.role) {
+			return json(
+				{
+					success: false,
+					error: 'Missing required fields',
+					message: 'email and role are required'
+				},
+				{ status: 400 }
+			);
+		}
+		// Validate role
+		const validRoles = ['admin', 'editor', 'viewer'];
+		if (!validRoles.includes(body.role)) {
+			return json(
+				{
+					success: false,
+					error: 'Invalid role',
+					message: 'Role must be one of: admin, editor, viewer'
+				},
+				{ status: 400 }
+			);
+		}
+		// Check if there's already a pending invitation for this email
+		const existingInvitations = await databaseAdapter.findOrganizationInvitations(
+			auth.organizationId
+		);
+		const pendingInvitation = existingInvitations.find(
+			(inv) => inv.email.toLowerCase() === body.email.toLowerCase() && inv.acceptedAt === null
+		);
+		if (pendingInvitation) {
+			return json(
+				{
+					success: false,
+					error: 'Already invited',
+					message: 'This email has already been invited to the organization'
+				},
+				{ status: 400 }
+			);
+		}
+		// Generate a unique invitation token
+		const token = crypto.randomUUID();
+		// Create invitation - will auto-join when user signs up
+		const invitation = await databaseAdapter.createInvitation({
+			organizationId: auth.organizationId,
+			email: body.email.toLowerCase(),
+			role: body.role,
+			invitedBy: auth.user.id,
+			token,
+			expiresAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000) // 7 days
+		});
+		return json(
+			{
+				success: true,
+				data: invitation,
+				message: 'Invitation sent successfully. User will automatically join when they sign up.'
+			},
+			{ status: 201 }
+		);
+	} catch (error) {
+		console.error('Failed to create invitation:', error);
+		return json(
+			{
+				success: false,
+				error: 'Failed to create invitation',
+				message: error instanceof Error ? error.message : 'Unknown error'
+			},
+			{ status: 500 }
+		);
+	}
+};
+// DELETE /api/organizations/invitations - Cancel an invitation
+export const DELETE: RequestHandler = async ({ request, locals }) => {
+	try {
+		const { databaseAdapter } = locals.aphexCMS;
+		const auth = locals.auth;
+		if (!auth || auth.type !== 'session') {
+			return json(
+				{
+					success: false,
+					error: 'Unauthorized',
+					message: 'Session authentication required'
+				},
+				{ status: 401 }
+			);
+		}
+		// Only owners and admins can cancel invitations
+		if (auth.organizationRole !== 'owner' && auth.organizationRole !== 'admin') {
+			return json(
+				{
+					success: false,
+					error: 'Forbidden',
+					message: 'Only owners and admins can cancel invitations'
+				},
+				{ status: 403 }
+			);
+		}
+		const body = await request.json();
+		if (!body.invitationId) {
+			return json(
+				{
+					success: false,
+					error: 'Missing required field',
+					message: 'invitationId is required'
+				},
+				{ status: 400 }
+			);
+		}
+		// Delete the invitation
+		const deleted = await databaseAdapter.deleteInvitation(body.invitationId);
+		if (!deleted) {
+			return json(
+				{
+					success: false,
+					error: 'Invitation not found'
+				},
+				{ status: 404 }
+			);
+		}
+		return json({
+			success: true,
+			message: 'Invitation canceled successfully'
+		});
+	} catch (error) {
+		console.error('Failed to cancel invitation:', error);
+		return json(
+			{
+				success: false,
+				error: 'Failed to cancel invitation',
+				message: error instanceof Error ? error.message : 'Unknown error'
+			},
+			{ status: 500 }
+		);
+	}
+};

package/src/lib/routes/organizations-members.ts ADDED Viewed

@@ -0,0 +1,301 @@
+// Aphex CMS Organization Members API Handlers
+import { json } from '@sveltejs/kit';
+import type { RequestHandler } from '@sveltejs/kit';
+// GET /api/organizations/members - List organization members
+export const GET: RequestHandler = async ({ locals }) => {
+	try {
+		const { databaseAdapter } = locals.aphexCMS;
+		const auth = locals.auth;
+		if (!auth || auth.type !== 'session') {
+			return json(
+				{
+					success: false,
+					error: 'Unauthorized',
+					message: 'Session authentication required'
+				},
+				{ status: 401 }
+			);
+		}
+		// Get members of the current active organization
+		const members = await databaseAdapter.findOrganizationMembers(auth.organizationId);
+		return json({
+			success: true,
+			data: members
+		});
+	} catch (error) {
+		console.error('Failed to fetch organization members:', error);
+		return json(
+			{
+				success: false,
+				error: 'Failed to fetch members',
+				message: error instanceof Error ? error.message : 'Unknown error'
+			},
+			{ status: 500 }
+		);
+	}
+};
+// DELETE /api/organizations/members - Remove a member
+export const DELETE: RequestHandler = async ({ request, locals }) => {
+	try {
+		const { databaseAdapter } = locals.aphexCMS;
+		const auth = locals.auth;
+		if (!auth || auth.type !== 'session') {
+			return json(
+				{
+					success: false,
+					error: 'Unauthorized',
+					message: 'Session authentication required'
+				},
+				{ status: 401 }
+			);
+		}
+		// Only owners and admins can remove members
+		if (auth.organizationRole !== 'owner' && auth.organizationRole !== 'admin') {
+			return json(
+				{
+					success: false,
+					error: 'Forbidden',
+					message: 'Only owners and admins can remove members'
+				},
+				{ status: 403 }
+			);
+		}
+		const body = await request.json();
+		if (!body.userId) {
+			return json(
+				{
+					success: false,
+					error: 'Missing required field',
+					message: 'userId is required'
+				},
+				{ status: 400 }
+			);
+		}
+		// Prevent removing yourself
+		if (body.userId === auth.user.id) {
+			return json(
+				{
+					success: false,
+					error: 'Invalid operation',
+					message: 'You cannot remove yourself from the organization'
+				},
+				{ status: 400 }
+			);
+		}
+		// Get the target member's role
+		const targetMember = await databaseAdapter.findUserMembership(body.userId, auth.organizationId);
+		if (!targetMember) {
+			return json(
+				{
+					success: false,
+					error: 'Member not found',
+					message: 'User is not a member of this organization'
+				},
+				{ status: 404 }
+			);
+		}
+		// Admins cannot remove owners
+		if (auth.organizationRole === 'admin' && targetMember.role === 'owner') {
+			return json(
+				{
+					success: false,
+					error: 'Forbidden',
+					message: 'Admins cannot remove owners'
+				},
+				{ status: 403 }
+			);
+		}
+		// Remove the member
+		const removed = await databaseAdapter.removeMember(auth.organizationId, body.userId);
+		if (!removed) {
+			return json(
+				{
+					success: false,
+					error: 'Failed to remove member'
+				},
+				{ status: 500 }
+			);
+		}
+		// Clear the user's session if their active org is the one they were removed from
+		const userSession = await databaseAdapter.findUserSession(body.userId);
+		if (userSession?.activeOrganizationId === auth.organizationId) {
+			console.log(
+				`[Organizations]: Clearing user session for ${body.userId} - removed from active org ${auth.organizationId}`
+			);
+			// Check if user has other organizations
+			const otherOrgs = await databaseAdapter.findUserOrganizations(body.userId);
+			if (otherOrgs.length > 0 && otherOrgs[0]) {
+				// Set their first remaining org as active
+				await databaseAdapter.updateUserSession(body.userId, otherOrgs[0].organization.id);
+				console.log(
+					`[Organizations]: Set org ${otherOrgs[0].organization.id} as new active org for ${body.userId}`
+				);
+			} else {
+				// No other orgs - delete the session so invitations can be processed on next login
+				await databaseAdapter.deleteUserSession(body.userId);
+				console.log(
+					`[Organizations]: Deleted user session for ${body.userId} - no remaining organizations`
+				);
+			}
+		}
+		return json({
+			success: true,
+			message: 'Member removed successfully'
+		});
+	} catch (error) {
+		console.error('Failed to remove member:', error);
+		return json(
+			{
+				success: false,
+				error: 'Failed to remove member',
+				message: error instanceof Error ? error.message : 'Unknown error'
+			},
+			{ status: 500 }
+		);
+	}
+};
+// PATCH /api/organizations/members - Update member role
+export const PATCH: RequestHandler = async ({ request, locals }) => {
+	try {
+		const { databaseAdapter } = locals.aphexCMS;
+		const auth = locals.auth;
+		if (!auth || auth.type !== 'session') {
+			return json(
+				{
+					success: false,
+					error: 'Unauthorized',
+					message: 'Session authentication required'
+				},
+				{ status: 401 }
+			);
+		}
+		// Only owners and admins can update roles
+		if (auth.organizationRole !== 'owner' && auth.organizationRole !== 'admin') {
+			return json(
+				{
+					success: false,
+					error: 'Forbidden',
+					message: 'Only owners and admins can update member roles'
+				},
+				{ status: 403 }
+			);
+		}
+		const body = await request.json();
+		if (!body.userId || !body.role) {
+			return json(
+				{
+					success: false,
+					error: 'Missing required fields',
+					message: 'userId and role are required'
+				},
+				{ status: 400 }
+			);
+		}
+		// Validate role
+		const validRoles = ['owner', 'admin', 'editor', 'viewer'];
+		if (!validRoles.includes(body.role)) {
+			return json(
+				{
+					success: false,
+					error: 'Invalid role',
+					message: 'Role must be one of: owner, admin, editor, viewer'
+				},
+				{ status: 400 }
+			);
+		}
+		// Prevent changing your own role
+		if (body.userId === auth.user.id) {
+			return json(
+				{
+					success: false,
+					error: 'Invalid operation',
+					message: 'You cannot change your own role'
+				},
+				{ status: 400 }
+			);
+		}
+		// Get the target member's current role
+		const targetMember = await databaseAdapter.findUserMembership(body.userId, auth.organizationId);
+		if (!targetMember) {
+			return json(
+				{
+					success: false,
+					error: 'Member not found',
+					message: 'User is not a member of this organization'
+				},
+				{ status: 404 }
+			);
+		}
+		// Admins cannot modify owners
+		if (auth.organizationRole === 'admin' && targetMember.role === 'owner') {
+			return json(
+				{
+					success: false,
+					error: 'Forbidden',
+					message: 'Admins cannot modify owner roles'
+				},
+				{ status: 403 }
+			);
+		}
+		// Update the role
+		const updatedMember = await databaseAdapter.updateMemberRole(
+			auth.organizationId,
+			body.userId,
+			body.role
+		);
+		if (!updatedMember) {
+			return json(
+				{
+					success: false,
+					error: 'Failed to update role'
+				},
+				{ status: 500 }
+			);
+		}
+		return json({
+			success: true,
+			data: updatedMember
+		});
+	} catch (error) {
+		console.error('Failed to update member role:', error);
+		return json(
+			{
+				success: false,
+				error: 'Failed to update role',
+				message: error instanceof Error ? error.message : 'Unknown error'
+			},
+			{ status: 500 }
+		);
+	}
+};

package/src/lib/routes/organizations-switch.ts ADDED Viewed

@@ -0,0 +1,74 @@
+// Aphex CMS Organization Switch API Handler
+import { json } from '@sveltejs/kit';
+import type { RequestHandler } from '@sveltejs/kit';
+// POST /api/organizations/switch - Switch active organization
+export const POST: RequestHandler = async ({ request, locals }) => {
+	try {
+		const { databaseAdapter } = locals.aphexCMS;
+		const auth = locals.auth;
+		if (!auth || auth.type !== 'session') {
+			return json(
+				{
+					success: false,
+					error: 'Unauthorized',
+					message: 'Session authentication required'
+				},
+				{ status: 401 }
+			);
+		}
+		const body = await request.json();
+		if (!body.organizationId) {
+			return json(
+				{
+					success: false,
+					error: 'Missing required field',
+					message: 'organizationId is required'
+				},
+				{ status: 400 }
+			);
+		}
+		// Verify user is a member of the target organization
+		const membership = await databaseAdapter.findUserMembership(auth.user.id, body.organizationId);
+		if (!membership) {
+			return json(
+				{
+					success: false,
+					error: 'Access denied',
+					message: 'You are not a member of this organization'
+				},
+				{ status: 403 }
+			);
+		}
+		// Update user's active organization
+		await databaseAdapter.updateUserSession(auth.user.id, body.organizationId);
+		// Get the organization details
+		const organization = await databaseAdapter.findOrganizationById(body.organizationId);
+		return json({
+			success: true,
+			data: {
+				organizationId: body.organizationId,
+				organizationName: organization?.name,
+				role: membership.role
+			}
+		});
+	} catch (error) {
+		console.error('Failed to switch organization:', error);
+		return json(
+			{
+				success: false,
+				error: 'Failed to switch organization',
+				message: error instanceof Error ? error.message : 'Unknown error'
+			},
+			{ status: 500 }
+		);
+	}
+};

package/src/lib/routes/organizations.ts ADDED Viewed

@@ -0,0 +1,147 @@
+// Aphex CMS Organization API Handlers
+import { json } from '@sveltejs/kit';
+import type { RequestHandler } from '@sveltejs/kit';
+// GET /api/organizations - List user's organizations
+export const GET: RequestHandler = async ({ locals }) => {
+	try {
+		const { databaseAdapter } = locals.aphexCMS;
+		const auth = locals.auth;
+		if (!auth || auth.type !== 'session') {
+			return json(
+				{
+					success: false,
+					error: 'Unauthorized',
+					message: 'Session authentication required'
+				},
+				{ status: 401 }
+			);
+		}
+		// Get all organizations the user belongs to
+		const memberships = await databaseAdapter.findUserOrganizations(auth.user.id);
+		// Map to a cleaner format with organization details and user's role
+		const organizations = memberships.map((membership) => ({
+			id: membership.organization.id,
+			name: membership.organization.name,
+			slug: membership.organization.slug,
+			metadata: membership.organization.metadata,
+			role: membership.member.role,
+			joinedAt: membership.member.createdAt,
+			isActive: membership.organization.id === auth.organizationId
+		}));
+		return json({
+			success: true,
+			data: organizations
+		});
+	} catch (error) {
+		console.error('Failed to fetch organizations:', error);
+		return json(
+			{
+				success: false,
+				error: 'Failed to fetch organizations',
+				message: error instanceof Error ? error.message : 'Unknown error'
+			},
+			{ status: 500 }
+		);
+	}
+};
+// POST /api/organizations - Create new organization
+export const POST: RequestHandler = async ({ request, locals }) => {
+	try {
+		const { databaseAdapter } = locals.aphexCMS;
+		const auth = locals.auth;
+		if (!auth || auth.type !== 'session') {
+			return json(
+				{
+					success: false,
+					error: 'Unauthorized',
+					message: 'Session authentication required'
+				},
+				{ status: 401 }
+			);
+		}
+		// Only SUPER_ADMIN can create organizations
+		if (auth.user.role !== 'super_admin') {
+			return json(
+				{
+					success: false,
+					error: 'Forbidden',
+					message: 'Only super admins can create organizations'
+				},
+				{ status: 403 }
+			);
+		}
+		const body = await request.json();
+		// Validate required fields
+		if (!body.name || !body.slug) {
+			return json(
+				{
+					success: false,
+					error: 'Missing required fields',
+					message: 'Organization name and slug are required'
+				},
+				{ status: 400 }
+			);
+		}
+		// Check if slug is already taken
+		const existingOrg = await databaseAdapter.findOrganizationBySlug(body.slug);
+		if (existingOrg) {
+			return json(
+				{
+					success: false,
+					error: 'Slug already exists',
+					message: `Organization with slug '${body.slug}' already exists`
+				},
+				{ status: 409 }
+			);
+		}
+		// Create the organization with current active org as parent
+		// Note: Only supports 1-level hierarchy for performance
+		const newOrganization = await databaseAdapter.createOrganization({
+			name: body.name,
+			slug: body.slug,
+			metadata: body.metadata || null,
+			parentOrganizationId: auth.organizationId, // Current active org becomes parent
+			createdBy: auth.user.id
+		});
+		// Add the creator as owner
+		await databaseAdapter.addMember({
+			organizationId: newOrganization.id,
+			userId: auth.user.id,
+			role: 'owner'
+		});
+		// Set as active organization for this user
+		await databaseAdapter.updateUserSession(auth.user.id, newOrganization.id);
+		return json(
+			{
+				success: true,
+				data: newOrganization
+			},
+			{ status: 201 }
+		);
+	} catch (error) {
+		console.error('Failed to create organization:', error);
+		return json(
+			{
+				success: false,
+				error: 'Failed to create organization',
+				message: error instanceof Error ? error.message : 'Unknown error'
+			},
+			{ status: 500 }
+		);
+	}
+};