@aphexcms/cms-core 0.1.12 → 0.1.14

package/dist/lib/field-validation/rule.js

@@ -0,0 +1,221 @@
+export class Rule {
+    _required = false;
+    // eslint-disable-next-line @typescript-eslint/no-explicit-any
+    _rules = [];
+    _level = 'error';
+    _message;
+    static FIELD_REF = Symbol('fieldReference');
+    static valueOfField(path) {
+        return {
+            __fieldReference: true,
+            path
+        };
+    }
+    valueOfField(path) {
+        return Rule.valueOfField(path);
+    }
+    required() {
+        const newRule = this.clone();
+        newRule._required = true;
+        return newRule;
+    }
+    optional() {
+        const newRule = this.clone();
+        newRule._required = false;
+        return newRule;
+    }
+    min(len) {
+        const newRule = this.clone();
+        newRule._rules.push({ type: 'min', constraint: len });
+        return newRule;
+    }
+    max(len) {
+        const newRule = this.clone();
+        newRule._rules.push({ type: 'max', constraint: len });
+        return newRule;
+    }
+    length(len) {
+        const newRule = this.clone();
+        newRule._rules.push({ type: 'length', constraint: len });
+        return newRule;
+    }
+    email() {
+        const newRule = this.clone();
+        newRule._rules.push({ type: 'email' });
+        return newRule;
+    }
+    uri(options) {
+        const newRule = this.clone();
+        newRule._rules.push({ type: 'uri', constraint: options });
+        return newRule;
+    }
+    regex(pattern, name) {
+        const newRule = this.clone();
+        newRule._rules.push({ type: 'regex', constraint: { pattern, name } });
+        return newRule;
+    }
+    positive() {
+        const newRule = this.clone();
+        newRule._rules.push({ type: 'positive' });
+        return newRule;
+    }
+    negative() {
+        const newRule = this.clone();
+        newRule._rules.push({ type: 'negative' });
+        return newRule;
+    }
+    integer() {
+        const newRule = this.clone();
+        newRule._rules.push({ type: 'integer' });
+        return newRule;
+    }
+    greaterThan(num) {
+        const newRule = this.clone();
+        newRule._rules.push({ type: 'greaterThan', constraint: num });
+        return newRule;
+    }
+    lessThan(num) {
+        const newRule = this.clone();
+        newRule._rules.push({ type: 'lessThan', constraint: num });
+        return newRule;
+    }
+    custom(fn) {
+        const newRule = this.clone();
+        newRule._rules.push({ type: 'custom', constraint: fn });
+        return newRule;
+    }
+    error(message) {
+        const newRule = this.clone();
+        newRule._level = 'error';
+        newRule._message = message;
+        return newRule;
+    }
+    warning(message) {
+        const newRule = this.clone();
+        newRule._level = 'warning';
+        newRule._message = message;
+        return newRule;
+    }
+    info(message) {
+        const newRule = this.clone();
+        newRule._level = 'info';
+        newRule._message = message;
+        return newRule;
+    }
+    clone() {
+        const newRule = new Rule();
+        newRule._required = this._required;
+        newRule._rules = [...this._rules];
+        newRule._level = this._level;
+        newRule._message = this._message;
+        return newRule;
+    }
+    async validate(value, context = {}) {
+        const markers = [];
+        // Check required
+        if (this._required && (value === undefined || value === null || value === '')) {
+            markers.push({
+                level: this._level,
+                message: this._message || 'Required',
+                path: context.path
+            });
+        }
+        // If value is empty and not required, skip other validations
+        if (!this._required && (value === undefined || value === null || value === '')) {
+            return markers;
+        }
+        // Run other validations
+        for (const rule of this._rules) {
+            try {
+                const result = await this.validateRule(rule, value, context);
+                if (result) {
+                    markers.push({
+                        level: this._level,
+                        message: this._message || result,
+                        path: context.path
+                    });
+                }
+            }
+            catch (error) {
+                markers.push({
+                    level: 'error',
+                    message: `Validation error: ${error instanceof Error ? error.message : 'Unknown error'}`,
+                    path: context.path
+                });
+            }
+        }
+        return markers;
+    }
+    async validateRule(rule, value, context) {
+        switch (rule.type) {
+            case 'min':
+                if (typeof value === 'string' && value.length < rule.constraint) {
+                    return `Must be at least ${rule.constraint} characters`;
+                }
+                if (typeof value === 'number' && value < rule.constraint) {
+                    return `Must be at least ${rule.constraint}`;
+                }
+                break;
+            case 'max':
+                if (typeof value === 'string' && value.length > rule.constraint) {
+                    return `Must be at most ${rule.constraint} characters`;
+                }
+                if (typeof value === 'number' && value > rule.constraint) {
+                    return `Must be at most ${rule.constraint}`;
+                }
+                break;
+            case 'email':
+                if (typeof value === 'string' && !/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(value)) {
+                    return 'Must be a valid email address';
+                }
+                break;
+            case 'uri':
+                if (typeof value === 'string') {
+                    try {
+                        new URL(value);
+                    }
+                    catch {
+                        return 'Must be a valid URL';
+                    }
+                }
+                break;
+            case 'regex':
+                if (typeof value === 'string' && !rule.constraint.pattern.test(value)) {
+                    return `Must match pattern${rule.constraint.name ? ` (${rule.constraint.name})` : ''}`;
+                }
+                break;
+            case 'positive':
+                if (typeof value === 'number' && value <= 0) {
+                    return 'Must be positive';
+                }
+                break;
+            case 'negative':
+                if (typeof value === 'number' && value >= 0) {
+                    return 'Must be negative';
+                }
+                break;
+            case 'integer':
+                if (typeof value === 'number' && !Number.isInteger(value)) {
+                    return 'Must be an integer';
+                }
+                break;
+            case 'custom': {
+                const customResult = await rule.constraint(value, context);
+                if (customResult === false) {
+                    return 'Validation failed';
+                }
+                if (typeof customResult === 'string') {
+                    return customResult;
+                }
+                if (Array.isArray(customResult) && customResult.length > 0) {
+                    return customResult[0].message;
+                }
+                break;
+            }
+        }
+        return null;
+    }
+    isRequired() {
+        return this._required;
+    }
+}

package/dist/lib/field-validation/utils.js

@@ -0,0 +1,99 @@
+import { Rule } from './rule.js';
+/**
+ * Check if a field is required based on its validation rules
+ */
+export function isFieldRequired(field) {
+    if (!field.validation)
+        return false;
+    try {
+        const validationFn = Array.isArray(field.validation) ? field.validation[0] : field.validation;
+        if (!validationFn)
+            return false;
+        const rule = validationFn(new Rule());
+        return rule.isRequired();
+    }
+    catch {
+        return false;
+    }
+}
+/**
+ * Validate a field value against its validation rules
+ */
+export async function validateField(field, value, context = {}) {
+    if (!field.validation) {
+        return { isValid: true, errors: [] };
+    }
+    try {
+        const validationFunctions = Array.isArray(field.validation)
+            ? field.validation
+            : [field.validation];
+        const allErrors = [];
+        for (const validationFn of validationFunctions) {
+            const rule = validationFn(new Rule());
+            if (!(rule instanceof Rule)) {
+                console.error(`Validation function for field "${field.name}" did not return a Rule object. Make sure you are chaining validation methods and returning the result.`);
+                continue;
+            }
+            const markers = await rule.validate(value, {
+                path: [field.name],
+                ...context
+            });
+            allErrors.push(...markers.map((marker) => ({
+                level: marker.level,
+                message: marker.message
+            })));
+        }
+        const isValid = allErrors.filter((e) => e.level === 'error').length === 0;
+        return { isValid, errors: allErrors };
+    }
+    catch (error) {
+        console.error('Validation error:', error);
+        return {
+            isValid: false,
+            errors: [{ level: 'error', message: 'Validation failed' }]
+        };
+    }
+}
+/**
+ * Get validation CSS classes for input styling
+ */
+export function getValidationClasses(hasErrors) {
+    if (hasErrors) {
+        return 'border-destructive border-2';
+    }
+    // No green styling for success - only show red for errors
+    return '';
+}
+/**
+ * Validate an entire document's data against a schema
+ * This function validates all fields in a schema against the provided data
+ * and returns any validation errors found.
+ *
+ * @param schema - The schema type containing field definitions
+ * @param data - The document data to validate
+ * @param context - Optional context to pass to field validators
+ * @returns Validation result with isValid flag and array of field errors
+ */
+export async function validateDocumentData(schema, data, context = {}) {
+    const validationErrors = [];
+    // Validate each field in the schema
+    for (const field of schema.fields) {
+        const value = data[field.name];
+        const result = await validateField(field, value, { ...context, ...data });
+        if (!result.isValid) {
+            const errorMessages = result.errors
+                .filter((e) => e.level === 'error')
+                .map((e) => e.message);
+            if (errorMessages.length > 0) {
+                validationErrors.push({
+                    field: field.name,
+                    errors: errorMessages
+                });
+            }
+        }
+    }
+    return {
+        isValid: validationErrors.length === 0,
+        errors: validationErrors
+    };
+}

package/dist/lib/storage/interfaces/index.js

@@ -0,0 +1,2 @@
+// Storage interfaces
+export * from './storage.js';

package/dist/lib/storage/interfaces/storage.js

@@ -0,0 +1 @@
+export {};

package/dist/lib/types/asset.js

@@ -0,0 +1,2 @@
+// types/asset.ts
+export {};

package/dist/lib/types/auth.js

@@ -0,0 +1,41 @@
+// Access control utilities
+/**
+ * Check if a user has write permissions based on their organization role
+ * Viewers have read-only access
+ */
+export function canWrite(auth) {
+    if (auth.type === 'api_key') {
+        return auth.permissions.includes('write');
+    }
+    // Viewers are read-only
+    return auth.organizationRole !== 'viewer';
+}
+/**
+ * Check if a user can manage organization members
+ * Only owners and admins can manage members
+ */
+export function canManageMembers(auth) {
+    if (auth.type === 'api_key') {
+        return false;
+    }
+    return auth.organizationRole === 'owner' || auth.organizationRole === 'admin';
+}
+/**
+ * Check if a user can manage API keys
+ * Only owners and admins can manage API keys
+ */
+export function canManageApiKeys(auth) {
+    if (auth.type === 'api_key') {
+        return false;
+    }
+    return auth.organizationRole === 'owner' || auth.organizationRole === 'admin';
+}
+/**
+ * Check if a user is a viewer (read-only access)
+ */
+export function isViewer(auth) {
+    if (auth.type === 'api_key') {
+        return !auth.permissions.includes('write');
+    }
+    return auth.organizationRole === 'viewer';
+}

package/dist/lib/types/config.js

@@ -0,0 +1 @@
+export {};

package/dist/lib/types/document.js

@@ -0,0 +1 @@
+export {};

package/dist/lib/types/filters.js

@@ -0,0 +1,5 @@
+// types/filters.ts
+//
+// Database-agnostic filter types for the unified Local API
+// These interfaces define the contract that all database adapters must implement
+export {};

package/dist/lib/types/index.js

@@ -0,0 +1,9 @@
+export * from './asset.js';
+export * from './auth.js';
+export * from './document.js';
+export * from './schemas.js';
+export * from './config.js';
+export * from './user.js';
+export * from './sidebar.js';
+export * from './organization.js';
+export * from './filters.js';

package/dist/lib/types/organization.js

@@ -0,0 +1,3 @@
+// Organization types for multi-tenancy
+// These match the inferred types from Drizzle schema
+export {};

package/dist/lib/types/schemas.js

@@ -0,0 +1 @@
+export {};

package/dist/lib/types/sidebar.js

@@ -0,0 +1 @@
+export {};

package/dist/lib/types/user.js

@@ -0,0 +1 @@
+export {};

package/dist/local-api/auth-helpers.d.ts

@@ -0,0 +1,65 @@
+import type { Auth } from '../types/auth.js';
+import type { LocalAPIContext } from './types.js';
+/**
+ * Convert SvelteKit locals.auth to LocalAPIContext
+ *
+ * This helper bridges the gap between the authentication system
+ * (handled in the app layer and enriched by handleAuthHook) and
+ * the LocalAPI's context-based approach.
+ *
+ * Preserves the full Auth object in context.auth so custom permission
+ * logic can access any custom fields added via module augmentation.
+ *
+ * @param auth - Auth object from locals.auth (already validated by handleAuthHook)
+ * @returns LocalAPIContext for use with LocalAPI operations
+ *
+ * @example
+ * ```typescript
+ * // In a SvelteKit route handler
+ * import { authToContext } from '@aphexcms/cms-core/local-api';
+ *
+ * export const GET: RequestHandler = async ({ locals }) => {
+ *   const api = locals.aphexCMS.localAPI;
+ *   const context = authToContext(locals.auth);
+ *
+ *   const pages = await api.collections.page.find(context, {
+ *     where: { status: { equals: 'published' } }
+ *   });
+ *
+ *   return json({ data: pages });
+ * };
+ * ```
+ */
+export declare function authToContext(auth: Auth | null | undefined): LocalAPIContext;
+/**
+ * Check if auth exists and convert to context
+ * Alias for authToContext - more semantic in some contexts
+ *
+ * @param auth - Auth object from locals.auth
+ * @returns LocalAPIContext
+ * @throws Error if auth is missing or invalid
+ */
+export declare function requireAuth(auth: Auth | null | undefined): LocalAPIContext;
+/**
+ * Create a system context for operations that bypass normal permissions
+ * Use this for seed scripts, cron jobs, migrations, and other system-level operations
+ *
+ * @param organizationId - Organization ID for the operation
+ * @returns LocalAPIContext with overrideAccess: true
+ *
+ * @example
+ * ```typescript
+ * // In a seed script
+ * import { systemContext } from '@aphexcms/cms-core/local-api';
+ *
+ * const api = getLocalAPI();
+ * const context = systemContext('org_123');
+ *
+ * await api.collections.page.create(context, {
+ *   data: { title: 'Home', slug: 'home' },
+ *   publish: true
+ * });
+ * ```
+ */
+export declare function systemContext(organizationId: string): LocalAPIContext;
+//# sourceMappingURL=auth-helpers.d.ts.map

package/dist/local-api/auth-helpers.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth-helpers.d.ts","sourceRoot":"","sources":["../../src/lib/local-api/auth-helpers.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAC1C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,SAAS,CAAC;AAE/C;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,IAAI,GAAG,IAAI,GAAG,SAAS,GAAG,eAAe,CAiC5E;AAED;;;;;;;GAOG;AACH,wBAAgB,WAAW,CAAC,IAAI,EAAE,IAAI,GAAG,IAAI,GAAG,SAAS,GAAG,eAAe,CAE1E;AAED;;;;;;;;;;;;;;;;;;;;GAoBG;AACH,wBAAgB,aAAa,CAAC,cAAc,EAAE,MAAM,GAAG,eAAe,CAKrE"}

package/dist/local-api/auth-helpers.js

@@ -0,0 +1,102 @@
+// local-api/auth-helpers.ts
+//
+// Helper utilities to convert between Auth types and LocalAPIContext
+/**
+ * Convert SvelteKit locals.auth to LocalAPIContext
+ *
+ * This helper bridges the gap between the authentication system
+ * (handled in the app layer and enriched by handleAuthHook) and
+ * the LocalAPI's context-based approach.
+ *
+ * Preserves the full Auth object in context.auth so custom permission
+ * logic can access any custom fields added via module augmentation.
+ *
+ * @param auth - Auth object from locals.auth (already validated by handleAuthHook)
+ * @returns LocalAPIContext for use with LocalAPI operations
+ *
+ * @example
+ * ```typescript
+ * // In a SvelteKit route handler
+ * import { authToContext } from '@aphexcms/cms-core/local-api';
+ *
+ * export const GET: RequestHandler = async ({ locals }) => {
+ *   const api = locals.aphexCMS.localAPI;
+ *   const context = authToContext(locals.auth);
+ *
+ *   const pages = await api.collections.page.find(context, {
+ *     where: { status: { equals: 'published' } }
+ *   });
+ *
+ *   return json({ data: pages });
+ * };
+ * ```
+ */
+export function authToContext(auth) {
+    if (!auth) {
+        throw new Error('Authentication required');
+    }
+    // For session auth, extract user and organization info
+    if (auth.type === 'session') {
+        return {
+            organizationId: auth.organizationId,
+            user: auth.user,
+            auth: auth // Preserve full auth for custom permission logic
+        };
+    }
+    // For API key auth, create a synthetic user for permission checking
+    // API keys don't have traditional user accounts, but we need user info
+    // for the permission system to work correctly
+    if (auth.type === 'api_key') {
+        return {
+            organizationId: auth.organizationId,
+            user: {
+                id: `apikey:${auth.keyId}`,
+                email: `apikey-${auth.name}@system`,
+                name: auth.name,
+                // Map API key permissions to user roles for permission checking
+                role: auth.permissions.includes('write') ? 'editor' : 'viewer'
+            },
+            auth: auth // Preserve full auth for custom permission logic
+        };
+    }
+    // This should never happen with proper typing, but just in case
+    throw new Error('Unknown auth type');
+}
+/**
+ * Check if auth exists and convert to context
+ * Alias for authToContext - more semantic in some contexts
+ *
+ * @param auth - Auth object from locals.auth
+ * @returns LocalAPIContext
+ * @throws Error if auth is missing or invalid
+ */
+export function requireAuth(auth) {
+    return authToContext(auth);
+}
+/**
+ * Create a system context for operations that bypass normal permissions
+ * Use this for seed scripts, cron jobs, migrations, and other system-level operations
+ *
+ * @param organizationId - Organization ID for the operation
+ * @returns LocalAPIContext with overrideAccess: true
+ *
+ * @example
+ * ```typescript
+ * // In a seed script
+ * import { systemContext } from '@aphexcms/cms-core/local-api';
+ *
+ * const api = getLocalAPI();
+ * const context = systemContext('org_123');
+ *
+ * await api.collections.page.create(context, {
+ *   data: { title: 'Home', slug: 'home' },
+ *   publish: true
+ * });
+ * ```
+ */
+export function systemContext(organizationId) {
+    return {
+        organizationId,
+        overrideAccess: true
+    };
+}