@aphexcms/cms-core 0.1.8 → 0.1.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/api/assets.d.ts +48 -0
- package/dist/api/assets.d.ts.map +1 -0
- package/dist/api/assets.js +52 -0
- package/dist/api/client.d.ts +37 -0
- package/dist/api/client.d.ts.map +1 -0
- package/dist/api/client.js +125 -0
- package/dist/api/documents.d.ts +56 -0
- package/dist/api/documents.d.ts.map +1 -0
- package/dist/api/documents.js +77 -0
- package/dist/api/index.d.ts +7 -0
- package/dist/api/index.d.ts.map +1 -0
- package/dist/api/index.js +5 -0
- package/dist/api/organizations.d.ts +101 -0
- package/dist/api/organizations.d.ts.map +1 -0
- package/dist/api/organizations.js +92 -0
- package/dist/api/types.d.ts +23 -0
- package/dist/api/types.d.ts.map +1 -0
- package/dist/api/types.js +1 -0
- package/dist/auth/auth-errors.d.ts +7 -0
- package/dist/auth/auth-errors.d.ts.map +1 -0
- package/dist/auth/auth-errors.js +13 -0
- package/dist/auth/auth-hooks.d.ts +6 -0
- package/dist/auth/auth-hooks.d.ts.map +1 -0
- package/dist/auth/auth-hooks.js +108 -0
- package/dist/auth/provider.d.ts +17 -0
- package/dist/auth/provider.d.ts.map +1 -0
- package/dist/auth/provider.js +1 -0
- package/dist/client/index.d.ts +24 -0
- package/dist/client/index.d.ts.map +1 -0
- package/{src/lib/client/index.ts → dist/client/index.js} +7 -18
- package/dist/components/AdminApp.svelte.d.ts +24 -0
- package/dist/components/AdminApp.svelte.d.ts.map +1 -0
- package/dist/components/admin/AdminLayout.svelte.d.ts +15 -0
- package/dist/components/admin/AdminLayout.svelte.d.ts.map +1 -0
- package/dist/components/admin/DocumentEditor.svelte.d.ts +18 -0
- package/dist/components/admin/DocumentEditor.svelte.d.ts.map +1 -0
- package/dist/components/admin/DocumentTypesList.svelte.d.ts +14 -0
- package/dist/components/admin/DocumentTypesList.svelte.d.ts.map +1 -0
- package/dist/components/admin/ObjectModal.svelte.d.ts +15 -0
- package/dist/components/admin/ObjectModal.svelte.d.ts.map +1 -0
- package/dist/components/admin/SchemaField.svelte.d.ts +19 -0
- package/dist/components/admin/SchemaField.svelte.d.ts.map +1 -0
- package/dist/components/admin/fields/ArrayField.svelte.d.ts +12 -0
- package/dist/components/admin/fields/ArrayField.svelte.d.ts.map +1 -0
- package/dist/components/admin/fields/BooleanField.svelte.d.ts +13 -0
- package/dist/components/admin/fields/BooleanField.svelte.d.ts.map +1 -0
- package/dist/components/admin/fields/ImageField.svelte.d.ts +15 -0
- package/dist/components/admin/fields/ImageField.svelte.d.ts.map +1 -0
- package/dist/components/admin/fields/NumberField.svelte.d.ts +14 -0
- package/dist/components/admin/fields/NumberField.svelte.d.ts.map +1 -0
- package/dist/components/admin/fields/ReferenceField.svelte.d.ts +12 -0
- package/dist/components/admin/fields/ReferenceField.svelte.d.ts.map +1 -0
- package/dist/components/admin/fields/SlugField.svelte.d.ts +15 -0
- package/dist/components/admin/fields/SlugField.svelte.d.ts.map +1 -0
- package/dist/components/admin/fields/StringField.svelte.d.ts +14 -0
- package/dist/components/admin/fields/StringField.svelte.d.ts.map +1 -0
- package/dist/components/admin/fields/TextareaField.svelte.d.ts +14 -0
- package/dist/components/admin/fields/TextareaField.svelte.d.ts.map +1 -0
- package/dist/components/fields/index.d.ts +9 -0
- package/dist/components/fields/index.d.ts.map +1 -0
- package/dist/components/index.d.ts +7 -0
- package/dist/components/index.d.ts.map +1 -0
- package/{src/lib/components/index.ts → dist/components/index.js} +1 -5
- package/dist/components/layout/OrganizationSwitcher.svelte.d.ts +11 -0
- package/dist/components/layout/OrganizationSwitcher.svelte.d.ts.map +1 -0
- package/dist/components/layout/Sidebar.svelte.d.ts +14 -0
- package/dist/components/layout/Sidebar.svelte.d.ts.map +1 -0
- package/dist/components/layout/sidebar/AppSidebar.svelte.d.ts +4 -0
- package/dist/components/layout/sidebar/AppSidebar.svelte.d.ts.map +1 -0
- package/dist/components/layout/sidebar/NavMain.svelte.d.ts +19 -0
- package/dist/components/layout/sidebar/NavMain.svelte.d.ts.map +1 -0
- package/dist/components/layout/sidebar/NavSecondary.svelte.d.ts +9 -0
- package/dist/components/layout/sidebar/NavSecondary.svelte.d.ts.map +1 -0
- package/dist/components/layout/sidebar/NavUser.svelte.d.ts +9 -0
- package/dist/components/layout/sidebar/NavUser.svelte.d.ts.map +1 -0
- package/dist/config.d.ts +3 -0
- package/dist/config.d.ts.map +1 -0
- package/dist/config.js +15 -0
- package/dist/db/adapters/index.d.ts +1 -0
- package/dist/db/adapters/index.d.ts.map +1 -0
- package/{src/lib/db/adapters/index.ts → dist/db/adapters/index.js} +1 -0
- package/dist/db/index.d.ts +2 -0
- package/dist/db/index.d.ts.map +1 -0
- package/{src/lib/db/index.ts → dist/db/index.js} +1 -2
- package/dist/db/interfaces/asset.d.ts +51 -0
- package/dist/db/interfaces/asset.d.ts.map +1 -0
- package/dist/db/interfaces/asset.js +1 -0
- package/dist/db/interfaces/document.d.ts +36 -0
- package/dist/db/interfaces/document.d.ts.map +1 -0
- package/dist/db/interfaces/document.js +1 -0
- package/dist/db/interfaces/index.d.ts +73 -0
- package/dist/db/interfaces/index.d.ts.map +1 -0
- package/dist/db/interfaces/index.js +1 -0
- package/dist/db/interfaces/organization.d.ts +27 -0
- package/dist/db/interfaces/organization.d.ts.map +1 -0
- package/dist/db/interfaces/organization.js +1 -0
- package/dist/db/interfaces/schema.d.ts +21 -0
- package/dist/db/interfaces/schema.d.ts.map +1 -0
- package/dist/db/interfaces/schema.js +1 -0
- package/dist/db/interfaces/user.d.ts +15 -0
- package/dist/db/interfaces/user.d.ts.map +1 -0
- package/dist/db/interfaces/user.js +1 -0
- package/dist/db/utils/reference-resolver.d.ts +18 -0
- package/dist/db/utils/reference-resolver.d.ts.map +1 -0
- package/dist/db/utils/reference-resolver.js +80 -0
- package/dist/define.d.ts +3 -0
- package/dist/define.d.ts.map +1 -0
- package/dist/define.js +4 -0
- package/dist/email/index.d.ts +2 -0
- package/dist/email/index.d.ts.map +1 -0
- package/{src/lib/email/index.ts → dist/email/index.js} +1 -2
- package/dist/email/interfaces/email.d.ts +42 -0
- package/dist/email/interfaces/email.d.ts.map +1 -0
- package/dist/email/interfaces/email.js +1 -0
- package/dist/engine.d.ts +26 -0
- package/dist/engine.d.ts.map +1 -0
- package/dist/engine.js +66 -0
- package/dist/field-validation/rule.d.ts +51 -0
- package/dist/field-validation/rule.d.ts.map +1 -0
- package/dist/field-validation/rule.js +221 -0
- package/dist/field-validation/utils.d.ts +21 -0
- package/dist/field-validation/utils.d.ts.map +1 -0
- package/dist/field-validation/utils.js +66 -0
- package/dist/hooks.d.ts +23 -0
- package/dist/hooks.d.ts.map +1 -0
- package/dist/hooks.js +96 -0
- package/dist/index.d.ts +2 -0
- package/dist/index.d.ts.map +1 -0
- package/{src/lib/index.ts → dist/index.js} +1 -2
- package/dist/is-mobile.svelte.d.ts +5 -0
- package/dist/is-mobile.svelte.d.ts.map +1 -0
- package/{src/lib/is-mobile.svelte.ts → dist/is-mobile.svelte.js} +3 -5
- package/dist/routes/assets-by-id.d.ts +5 -0
- package/dist/routes/assets-by-id.d.ts.map +1 -0
- package/dist/routes/assets-by-id.js +138 -0
- package/dist/routes/assets-cdn.d.ts +3 -0
- package/dist/routes/assets-cdn.d.ts.map +1 -0
- package/dist/routes/assets-cdn.js +155 -0
- package/dist/routes/assets.d.ts +4 -0
- package/dist/routes/assets.d.ts.map +1 -0
- package/dist/routes/assets.js +94 -0
- package/dist/routes/documents-by-id.d.ts +5 -0
- package/dist/routes/documents-by-id.d.ts.map +1 -0
- package/dist/routes/documents-by-id.js +142 -0
- package/dist/routes/documents-publish.d.ts +4 -0
- package/dist/routes/documents-publish.d.ts.map +1 -0
- package/dist/routes/documents-publish.js +151 -0
- package/dist/routes/documents.d.ts +4 -0
- package/dist/routes/documents.d.ts.map +1 -0
- package/dist/routes/documents.js +131 -0
- package/dist/routes/index.d.ts +6 -0
- package/dist/routes/index.d.ts.map +1 -0
- package/dist/routes/index.js +10 -0
- package/dist/routes/organizations-by-id.d.ts +5 -0
- package/dist/routes/organizations-by-id.d.ts.map +1 -0
- package/dist/routes/organizations-by-id.js +187 -0
- package/dist/routes/organizations-invitations.d.ts +4 -0
- package/dist/routes/organizations-invitations.d.ts.map +1 -0
- package/dist/routes/organizations-invitations.js +125 -0
- package/dist/routes/organizations-members.d.ts +5 -0
- package/dist/routes/organizations-members.d.ts.map +1 -0
- package/dist/routes/organizations-members.js +206 -0
- package/dist/routes/organizations-switch.d.ts +3 -0
- package/dist/routes/organizations-switch.d.ts.map +1 -0
- package/dist/routes/organizations-switch.js +53 -0
- package/dist/routes/organizations.d.ts +4 -0
- package/dist/routes/organizations.d.ts.map +1 -0
- package/dist/routes/organizations.js +109 -0
- package/dist/routes/schemas-by-type.d.ts +3 -0
- package/dist/routes/schemas-by-type.d.ts.map +1 -0
- package/dist/routes/schemas-by-type.js +25 -0
- package/dist/routes/schemas.d.ts +3 -0
- package/dist/routes/schemas.d.ts.map +1 -0
- package/dist/routes/schemas.js +11 -0
- package/dist/routes-exports.d.ts +14 -0
- package/dist/routes-exports.d.ts.map +1 -0
- package/dist/routes-exports.js +19 -0
- package/dist/schema-context.svelte.d.ts +10 -0
- package/dist/schema-context.svelte.d.ts.map +1 -0
- package/dist/schema-context.svelte.js +18 -0
- package/dist/schema-utils/cleanup.d.ts +21 -0
- package/dist/schema-utils/cleanup.d.ts.map +1 -0
- package/dist/schema-utils/cleanup.js +80 -0
- package/dist/schema-utils/index.d.ts +4 -0
- package/dist/schema-utils/index.d.ts.map +1 -0
- package/dist/schema-utils/index.js +4 -0
- package/dist/schema-utils/utils.d.ts +30 -0
- package/dist/schema-utils/utils.d.ts.map +1 -0
- package/dist/schema-utils/utils.js +37 -0
- package/dist/schema-utils/validator.d.ts +6 -0
- package/dist/schema-utils/validator.d.ts.map +1 -0
- package/dist/schema-utils/validator.js +45 -0
- package/dist/server/index.d.ts +16 -0
- package/dist/server/index.d.ts.map +1 -0
- package/dist/server/index.js +28 -0
- package/dist/services/asset-service.d.ts +86 -0
- package/dist/services/asset-service.d.ts.map +1 -0
- package/dist/services/asset-service.js +187 -0
- package/dist/services/index.d.ts +3 -0
- package/dist/services/index.d.ts.map +1 -0
- package/dist/services/index.js +4 -0
- package/dist/storage/adapters/index.d.ts +2 -0
- package/dist/storage/adapters/index.d.ts.map +1 -0
- package/dist/storage/adapters/index.js +2 -0
- package/dist/storage/adapters/local-storage-adapter.d.ts +54 -0
- package/dist/storage/adapters/local-storage-adapter.d.ts.map +1 -0
- package/dist/storage/adapters/local-storage-adapter.js +187 -0
- package/dist/storage/index.d.ts +3 -0
- package/dist/storage/index.d.ts.map +1 -0
- package/{src/lib/storage/index.ts → dist/storage/index.js} +2 -4
- package/dist/storage/interfaces/index.d.ts +2 -0
- package/dist/storage/interfaces/index.d.ts.map +1 -0
- package/dist/storage/interfaces/index.js +2 -0
- package/dist/storage/interfaces/storage.d.ts +91 -0
- package/dist/storage/interfaces/storage.d.ts.map +1 -0
- package/dist/storage/interfaces/storage.js +1 -0
- package/dist/storage/providers/storage.d.ts +43 -0
- package/dist/storage/providers/storage.d.ts.map +1 -0
- package/dist/storage/providers/storage.js +64 -0
- package/dist/types/asset.d.ts +73 -0
- package/dist/types/asset.d.ts.map +1 -0
- package/dist/types/asset.js +2 -0
- package/dist/types/auth.d.ts +50 -0
- package/dist/types/auth.d.ts.map +1 -0
- package/dist/types/auth.js +41 -0
- package/dist/types/config.d.ts +47 -0
- package/dist/types/config.d.ts.map +1 -0
- package/dist/types/config.js +1 -0
- package/dist/types/document.d.ts +34 -0
- package/dist/types/document.d.ts.map +1 -0
- package/dist/types/document.js +1 -0
- package/dist/types/index.d.ts +9 -0
- package/dist/types/index.d.ts.map +1 -0
- package/dist/types/index.js +8 -0
- package/dist/types/organization.d.ts +105 -0
- package/dist/types/organization.d.ts.map +1 -0
- package/dist/types/organization.js +3 -0
- package/dist/types/schemas.d.ts +114 -0
- package/dist/types/schemas.d.ts.map +1 -0
- package/dist/types/schemas.js +1 -0
- package/dist/types/sidebar.d.ts +33 -0
- package/dist/types/sidebar.d.ts.map +1 -0
- package/dist/types/sidebar.js +1 -0
- package/dist/types/user.d.ts +14 -0
- package/dist/types/user.d.ts.map +1 -0
- package/dist/types/user.js +1 -0
- package/dist/utils/content-hash.d.ts +22 -0
- package/dist/utils/content-hash.d.ts.map +1 -0
- package/dist/utils/content-hash.js +67 -0
- package/dist/utils/image-url.d.ts +88 -0
- package/dist/utils/image-url.d.ts.map +1 -0
- package/dist/utils/image-url.js +165 -0
- package/dist/utils/index.d.ts +6 -0
- package/dist/utils/index.d.ts.map +1 -0
- package/dist/utils/index.js +9 -0
- package/dist/utils/slug.d.ts +13 -0
- package/dist/utils/slug.d.ts.map +1 -0
- package/dist/utils/slug.js +30 -0
- package/dist/utils.d.ts +13 -0
- package/dist/utils.d.ts.map +1 -0
- package/dist/utils.js +5 -0
- package/package.json +2 -2
- package/src/lib/api/assets.ts +0 -75
- package/src/lib/api/client.ts +0 -150
- package/src/lib/api/documents.ts +0 -102
- package/src/lib/api/index.ts +0 -7
- package/src/lib/api/organizations.ts +0 -154
- package/src/lib/api/types.ts +0 -34
- package/src/lib/auth/auth-errors.ts +0 -23
- package/src/lib/auth/auth-hooks.ts +0 -132
- package/src/lib/auth/provider.ts +0 -25
- package/src/lib/config.ts +0 -18
- package/src/lib/db/interfaces/asset.ts +0 -61
- package/src/lib/db/interfaces/document.ts +0 -53
- package/src/lib/db/interfaces/index.ts +0 -98
- package/src/lib/db/interfaces/organization.ts +0 -51
- package/src/lib/db/interfaces/schema.ts +0 -13
- package/src/lib/db/interfaces/user.ts +0 -16
- package/src/lib/db/utils/reference-resolver.ts +0 -119
- package/src/lib/define.ts +0 -7
- package/src/lib/email/interfaces/email.ts +0 -45
- package/src/lib/engine.ts +0 -85
- package/src/lib/field-validation/rule.ts +0 -287
- package/src/lib/field-validation/utils.ts +0 -91
- package/src/lib/hooks.ts +0 -142
- package/src/lib/routes/assets-by-id.ts +0 -161
- package/src/lib/routes/assets-cdn.ts +0 -185
- package/src/lib/routes/assets.ts +0 -116
- package/src/lib/routes/documents-by-id.ts +0 -188
- package/src/lib/routes/documents-publish.ts +0 -211
- package/src/lib/routes/documents.ts +0 -172
- package/src/lib/routes/index.ts +0 -13
- package/src/lib/routes/organizations-by-id.ts +0 -258
- package/src/lib/routes/organizations-invitations.ts +0 -183
- package/src/lib/routes/organizations-members.ts +0 -301
- package/src/lib/routes/organizations-switch.ts +0 -74
- package/src/lib/routes/organizations.ts +0 -147
- package/src/lib/routes/schemas-by-type.ts +0 -35
- package/src/lib/routes/schemas.ts +0 -19
- package/src/lib/routes-exports.ts +0 -42
- package/src/lib/schema-context.svelte.ts +0 -24
- package/src/lib/schema-utils/cleanup.ts +0 -116
- package/src/lib/schema-utils/index.ts +0 -4
- package/src/lib/schema-utils/utils.ts +0 -47
- package/src/lib/schema-utils/validator.ts +0 -58
- package/src/lib/server/index.ts +0 -40
- package/src/lib/services/asset-service.ts +0 -256
- package/src/lib/services/index.ts +0 -6
- package/src/lib/storage/adapters/index.ts +0 -2
- package/src/lib/storage/adapters/local-storage-adapter.ts +0 -215
- package/src/lib/storage/interfaces/index.ts +0 -2
- package/src/lib/storage/interfaces/storage.ts +0 -114
- package/src/lib/storage/providers/storage.ts +0 -83
- package/src/lib/types/asset.ts +0 -81
- package/src/lib/types/auth.ts +0 -80
- package/src/lib/types/config.ts +0 -45
- package/src/lib/types/document.ts +0 -38
- package/src/lib/types/index.ts +0 -8
- package/src/lib/types/organization.ts +0 -119
- package/src/lib/types/schemas.ts +0 -151
- package/src/lib/types/sidebar.ts +0 -37
- package/src/lib/types/user.ts +0 -17
- package/src/lib/utils/content-hash.ts +0 -75
- package/src/lib/utils/image-url.ts +0 -204
- package/src/lib/utils/index.ts +0 -12
- package/src/lib/utils/slug.ts +0 -33
- package/src/lib/utils.ts +0 -13
- /package/{src/lib → dist}/app.d.ts +0 -0
- /package/{src/lib → dist}/auth/MULTI_TENANCY_PLAN.md +0 -0
- /package/{src/lib → dist}/components/AdminApp.svelte +0 -0
- /package/{src/lib → dist}/components/admin/AdminLayout.svelte +0 -0
- /package/{src/lib → dist}/components/admin/DocumentEditor.svelte +0 -0
- /package/{src/lib → dist}/components/admin/DocumentTypesList.svelte +0 -0
- /package/{src/lib → dist}/components/admin/ObjectModal.svelte +0 -0
- /package/{src/lib → dist}/components/admin/SchemaField.svelte +0 -0
- /package/{src/lib → dist}/components/admin/fields/ArrayField.svelte +0 -0
- /package/{src/lib → dist}/components/admin/fields/BooleanField.svelte +0 -0
- /package/{src/lib → dist}/components/admin/fields/ImageField.svelte +0 -0
- /package/{src/lib → dist}/components/admin/fields/NumberField.svelte +0 -0
- /package/{src/lib → dist}/components/admin/fields/ReferenceField.svelte +0 -0
- /package/{src/lib → dist}/components/admin/fields/SlugField.svelte +0 -0
- /package/{src/lib → dist}/components/admin/fields/StringField.svelte +0 -0
- /package/{src/lib → dist}/components/admin/fields/TextareaField.svelte +0 -0
- /package/{src/lib/components/fields/index.ts → dist/components/fields/index.js} +0 -0
- /package/{src/lib → dist}/components/layout/OrganizationSwitcher.svelte +0 -0
- /package/{src/lib → dist}/components/layout/Sidebar.svelte +0 -0
- /package/{src/lib → dist}/components/layout/sidebar/AppSidebar.svelte +0 -0
- /package/{src/lib → dist}/components/layout/sidebar/NavMain.svelte +0 -0
- /package/{src/lib → dist}/components/layout/sidebar/NavSecondary.svelte +0 -0
- /package/{src/lib → dist}/components/layout/sidebar/NavUser.svelte +0 -0
- /package/{src/lib → dist}/plugins/README.md +0 -0
|
@@ -0,0 +1,151 @@
|
|
|
1
|
+
// Aphex CMS Document Publish API Handlers
|
|
2
|
+
import { json } from '@sveltejs/kit';
|
|
3
|
+
import { validateField } from '../field-validation/utils.js';
|
|
4
|
+
import { canWrite } from '../types/auth.js';
|
|
5
|
+
// POST /api/documents/[id]/publish - Publish document
|
|
6
|
+
export const POST = async ({ params, locals }) => {
|
|
7
|
+
try {
|
|
8
|
+
const { databaseAdapter, cmsEngine } = locals.aphexCMS;
|
|
9
|
+
const auth = locals.auth;
|
|
10
|
+
const { id } = params;
|
|
11
|
+
if (!auth) {
|
|
12
|
+
return json({
|
|
13
|
+
success: false,
|
|
14
|
+
error: 'Unauthorized',
|
|
15
|
+
message: 'Authentication required'
|
|
16
|
+
}, { status: 401 });
|
|
17
|
+
}
|
|
18
|
+
// Check write permissions (viewers are read-only)
|
|
19
|
+
if (!canWrite(auth)) {
|
|
20
|
+
return json({
|
|
21
|
+
success: false,
|
|
22
|
+
error: 'Forbidden',
|
|
23
|
+
message: 'You do not have permission to publish documents. Viewers have read-only access.'
|
|
24
|
+
}, { status: 403 });
|
|
25
|
+
}
|
|
26
|
+
if (!id) {
|
|
27
|
+
return json({
|
|
28
|
+
success: false,
|
|
29
|
+
error: 'Missing document ID',
|
|
30
|
+
message: 'Document ID is required'
|
|
31
|
+
}, { status: 400 });
|
|
32
|
+
}
|
|
33
|
+
// Get document to validate
|
|
34
|
+
const document = await databaseAdapter.findByDocId(auth.organizationId, id);
|
|
35
|
+
if (!document || !document.draftData) {
|
|
36
|
+
return json({
|
|
37
|
+
success: false,
|
|
38
|
+
error: 'Document not found or cannot be published',
|
|
39
|
+
message: 'Document may not exist or may not have draft content'
|
|
40
|
+
}, { status: 404 });
|
|
41
|
+
}
|
|
42
|
+
// Get schema for validation (from config to preserve validation functions)
|
|
43
|
+
const schema = cmsEngine.getSchemaTypeByName(document.type);
|
|
44
|
+
if (!schema) {
|
|
45
|
+
return json({
|
|
46
|
+
success: false,
|
|
47
|
+
error: 'Invalid document type',
|
|
48
|
+
message: `Schema type '${document.type}' not found`
|
|
49
|
+
}, { status: 400 });
|
|
50
|
+
}
|
|
51
|
+
// VALIDATE before publishing - block if errors exist
|
|
52
|
+
const validationErrors = [];
|
|
53
|
+
for (const field of schema.fields) {
|
|
54
|
+
const value = document.draftData[field.name];
|
|
55
|
+
const result = await validateField(field, value, document.draftData);
|
|
56
|
+
if (!result.isValid) {
|
|
57
|
+
const errorMessages = result.errors
|
|
58
|
+
.filter((e) => e.level === 'error')
|
|
59
|
+
.map((e) => e.message);
|
|
60
|
+
if (errorMessages.length > 0) {
|
|
61
|
+
validationErrors.push({
|
|
62
|
+
field: field.name,
|
|
63
|
+
errors: errorMessages
|
|
64
|
+
});
|
|
65
|
+
}
|
|
66
|
+
}
|
|
67
|
+
}
|
|
68
|
+
// Block publishing if validation errors exist
|
|
69
|
+
if (validationErrors.length > 0) {
|
|
70
|
+
return json({
|
|
71
|
+
success: false,
|
|
72
|
+
error: 'Cannot publish: validation errors',
|
|
73
|
+
message: 'Please fix all validation errors before publishing',
|
|
74
|
+
validationErrors
|
|
75
|
+
}, { status: 400 });
|
|
76
|
+
}
|
|
77
|
+
// All validation passed - proceed with publish
|
|
78
|
+
const publishedDocument = await databaseAdapter.publishDoc(auth.organizationId, id);
|
|
79
|
+
if (!publishedDocument) {
|
|
80
|
+
return json({
|
|
81
|
+
success: false,
|
|
82
|
+
error: 'Document not found or cannot be published',
|
|
83
|
+
message: 'Document may not exist or may not have draft content'
|
|
84
|
+
}, { status: 404 });
|
|
85
|
+
}
|
|
86
|
+
return json({
|
|
87
|
+
success: true,
|
|
88
|
+
data: publishedDocument,
|
|
89
|
+
message: 'Document published successfully'
|
|
90
|
+
});
|
|
91
|
+
}
|
|
92
|
+
catch (error) {
|
|
93
|
+
console.error('Failed to publish document:', error);
|
|
94
|
+
return json({
|
|
95
|
+
success: false,
|
|
96
|
+
error: 'Failed to publish document',
|
|
97
|
+
message: error instanceof Error ? error.message : 'Unknown error'
|
|
98
|
+
}, { status: 500 });
|
|
99
|
+
}
|
|
100
|
+
};
|
|
101
|
+
// DELETE /api/documents/[id]/publish - Unpublish document
|
|
102
|
+
export const DELETE = async ({ params, locals }) => {
|
|
103
|
+
try {
|
|
104
|
+
const { databaseAdapter } = locals.aphexCMS;
|
|
105
|
+
const auth = locals.auth;
|
|
106
|
+
const { id } = params;
|
|
107
|
+
if (!auth) {
|
|
108
|
+
return json({
|
|
109
|
+
success: false,
|
|
110
|
+
error: 'Unauthorized',
|
|
111
|
+
message: 'Authentication required'
|
|
112
|
+
}, { status: 401 });
|
|
113
|
+
}
|
|
114
|
+
// Check write permissions (viewers are read-only)
|
|
115
|
+
if (!canWrite(auth)) {
|
|
116
|
+
return json({
|
|
117
|
+
success: false,
|
|
118
|
+
error: 'Forbidden',
|
|
119
|
+
message: 'You do not have permission to unpublish documents. Viewers have read-only access.'
|
|
120
|
+
}, { status: 403 });
|
|
121
|
+
}
|
|
122
|
+
if (!id) {
|
|
123
|
+
return json({
|
|
124
|
+
success: false,
|
|
125
|
+
error: 'Missing document ID',
|
|
126
|
+
message: 'Document ID is required'
|
|
127
|
+
}, { status: 400 });
|
|
128
|
+
}
|
|
129
|
+
const unpublishedDocument = await databaseAdapter.unpublishDoc(auth.organizationId, id);
|
|
130
|
+
if (!unpublishedDocument) {
|
|
131
|
+
return json({
|
|
132
|
+
success: false,
|
|
133
|
+
error: 'Document not found',
|
|
134
|
+
message: `No document found with ID: ${id}`
|
|
135
|
+
}, { status: 404 });
|
|
136
|
+
}
|
|
137
|
+
return json({
|
|
138
|
+
success: true,
|
|
139
|
+
data: unpublishedDocument,
|
|
140
|
+
message: 'Document unpublished successfully'
|
|
141
|
+
});
|
|
142
|
+
}
|
|
143
|
+
catch (error) {
|
|
144
|
+
console.error('Failed to unpublish document:', error);
|
|
145
|
+
return json({
|
|
146
|
+
success: false,
|
|
147
|
+
error: 'Failed to unpublish document',
|
|
148
|
+
message: error instanceof Error ? error.message : 'Unknown error'
|
|
149
|
+
}, { status: 500 });
|
|
150
|
+
}
|
|
151
|
+
};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"documents.d.ts","sourceRoot":"","sources":["../../src/lib/routes/documents.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAQpD,eAAO,MAAM,GAAG,EAAE,cAsEjB,CAAC;AAGF,eAAO,MAAM,IAAI,EAAE,cAwFlB,CAAC"}
|
|
@@ -0,0 +1,131 @@
|
|
|
1
|
+
// Aphex CMS Document API Handlers
|
|
2
|
+
import { json } from '@sveltejs/kit';
|
|
3
|
+
import { canWrite } from '../types/auth.js';
|
|
4
|
+
// Default values for API
|
|
5
|
+
const DEFAULT_API_LIMIT = 20;
|
|
6
|
+
const DEFAULT_API_OFFSET = 0;
|
|
7
|
+
// GET /api/documents - List documents with filtering
|
|
8
|
+
export const GET = async ({ url, locals }) => {
|
|
9
|
+
try {
|
|
10
|
+
const { databaseAdapter } = locals.aphexCMS;
|
|
11
|
+
const auth = locals.auth;
|
|
12
|
+
if (!auth) {
|
|
13
|
+
return json({
|
|
14
|
+
success: false,
|
|
15
|
+
error: 'Unauthorized',
|
|
16
|
+
message: 'Authentication required'
|
|
17
|
+
}, { status: 401 });
|
|
18
|
+
}
|
|
19
|
+
const docType = url.searchParams.get('docType');
|
|
20
|
+
const status = url.searchParams.get('status') || undefined;
|
|
21
|
+
const limitParam = url.searchParams.get('limit');
|
|
22
|
+
const offsetParam = url.searchParams.get('offset');
|
|
23
|
+
const depthParam = url.searchParams.get('depth');
|
|
24
|
+
const organizationIdsParam = url.searchParams.get('organizationIds'); // Comma-separated list
|
|
25
|
+
// Parse with defaults
|
|
26
|
+
const limit = limitParam ? parseInt(limitParam) : DEFAULT_API_LIMIT;
|
|
27
|
+
const offset = offsetParam ? parseInt(offsetParam) : DEFAULT_API_OFFSET;
|
|
28
|
+
const depth = depthParam ? parseInt(depthParam) : 0;
|
|
29
|
+
// Parse organizationIds if provided
|
|
30
|
+
const filterOrganizationIds = organizationIdsParam
|
|
31
|
+
? organizationIdsParam
|
|
32
|
+
.split(',')
|
|
33
|
+
.map((id) => id.trim())
|
|
34
|
+
.filter(Boolean)
|
|
35
|
+
: undefined;
|
|
36
|
+
const filters = {
|
|
37
|
+
...(docType && { type: docType }),
|
|
38
|
+
...(status && { status }),
|
|
39
|
+
...(filterOrganizationIds && { filterOrganizationIds }),
|
|
40
|
+
limit: isNaN(limit) ? DEFAULT_API_LIMIT : limit,
|
|
41
|
+
offset: isNaN(offset) ? DEFAULT_API_OFFSET : offset,
|
|
42
|
+
depth: isNaN(depth) ? 0 : Math.max(0, Math.min(depth, 5)) // Clamp between 0-5 for safety
|
|
43
|
+
};
|
|
44
|
+
const documents = await databaseAdapter.findManyDoc(auth.organizationId, filters);
|
|
45
|
+
return json({
|
|
46
|
+
success: true,
|
|
47
|
+
data: documents,
|
|
48
|
+
meta: {
|
|
49
|
+
count: documents.length,
|
|
50
|
+
limit: filters.limit,
|
|
51
|
+
offset: filters.offset,
|
|
52
|
+
filters: {
|
|
53
|
+
docType,
|
|
54
|
+
status
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
});
|
|
58
|
+
}
|
|
59
|
+
catch (error) {
|
|
60
|
+
console.error('Failed to fetch documents:', error);
|
|
61
|
+
return json({
|
|
62
|
+
success: false,
|
|
63
|
+
error: 'Failed to fetch documents',
|
|
64
|
+
message: error instanceof Error ? error.message : 'Unknown error'
|
|
65
|
+
}, { status: 500 });
|
|
66
|
+
}
|
|
67
|
+
};
|
|
68
|
+
// POST /api/documents - Create new document
|
|
69
|
+
export const POST = async ({ request, locals }) => {
|
|
70
|
+
try {
|
|
71
|
+
const { databaseAdapter } = locals.aphexCMS;
|
|
72
|
+
const auth = locals.auth;
|
|
73
|
+
if (!auth) {
|
|
74
|
+
return json({
|
|
75
|
+
success: false,
|
|
76
|
+
error: 'Unauthorized',
|
|
77
|
+
message: 'Authentication required'
|
|
78
|
+
}, { status: 401 });
|
|
79
|
+
}
|
|
80
|
+
// Check write permissions (viewers are read-only)
|
|
81
|
+
if (!canWrite(auth)) {
|
|
82
|
+
return json({
|
|
83
|
+
success: false,
|
|
84
|
+
error: 'Forbidden',
|
|
85
|
+
message: 'You do not have permission to create documents. Viewers have read-only access.'
|
|
86
|
+
}, { status: 403 });
|
|
87
|
+
}
|
|
88
|
+
const body = await request.json();
|
|
89
|
+
// Validate required fields (support both old and new format)
|
|
90
|
+
const documentType = body.type;
|
|
91
|
+
const documentData = body.draftData || body.data;
|
|
92
|
+
if (!documentType || !documentData) {
|
|
93
|
+
return json({
|
|
94
|
+
success: false,
|
|
95
|
+
error: 'Missing required fields',
|
|
96
|
+
message: 'Document type and data are required'
|
|
97
|
+
}, { status: 400 });
|
|
98
|
+
}
|
|
99
|
+
// Validate document type exists
|
|
100
|
+
const { cmsEngine } = locals.aphexCMS;
|
|
101
|
+
const schema = cmsEngine.getSchemaTypeByName(documentType);
|
|
102
|
+
if (!schema) {
|
|
103
|
+
return json({
|
|
104
|
+
success: false,
|
|
105
|
+
error: 'Invalid document type',
|
|
106
|
+
message: `Schema type '${documentType}' not found`
|
|
107
|
+
}, { status: 400 });
|
|
108
|
+
}
|
|
109
|
+
// NO VALIDATION FOR DRAFTS - Sanity-style: drafts can have any state
|
|
110
|
+
// Validation only happens on publish
|
|
111
|
+
// Create document (always starts as draft)
|
|
112
|
+
const newDocument = await databaseAdapter.createDocument({
|
|
113
|
+
type: documentType,
|
|
114
|
+
draftData: documentData,
|
|
115
|
+
organizationId: auth.organizationId,
|
|
116
|
+
createdBy: auth.type === 'session' ? auth.user.id : undefined
|
|
117
|
+
});
|
|
118
|
+
return json({
|
|
119
|
+
success: true,
|
|
120
|
+
data: newDocument
|
|
121
|
+
}, { status: 201 });
|
|
122
|
+
}
|
|
123
|
+
catch (error) {
|
|
124
|
+
console.error('Failed to create document:', error);
|
|
125
|
+
return json({
|
|
126
|
+
success: false,
|
|
127
|
+
error: 'Failed to create document',
|
|
128
|
+
message: error instanceof Error ? error.message : 'Unknown error'
|
|
129
|
+
}, { status: 500 });
|
|
130
|
+
}
|
|
131
|
+
};
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
export * as documents from './documents.js';
|
|
2
|
+
export * as documentsById from './documents-by-id.js';
|
|
3
|
+
export * as assets from './assets.js';
|
|
4
|
+
export * as schemas from './schemas.js';
|
|
5
|
+
export * as schemasByType from './schemas-by-type.js';
|
|
6
|
+
//# sourceMappingURL=index.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/lib/routes/index.ts"],"names":[],"mappings":"AAIA,OAAO,KAAK,SAAS,MAAM,aAAa,CAAC;AACzC,OAAO,KAAK,aAAa,MAAM,mBAAmB,CAAC;AAGnD,OAAO,KAAK,MAAM,MAAM,UAAU,CAAC;AAGnC,OAAO,KAAK,OAAO,MAAM,WAAW,CAAC;AACrC,OAAO,KAAK,aAAa,MAAM,mBAAmB,CAAC"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
// Aphex CMS API Route Handlers
|
|
2
|
+
// These will be imported and re-exported by your app's API routes
|
|
3
|
+
// Document management routes
|
|
4
|
+
export * as documents from './documents.js';
|
|
5
|
+
export * as documentsById from './documents-by-id.js';
|
|
6
|
+
// Asset management routes
|
|
7
|
+
export * as assets from './assets.js';
|
|
8
|
+
// Schema information routes
|
|
9
|
+
export * as schemas from './schemas.js';
|
|
10
|
+
export * as schemasByType from './schemas-by-type.js';
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"organizations-by-id.d.ts","sourceRoot":"","sources":["../../src/lib/routes/organizations-by-id.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAGpD,eAAO,MAAM,GAAG,EAAE,cAmEjB,CAAC;AAGF,eAAO,MAAM,KAAK,EAAE,cAgGnB,CAAC;AAGF,eAAO,MAAM,MAAM,EAAE,cAmFpB,CAAC"}
|
|
@@ -0,0 +1,187 @@
|
|
|
1
|
+
// Aphex CMS Organization by ID API Handlers
|
|
2
|
+
import { json } from '@sveltejs/kit';
|
|
3
|
+
// GET /api/organizations/[id] - Get organization by ID
|
|
4
|
+
export const GET = async ({ params, locals }) => {
|
|
5
|
+
try {
|
|
6
|
+
const { databaseAdapter } = locals.aphexCMS;
|
|
7
|
+
const auth = locals.auth;
|
|
8
|
+
const { id } = params;
|
|
9
|
+
if (!auth || auth.type !== 'session') {
|
|
10
|
+
return json({
|
|
11
|
+
success: false,
|
|
12
|
+
error: 'Unauthorized',
|
|
13
|
+
message: 'Session authentication required'
|
|
14
|
+
}, { status: 401 });
|
|
15
|
+
}
|
|
16
|
+
if (!id) {
|
|
17
|
+
return json({
|
|
18
|
+
success: false,
|
|
19
|
+
error: 'Missing required field',
|
|
20
|
+
message: 'Organization ID is required'
|
|
21
|
+
}, { status: 400 });
|
|
22
|
+
}
|
|
23
|
+
// Check if user is a member of this organization
|
|
24
|
+
const membership = await databaseAdapter.findUserMembership(auth.user.id, id);
|
|
25
|
+
if (!membership) {
|
|
26
|
+
return json({
|
|
27
|
+
success: false,
|
|
28
|
+
error: 'Forbidden',
|
|
29
|
+
message: 'You are not a member of this organization'
|
|
30
|
+
}, { status: 403 });
|
|
31
|
+
}
|
|
32
|
+
const organization = await databaseAdapter.findOrganizationById(id);
|
|
33
|
+
if (!organization) {
|
|
34
|
+
return json({
|
|
35
|
+
success: false,
|
|
36
|
+
error: 'Organization not found'
|
|
37
|
+
}, { status: 404 });
|
|
38
|
+
}
|
|
39
|
+
return json({
|
|
40
|
+
success: true,
|
|
41
|
+
data: organization
|
|
42
|
+
});
|
|
43
|
+
}
|
|
44
|
+
catch (error) {
|
|
45
|
+
console.error('Failed to fetch organization:', error);
|
|
46
|
+
return json({
|
|
47
|
+
success: false,
|
|
48
|
+
error: 'Failed to fetch organization',
|
|
49
|
+
message: error instanceof Error ? error.message : 'Unknown error'
|
|
50
|
+
}, { status: 500 });
|
|
51
|
+
}
|
|
52
|
+
};
|
|
53
|
+
// PATCH /api/organizations/[id] - Update organization
|
|
54
|
+
export const PATCH = async ({ params, request, locals }) => {
|
|
55
|
+
try {
|
|
56
|
+
const { databaseAdapter } = locals.aphexCMS;
|
|
57
|
+
const auth = locals.auth;
|
|
58
|
+
const { id } = params;
|
|
59
|
+
if (!auth || auth.type !== 'session') {
|
|
60
|
+
return json({
|
|
61
|
+
success: false,
|
|
62
|
+
error: 'Unauthorized',
|
|
63
|
+
message: 'Session authentication required'
|
|
64
|
+
}, { status: 401 });
|
|
65
|
+
}
|
|
66
|
+
if (!id) {
|
|
67
|
+
return json({
|
|
68
|
+
success: false,
|
|
69
|
+
error: 'Missing required field',
|
|
70
|
+
message: 'Organization ID is required'
|
|
71
|
+
}, { status: 400 });
|
|
72
|
+
}
|
|
73
|
+
// Check if user is owner or admin of this organization
|
|
74
|
+
const membership = await databaseAdapter.findUserMembership(auth.user.id, id);
|
|
75
|
+
if (!membership || (membership.role !== 'owner' && membership.role !== 'admin')) {
|
|
76
|
+
return json({
|
|
77
|
+
success: false,
|
|
78
|
+
error: 'Forbidden',
|
|
79
|
+
message: 'Only owners and admins can update organization settings'
|
|
80
|
+
}, { status: 403 });
|
|
81
|
+
}
|
|
82
|
+
const body = await request.json();
|
|
83
|
+
// Validate: if slug is being changed, check it's not already taken
|
|
84
|
+
if (body.slug) {
|
|
85
|
+
const existingOrg = await databaseAdapter.findOrganizationBySlug(body.slug);
|
|
86
|
+
if (existingOrg && existingOrg.id !== id) {
|
|
87
|
+
return json({
|
|
88
|
+
success: false,
|
|
89
|
+
error: 'Slug already exists',
|
|
90
|
+
message: `Organization with slug '${body.slug}' already exists`
|
|
91
|
+
}, { status: 409 });
|
|
92
|
+
}
|
|
93
|
+
}
|
|
94
|
+
// Update organization
|
|
95
|
+
const updateData = {};
|
|
96
|
+
if (body.name !== undefined)
|
|
97
|
+
updateData.name = body.name;
|
|
98
|
+
if (body.slug !== undefined)
|
|
99
|
+
updateData.slug = body.slug;
|
|
100
|
+
if (body.metadata !== undefined)
|
|
101
|
+
updateData.metadata = body.metadata;
|
|
102
|
+
const updatedOrganization = await databaseAdapter.updateOrganization(id, updateData);
|
|
103
|
+
if (!updatedOrganization) {
|
|
104
|
+
return json({
|
|
105
|
+
success: false,
|
|
106
|
+
error: 'Organization not found'
|
|
107
|
+
}, { status: 404 });
|
|
108
|
+
}
|
|
109
|
+
return json({
|
|
110
|
+
success: true,
|
|
111
|
+
data: updatedOrganization
|
|
112
|
+
});
|
|
113
|
+
}
|
|
114
|
+
catch (error) {
|
|
115
|
+
console.error('Failed to update organization:', error);
|
|
116
|
+
return json({
|
|
117
|
+
success: false,
|
|
118
|
+
error: 'Failed to update organization',
|
|
119
|
+
message: error instanceof Error ? error.message : 'Unknown error'
|
|
120
|
+
}, { status: 500 });
|
|
121
|
+
}
|
|
122
|
+
};
|
|
123
|
+
// DELETE /api/organizations/[id] - Delete an organization
|
|
124
|
+
export const DELETE = async ({ params, locals }) => {
|
|
125
|
+
try {
|
|
126
|
+
const { databaseAdapter } = locals.aphexCMS;
|
|
127
|
+
const auth = locals.auth;
|
|
128
|
+
const { id } = params;
|
|
129
|
+
if (!auth || auth.type !== 'session') {
|
|
130
|
+
return json({
|
|
131
|
+
success: false,
|
|
132
|
+
error: 'Unauthorized',
|
|
133
|
+
message: 'Session authentication required'
|
|
134
|
+
}, { status: 401 });
|
|
135
|
+
}
|
|
136
|
+
if (!id) {
|
|
137
|
+
return json({
|
|
138
|
+
success: false,
|
|
139
|
+
error: 'Missing required field',
|
|
140
|
+
message: 'Organization ID is required'
|
|
141
|
+
}, { status: 400 });
|
|
142
|
+
}
|
|
143
|
+
// Only owners can delete an organization
|
|
144
|
+
const membership = await databaseAdapter.findUserMembership(auth.user.id, id);
|
|
145
|
+
if (!membership || membership.role !== 'owner') {
|
|
146
|
+
return json({
|
|
147
|
+
success: false,
|
|
148
|
+
error: 'Forbidden',
|
|
149
|
+
message: 'Only owners can delete an organization'
|
|
150
|
+
}, { status: 403 });
|
|
151
|
+
}
|
|
152
|
+
// Get all members of the organization
|
|
153
|
+
const members = await databaseAdapter.findOrganizationMembers(id);
|
|
154
|
+
// Handle member lifecycle
|
|
155
|
+
for (const member of members) {
|
|
156
|
+
const userSession = await databaseAdapter.findUserSession(member.userId);
|
|
157
|
+
if (userSession?.activeOrganizationId === id) {
|
|
158
|
+
const otherOrgs = await databaseAdapter.findUserOrganizations(member.userId);
|
|
159
|
+
const remainingOrgs = otherOrgs.filter((org) => org.organization.id !== id);
|
|
160
|
+
if (remainingOrgs.length > 0 && remainingOrgs[0]) {
|
|
161
|
+
await databaseAdapter.updateUserSession(member.userId, remainingOrgs[0].organization.id);
|
|
162
|
+
}
|
|
163
|
+
else {
|
|
164
|
+
await databaseAdapter.deleteUserSession(member.userId);
|
|
165
|
+
}
|
|
166
|
+
}
|
|
167
|
+
}
|
|
168
|
+
// Delete all members from the organization
|
|
169
|
+
await databaseAdapter.removeAllMembers(id);
|
|
170
|
+
// Delete all invitations for the organization
|
|
171
|
+
await databaseAdapter.removeAllInvitations(id);
|
|
172
|
+
// Delete the organization
|
|
173
|
+
await databaseAdapter.deleteOrganization(id);
|
|
174
|
+
return json({
|
|
175
|
+
success: true,
|
|
176
|
+
message: 'Organization deleted successfully'
|
|
177
|
+
});
|
|
178
|
+
}
|
|
179
|
+
catch (error) {
|
|
180
|
+
console.error('Failed to delete organization:', error);
|
|
181
|
+
return json({
|
|
182
|
+
success: false,
|
|
183
|
+
error: 'Failed to delete organization',
|
|
184
|
+
message: error instanceof Error ? error.message : 'Unknown error'
|
|
185
|
+
}, { status: 500 });
|
|
186
|
+
}
|
|
187
|
+
};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"organizations-invitations.d.ts","sourceRoot":"","sources":["../../src/lib/routes/organizations-invitations.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAGpD,eAAO,MAAM,IAAI,EAAE,cAyGlB,CAAC;AAGF,eAAO,MAAM,MAAM,EAAE,cAqEpB,CAAC"}
|
|
@@ -0,0 +1,125 @@
|
|
|
1
|
+
// Aphex CMS Organization Invitations API Handlers
|
|
2
|
+
import { json } from '@sveltejs/kit';
|
|
3
|
+
// POST /api/organizations/invitations - Create/send an invitation
|
|
4
|
+
export const POST = async ({ request, locals }) => {
|
|
5
|
+
try {
|
|
6
|
+
const { databaseAdapter } = locals.aphexCMS;
|
|
7
|
+
const auth = locals.auth;
|
|
8
|
+
if (!auth || auth.type !== 'session') {
|
|
9
|
+
return json({
|
|
10
|
+
success: false,
|
|
11
|
+
error: 'Unauthorized',
|
|
12
|
+
message: 'Session authentication required'
|
|
13
|
+
}, { status: 401 });
|
|
14
|
+
}
|
|
15
|
+
// Only owners and admins can invite members
|
|
16
|
+
if (auth.organizationRole !== 'owner' && auth.organizationRole !== 'admin') {
|
|
17
|
+
return json({
|
|
18
|
+
success: false,
|
|
19
|
+
error: 'Forbidden',
|
|
20
|
+
message: 'Only owners and admins can invite members'
|
|
21
|
+
}, { status: 403 });
|
|
22
|
+
}
|
|
23
|
+
const body = await request.json();
|
|
24
|
+
if (!body.email || !body.role) {
|
|
25
|
+
return json({
|
|
26
|
+
success: false,
|
|
27
|
+
error: 'Missing required fields',
|
|
28
|
+
message: 'email and role are required'
|
|
29
|
+
}, { status: 400 });
|
|
30
|
+
}
|
|
31
|
+
// Validate role
|
|
32
|
+
const validRoles = ['admin', 'editor', 'viewer'];
|
|
33
|
+
if (!validRoles.includes(body.role)) {
|
|
34
|
+
return json({
|
|
35
|
+
success: false,
|
|
36
|
+
error: 'Invalid role',
|
|
37
|
+
message: 'Role must be one of: admin, editor, viewer'
|
|
38
|
+
}, { status: 400 });
|
|
39
|
+
}
|
|
40
|
+
// Check if there's already a pending invitation for this email
|
|
41
|
+
const existingInvitations = await databaseAdapter.findOrganizationInvitations(auth.organizationId);
|
|
42
|
+
const pendingInvitation = existingInvitations.find((inv) => inv.email.toLowerCase() === body.email.toLowerCase() && inv.acceptedAt === null);
|
|
43
|
+
if (pendingInvitation) {
|
|
44
|
+
return json({
|
|
45
|
+
success: false,
|
|
46
|
+
error: 'Already invited',
|
|
47
|
+
message: 'This email has already been invited to the organization'
|
|
48
|
+
}, { status: 400 });
|
|
49
|
+
}
|
|
50
|
+
// Generate a unique invitation token
|
|
51
|
+
const token = crypto.randomUUID();
|
|
52
|
+
// Create invitation - will auto-join when user signs up
|
|
53
|
+
const invitation = await databaseAdapter.createInvitation({
|
|
54
|
+
organizationId: auth.organizationId,
|
|
55
|
+
email: body.email.toLowerCase(),
|
|
56
|
+
role: body.role,
|
|
57
|
+
invitedBy: auth.user.id,
|
|
58
|
+
token,
|
|
59
|
+
expiresAt: new Date(Date.now() + 7 * 24 * 60 * 60 * 1000) // 7 days
|
|
60
|
+
});
|
|
61
|
+
return json({
|
|
62
|
+
success: true,
|
|
63
|
+
data: invitation,
|
|
64
|
+
message: 'Invitation sent successfully. User will automatically join when they sign up.'
|
|
65
|
+
}, { status: 201 });
|
|
66
|
+
}
|
|
67
|
+
catch (error) {
|
|
68
|
+
console.error('Failed to create invitation:', error);
|
|
69
|
+
return json({
|
|
70
|
+
success: false,
|
|
71
|
+
error: 'Failed to create invitation',
|
|
72
|
+
message: error instanceof Error ? error.message : 'Unknown error'
|
|
73
|
+
}, { status: 500 });
|
|
74
|
+
}
|
|
75
|
+
};
|
|
76
|
+
// DELETE /api/organizations/invitations - Cancel an invitation
|
|
77
|
+
export const DELETE = async ({ request, locals }) => {
|
|
78
|
+
try {
|
|
79
|
+
const { databaseAdapter } = locals.aphexCMS;
|
|
80
|
+
const auth = locals.auth;
|
|
81
|
+
if (!auth || auth.type !== 'session') {
|
|
82
|
+
return json({
|
|
83
|
+
success: false,
|
|
84
|
+
error: 'Unauthorized',
|
|
85
|
+
message: 'Session authentication required'
|
|
86
|
+
}, { status: 401 });
|
|
87
|
+
}
|
|
88
|
+
// Only owners and admins can cancel invitations
|
|
89
|
+
if (auth.organizationRole !== 'owner' && auth.organizationRole !== 'admin') {
|
|
90
|
+
return json({
|
|
91
|
+
success: false,
|
|
92
|
+
error: 'Forbidden',
|
|
93
|
+
message: 'Only owners and admins can cancel invitations'
|
|
94
|
+
}, { status: 403 });
|
|
95
|
+
}
|
|
96
|
+
const body = await request.json();
|
|
97
|
+
if (!body.invitationId) {
|
|
98
|
+
return json({
|
|
99
|
+
success: false,
|
|
100
|
+
error: 'Missing required field',
|
|
101
|
+
message: 'invitationId is required'
|
|
102
|
+
}, { status: 400 });
|
|
103
|
+
}
|
|
104
|
+
// Delete the invitation
|
|
105
|
+
const deleted = await databaseAdapter.deleteInvitation(body.invitationId);
|
|
106
|
+
if (!deleted) {
|
|
107
|
+
return json({
|
|
108
|
+
success: false,
|
|
109
|
+
error: 'Invitation not found'
|
|
110
|
+
}, { status: 404 });
|
|
111
|
+
}
|
|
112
|
+
return json({
|
|
113
|
+
success: true,
|
|
114
|
+
message: 'Invitation canceled successfully'
|
|
115
|
+
});
|
|
116
|
+
}
|
|
117
|
+
catch (error) {
|
|
118
|
+
console.error('Failed to cancel invitation:', error);
|
|
119
|
+
return json({
|
|
120
|
+
success: false,
|
|
121
|
+
error: 'Failed to cancel invitation',
|
|
122
|
+
message: error instanceof Error ? error.message : 'Unknown error'
|
|
123
|
+
}, { status: 500 });
|
|
124
|
+
}
|
|
125
|
+
};
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"organizations-members.d.ts","sourceRoot":"","sources":["../../src/lib/routes/organizations-members.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAGpD,eAAO,MAAM,GAAG,EAAE,cAkCjB,CAAC;AAGF,eAAO,MAAM,MAAM,EAAE,cAmIpB,CAAC;AAGF,eAAO,MAAM,KAAK,EAAE,cA4HnB,CAAC"}
|