npm - @aphexcms/cms-core - Versions diffs - 2.0.8 → 2.0.10 - Mend

@aphexcms/cms-core 2.0.8 → 2.0.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (167) hide show

package/dist/api/api-keys.d.ts +4 -7
package/dist/api/api-keys.d.ts.map +1 -1
package/dist/api/assets.d.ts +7 -22
package/dist/api/assets.d.ts.map +1 -1
package/dist/api/assets.js +1 -10
package/dist/api/documents.d.ts +17 -16
package/dist/api/documents.d.ts.map +1 -1
package/dist/api/documents.js +2 -2
package/dist/api/organizations.d.ts +15 -35
package/dist/api/organizations.d.ts.map +1 -1
package/dist/api/schemas/api-keys.d.ts +16 -0
package/dist/api/schemas/api-keys.d.ts.map +1 -0
package/dist/api/schemas/api-keys.js +9 -0
package/dist/api/schemas/assets.d.ts +174 -0
package/dist/api/schemas/assets.d.ts.map +1 -0
package/dist/api/schemas/assets.js +99 -0
package/dist/api/schemas/documents.d.ts +325 -0
package/dist/api/schemas/documents.d.ts.map +1 -0
package/dist/api/schemas/documents.js +161 -0
package/dist/api/schemas/organizations.d.ts +59 -0
package/dist/api/schemas/organizations.d.ts.map +1 -0
package/dist/api/schemas/organizations.js +45 -0
package/dist/api/schemas/user.d.ts +10 -0
package/dist/api/schemas/user.d.ts.map +1 -0
package/dist/api/schemas/user.js +11 -0
package/dist/api/user.d.ts +4 -6
package/dist/api/user.d.ts.map +1 -1
package/dist/auth/provider.d.ts +5 -0
package/dist/auth/provider.d.ts.map +1 -1
package/dist/client/index.d.ts +2 -0
package/dist/client/index.d.ts.map +1 -1
package/dist/client/index.js +3 -0
package/dist/components/AdminApp.svelte +8 -4
package/dist/components/AdminApp.svelte.d.ts.map +1 -1
package/dist/components/admin/DocumentEditor.svelte +23 -18
package/dist/components/admin/DocumentEditor.svelte.d.ts.map +1 -1
package/dist/components/admin/DocumentVersionPanel.svelte +18 -31
package/dist/components/admin/DocumentVersionPanel.svelte.d.ts.map +1 -1
package/dist/components/admin/confirm-dialog/ConfirmDialogHost.svelte +37 -0
package/dist/components/admin/confirm-dialog/ConfirmDialogHost.svelte.d.ts +19 -0
package/dist/components/admin/confirm-dialog/ConfirmDialogHost.svelte.d.ts.map +1 -0
package/dist/components/admin/confirm-dialog/confirm-dialog.svelte.d.ts +16 -0
package/dist/components/admin/confirm-dialog/confirm-dialog.svelte.d.ts.map +1 -0
package/dist/components/admin/confirm-dialog/confirm-dialog.svelte.js +29 -0
package/dist/hooks.d.ts.map +1 -1
package/dist/hooks.js +4 -0
package/dist/lib/api/api-keys.d.ts +4 -7
package/dist/lib/api/api-keys.d.ts.map +1 -1
package/dist/lib/api/api-keys.js.map +1 -1
package/dist/lib/api/assets.d.ts +7 -22
package/dist/lib/api/assets.d.ts.map +1 -1
package/dist/lib/api/assets.js +1 -10
package/dist/lib/api/assets.js.map +1 -1
package/dist/lib/api/documents.d.ts +17 -16
package/dist/lib/api/documents.d.ts.map +1 -1
package/dist/lib/api/documents.js +2 -2
package/dist/lib/api/documents.js.map +1 -1
package/dist/lib/api/organizations.d.ts +15 -35
package/dist/lib/api/organizations.d.ts.map +1 -1
package/dist/lib/api/organizations.js.map +1 -1
package/dist/lib/api/schemas/api-keys.d.ts +16 -0
package/dist/lib/api/schemas/api-keys.d.ts.map +1 -0
package/dist/lib/api/schemas/api-keys.js +10 -0
package/dist/lib/api/schemas/api-keys.js.map +1 -0
package/dist/lib/api/schemas/assets.d.ts +174 -0
package/dist/lib/api/schemas/assets.d.ts.map +1 -0
package/dist/lib/api/schemas/assets.js +100 -0
package/dist/lib/api/schemas/assets.js.map +1 -0
package/dist/lib/api/schemas/documents.d.ts +325 -0
package/dist/lib/api/schemas/documents.d.ts.map +1 -0
package/dist/lib/api/schemas/documents.js +162 -0
package/dist/lib/api/schemas/documents.js.map +1 -0
package/dist/lib/api/schemas/organizations.d.ts +59 -0
package/dist/lib/api/schemas/organizations.d.ts.map +1 -0
package/dist/lib/api/schemas/organizations.js +46 -0
package/dist/lib/api/schemas/organizations.js.map +1 -0
package/dist/lib/api/schemas/user.d.ts +10 -0
package/dist/lib/api/schemas/user.d.ts.map +1 -0
package/dist/lib/api/schemas/user.js +12 -0
package/dist/lib/api/schemas/user.js.map +1 -0
package/dist/lib/api/user.d.ts +4 -6
package/dist/lib/api/user.d.ts.map +1 -1
package/dist/lib/api/user.js.map +1 -1
package/dist/lib/auth/provider.d.ts +5 -0
package/dist/lib/auth/provider.d.ts.map +1 -1
package/dist/lib/client/index.d.ts +2 -0
package/dist/lib/client/index.d.ts.map +1 -1
package/dist/lib/client/index.js +3 -0
package/dist/lib/client/index.js.map +1 -1
package/dist/lib/components/admin/confirm-dialog/confirm-dialog.svelte.d.ts +16 -0
package/dist/lib/components/admin/confirm-dialog/confirm-dialog.svelte.d.ts.map +1 -0
package/dist/lib/components/admin/confirm-dialog/confirm-dialog.svelte.js +30 -0
package/dist/lib/components/admin/confirm-dialog/confirm-dialog.svelte.js.map +1 -0
package/dist/lib/hooks.d.ts.map +1 -1
package/dist/lib/hooks.js +4 -0
package/dist/lib/hooks.js.map +1 -1
package/dist/lib/routes/assets-bulk.d.ts.map +1 -1
package/dist/lib/routes/assets-bulk.js +10 -3
package/dist/lib/routes/assets-bulk.js.map +1 -1
package/dist/lib/routes/assets-by-id.d.ts.map +1 -1
package/dist/lib/routes/assets-by-id.js +11 -1
package/dist/lib/routes/assets-by-id.js.map +1 -1
package/dist/lib/routes/assets-references-counts.d.ts.map +1 -1
package/dist/lib/routes/assets-references-counts.js +12 -2
package/dist/lib/routes/assets-references-counts.js.map +1 -1
package/dist/lib/routes/assets.d.ts.map +1 -1
package/dist/lib/routes/assets.js +14 -13
package/dist/lib/routes/assets.js.map +1 -1
package/dist/lib/routes/document-versions.d.ts.map +1 -1
package/dist/lib/routes/document-versions.js +16 -2
package/dist/lib/routes/document-versions.js.map +1 -1
package/dist/lib/routes/documents-by-id.d.ts.map +1 -1
package/dist/lib/routes/documents-by-id.js +15 -3
package/dist/lib/routes/documents-by-id.js.map +1 -1
package/dist/lib/routes/documents-query.d.ts.map +1 -1
package/dist/lib/routes/documents-query.js +13 -10
package/dist/lib/routes/documents-query.js.map +1 -1
package/dist/lib/routes/documents.d.ts.map +1 -1
package/dist/lib/routes/documents.js +29 -26
package/dist/lib/routes/documents.js.map +1 -1
package/dist/lib/routes/organizations-by-id.d.ts.map +1 -1
package/dist/lib/routes/organizations-by-id.js +11 -1
package/dist/lib/routes/organizations-by-id.js.map +1 -1
package/dist/lib/routes/organizations-invitations.d.ts.map +1 -1
package/dist/lib/routes/organizations-invitations.js +32 -12
package/dist/lib/routes/organizations-invitations.js.map +1 -1
package/dist/lib/routes/organizations-members.d.ts.map +1 -1
package/dist/lib/routes/organizations-members.js +14 -16
package/dist/lib/routes/organizations-members.js.map +1 -1
package/dist/lib/routes/organizations-switch.d.ts.map +1 -1
package/dist/lib/routes/organizations-switch.js +7 -3
package/dist/lib/routes/organizations-switch.js.map +1 -1
package/dist/lib/routes/organizations.d.ts.map +1 -1
package/dist/lib/routes/organizations.js +8 -5
package/dist/lib/routes/organizations.js.map +1 -1
package/dist/lib/routes/user-preferences.d.ts.map +1 -1
package/dist/lib/routes/user-preferences.js +7 -13
package/dist/lib/routes/user-preferences.js.map +1 -1
package/dist/routes/assets-bulk.d.ts.map +1 -1
package/dist/routes/assets-bulk.js +10 -3
package/dist/routes/assets-by-id.d.ts.map +1 -1
package/dist/routes/assets-by-id.js +11 -1
package/dist/routes/assets-references-counts.d.ts.map +1 -1
package/dist/routes/assets-references-counts.js +12 -2
package/dist/routes/assets.d.ts.map +1 -1
package/dist/routes/assets.js +14 -13
package/dist/routes/document-versions.d.ts.map +1 -1
package/dist/routes/document-versions.js +16 -2
package/dist/routes/documents-by-id.d.ts.map +1 -1
package/dist/routes/documents-by-id.js +15 -3
package/dist/routes/documents-query.d.ts.map +1 -1
package/dist/routes/documents-query.js +13 -10
package/dist/routes/documents.d.ts.map +1 -1
package/dist/routes/documents.js +29 -26
package/dist/routes/organizations-by-id.d.ts.map +1 -1
package/dist/routes/organizations-by-id.js +11 -1
package/dist/routes/organizations-invitations.d.ts.map +1 -1
package/dist/routes/organizations-invitations.js +32 -12
package/dist/routes/organizations-members.d.ts.map +1 -1
package/dist/routes/organizations-members.js +14 -16
package/dist/routes/organizations-switch.d.ts.map +1 -1
package/dist/routes/organizations-switch.js +7 -3
package/dist/routes/organizations.d.ts.map +1 -1
package/dist/routes/organizations.js +8 -5
package/dist/routes/user-preferences.d.ts.map +1 -1
package/dist/routes/user-preferences.js +7 -13
package/package.json +5 -3

package/dist/lib/routes/user-preferences.js CHANGED Viewed

@@ -1,6 +1,7 @@
 // Aphex CMS User Preferences API Handler
 import { json } from '@sveltejs/kit';
 import { cmsLogger } from '../utils/logger.js';
+import { updateUserPreferencesRequest } from '../api/schemas/user.js';
 // GET /api/user/preferences - Get user preferences
 export const GET = async ({ locals }) => {
     try {
@@ -40,24 +41,17 @@ export const PATCH = async ({ request, locals }) => {
                 message: 'Session authentication required'
             }, { status: 401 });
         }
-        const body = (await request.json());
-        // Validate the preferences object
-        if (typeof body !== 'object' || body === null) {
+        const rawBody = await request.json();
+        const parsed = updateUserPreferencesRequest.safeParse(rawBody);
+        if (!parsed.success) {
             return json({
                 success: false,
                 error: 'Invalid request body',
-                message: 'Expected an object with preference values'
-            }, { status: 400 });
-        }
-        // Validate individual preference types
-        if (body.includeChildOrganizations !== undefined &&
-            typeof body.includeChildOrganizations !== 'boolean') {
-            return json({
-                success: false,
-                error: 'Invalid preference value',
-                message: 'includeChildOrganizations must be a boolean'
+                message: 'Invalid preference values',
+                issues: parsed.error.issues
             }, { status: 400 });
         }
+        const body = parsed.data;
         // Update preferences
         await databaseAdapter.updateUserPreferences(auth.user.id, body);
         // Get updated profile

package/dist/lib/routes/user-preferences.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"user-preferences.js","sourceRoot":"","sources":["../../../src/lib/routes/user-preferences.ts"],"names":[],"mappings":"AAAA,yCAAyC;AACzC,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;~~AAGrC~~,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;~~AAE5C~~,mDAAmD;AACnD,MAAM,CAAC,MAAM,GAAG,GAAmB,KAAK,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;IACvD,IAAI,CAAC;QACJ,MAAM,EAAE,eAAe,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC;QAC5C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;QAEzB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACtC,OAAO,IAAI,CACV;gBACC,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,cAAc;gBACrB,OAAO,EAAE,iCAAiC;aAC1C,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CACf,CAAC;QACH,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,eAAe,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAE5E,OAAO,IAAI,CAAC;YACX,OAAO,EAAE,IAAI;YACb,IAAI,EAAE,WAAW,EAAE,WAAW,IAAI,EAAE;SACpC,CAAC,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QAChB,SAAS,CAAC,KAAK,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAC;QAC1D,OAAO,IAAI,CACV;YACC,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,gCAAgC;YACvC,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;SACjE,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CACf,CAAC;IACH,CAAC;AACF,CAAC,CAAC;AAEF,yEAAyE;AACzE,MAAM,CAAC,MAAM,KAAK,GAAmB,KAAK,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE;IAClE,IAAI,CAAC;QACJ,MAAM,EAAE,eAAe,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC;QAC5C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;QAEzB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACtC,OAAO,IAAI,CACV;gBACC,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,cAAc;gBACrB,OAAO,EAAE,iCAAiC;aAC1C,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CACf,CAAC;QACH,CAAC;QAED,MAAM,~~IAAI~~,GAAG,~~CAAC,~~MAAM,OAAO,CAAC,IAAI,EAAE,~~CAAoC,~~CAAC;~~QAEvE~~,~~kCAAkC;QAClC~~,~~IAAI~~,~~OAAO~~,~~IAAI~~,~~KAAK~~,~~QAAQ~~,~~IAAI~~,~~IAAI~~,~~KAAK~~,IAAI,EAAE,CAAC;~~YAC/C~~,OAAO,IAAI,CACV;gBACC,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,sBAAsB;gBAC7B,OAAO,EAAE,~~2CAA2C~~;~~aACpD~~,~~EACD~~,EAAE,MAAM,~~EAAE,GAAG,EAAE,CACf,~~CAAC~~;QACH~~,~~CAAC;QAED,uCAAuC;QACvC,IACC,IAAI,CAAC,yBAAyB,~~KAAK,~~SAAS;YAC5C,OAAO,IAAI,~~CAAC,~~yBAAyB,KAAK,SAAS,EAClD,CAAC~~;~~YACF~~,~~OAAO~~,~~IAAI~~,~~CACV;gBACC~~,~~OAAO,~~EAAE,~~KAAK;gBACd~~,~~KAAK,~~EAAE,~~0BAA0B~~;~~gBACjC~~,~~OAAO,EAAE,6CAA6C~~;~~aACtD~~,~~EACD,EAAE,~~MAAM,~~EAAE~~,GAAG,~~EAAE~~,~~CACf,~~CAAC~~;QACH~~,CAAC;~~QAED~~,qBAAqB;QACrB,MAAM,eAAe,CAAC,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;QAEhE,sBAAsB;QACtB,MAAM,WAAW,GAAG,MAAM,eAAe,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAE5E,OAAO,IAAI,CAAC;YACX,OAAO,EAAE,IAAI;YACb,IAAI,EAAE,WAAW,EAAE,WAAW,IAAI,EAAE;SACpC,CAAC,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QAChB,SAAS,CAAC,KAAK,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;QAC7D,OAAO,IAAI,CACV;YACC,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,mCAAmC;YAC1C,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;SACjE,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CACf,CAAC;IACH,CAAC;AACF,CAAC,CAAC"}
1	+ {"version":3,"file":"user-preferences.js","sourceRoot":"","sources":["../../../src/lib/routes/user-preferences.ts"],"names":[],"mappings":"AAAA,yCAAyC;AACzC,OAAO,EAAE,IAAI,EAAE,MAAM,eAAe,CAAC;AAErC,OAAO,EAAE,SAAS,EAAE,MAAM,iBAAiB,CAAC;AAC5C,OAAO,EAAE,4BAA4B,EAAE,MAAM,qBAAqB,CAAC;AAEnE,mDAAmD;AACnD,MAAM,CAAC,MAAM,GAAG,GAAmB,KAAK,EAAE,EAAE,MAAM,EAAE,EAAE,EAAE;IACvD,IAAI,CAAC;QACJ,MAAM,EAAE,eAAe,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC;QAC5C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;QAEzB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACtC,OAAO,IAAI,CACV;gBACC,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,cAAc;gBACrB,OAAO,EAAE,iCAAiC;aAC1C,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CACf,CAAC;QACH,CAAC;QAED,MAAM,WAAW,GAAG,MAAM,eAAe,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAE5E,OAAO,IAAI,CAAC;YACX,OAAO,EAAE,IAAI;YACb,IAAI,EAAE,WAAW,EAAE,WAAW,IAAI,EAAE;SACpC,CAAC,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QAChB,SAAS,CAAC,KAAK,CAAC,iCAAiC,EAAE,KAAK,CAAC,CAAC;QAC1D,OAAO,IAAI,CACV;YACC,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,gCAAgC;YACvC,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;SACjE,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CACf,CAAC;IACH,CAAC;AACF,CAAC,CAAC;AAEF,yEAAyE;AACzE,MAAM,CAAC,MAAM,KAAK,GAAmB,KAAK,EAAE,EAAE,OAAO,EAAE,MAAM,EAAE,EAAE,EAAE;IAClE,IAAI,CAAC;QACJ,MAAM,EAAE,eAAe,EAAE,GAAG,MAAM,CAAC,QAAQ,CAAC;QAC5C,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;QAEzB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,EAAE,CAAC;YACtC,OAAO,IAAI,CACV;gBACC,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,cAAc;gBACrB,OAAO,EAAE,iCAAiC;aAC1C,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CACf,CAAC;QACH,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,IAAI,EAAE,CAAC;QACrC,MAAM,MAAM,GAAG,4BAA4B,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAC/D,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACrB,OAAO,IAAI,CACV;gBACC,OAAO,EAAE,KAAK;gBACd,KAAK,EAAE,sBAAsB;gBAC7B,OAAO,EAAE,2BAA2B;gBACpC,MAAM,EAAE,MAAM,CAAC,KAAK,CAAC,MAAM;aAC3B,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CACf,CAAC;QACH,CAAC;QACD,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC;QAEzB,qBAAqB;QACrB,MAAM,eAAe,CAAC,qBAAqB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,EAAE,IAAI,CAAC,CAAC;QAEhE,sBAAsB;QACtB,MAAM,WAAW,GAAG,MAAM,eAAe,CAAC,mBAAmB,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;QAE5E,OAAO,IAAI,CAAC;YACX,OAAO,EAAE,IAAI;YACb,IAAI,EAAE,WAAW,EAAE,WAAW,IAAI,EAAE;SACpC,CAAC,CAAC;IACJ,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QAChB,SAAS,CAAC,KAAK,CAAC,oCAAoC,EAAE,KAAK,CAAC,CAAC;QAC7D,OAAO,IAAI,CACV;YACC,OAAO,EAAE,KAAK;YACd,KAAK,EAAE,mCAAmC;YAC1C,OAAO,EAAE,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,eAAe;SACjE,EACD,EAAE,MAAM,EAAE,GAAG,EAAE,CACf,CAAC;IACH,CAAC;AACF,CAAC,CAAC"}

package/dist/routes/assets-bulk.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"assets-bulk.d.ts","sourceRoot":"","sources":["../../src/lib/routes/assets-bulk.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;~~AAGpD~~,eAAO,MAAM,MAAM,EAAE,~~cAwDpB~~,CAAC"}
1	+ {"version":3,"file":"assets-bulk.d.ts","sourceRoot":"","sources":["../../src/lib/routes/assets-bulk.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAIpD,eAAO,MAAM,MAAM,EAAE,cAgEpB,CAAC"}

package/dist/routes/assets-bulk.js CHANGED Viewed

@@ -1,5 +1,6 @@
 import { json } from '@sveltejs/kit';
 import { cmsLogger } from '../utils/logger.js';
+import { bulkDeleteAssetsRequest } from '../api/schemas/assets.js';
 export const DELETE = async ({ request, locals }) => {
     try {
         const { assetService, databaseAdapter } = locals.aphexCMS;
@@ -7,10 +8,16 @@ export const DELETE = async ({ request, locals }) => {
         if (!auth || auth.type === 'partial_session') {
             return json({ success: false, error: 'Unauthorized' }, { status: 401 });
         }
-        const { ids } = await request.json();
-        if (!Array.isArray(ids) || ids.length === 0) {
-            return json({ success: false, error: 'No asset IDs provided' }, { status: 400 });
+        const rawBody = await request.json();
+        const parsed = bulkDeleteAssetsRequest.safeParse(rawBody);
+        if (!parsed.success) {
+            return json({
+                success: false,
+                error: 'No asset IDs provided',
+                issues: parsed.error.issues
+            }, { status: 400 });
         }
+        const { ids } = parsed.data;
         // Check for references before deleting
         let referencedIds = [];
         if (databaseAdapter.countDocumentReferencesForAssets) {

package/dist/routes/assets-by-id.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"assets-by-id.d.ts","sourceRoot":"","sources":["../../src/lib/routes/assets-by-id.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;~~AAIpD~~,eAAO,MAAM,GAAG,EAAE,cA6BjB,CAAC;AAEF,eAAO,MAAM,MAAM,EAAE,cA0CpB,CAAC;AAEF,eAAO,MAAM,KAAK,EAAE,~~cAiDnB~~,CAAC"}
1	+ {"version":3,"file":"assets-by-id.d.ts","sourceRoot":"","sources":["../../src/lib/routes/assets-by-id.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAKpD,eAAO,MAAM,GAAG,EAAE,cA6BjB,CAAC;AAEF,eAAO,MAAM,MAAM,EAAE,cA0CpB,CAAC;AAEF,eAAO,MAAM,KAAK,EAAE,cA6DnB,CAAC"}

package/dist/routes/assets-by-id.js CHANGED Viewed

@@ -1,5 +1,6 @@
 import { json } from '@sveltejs/kit';
 import { cmsLogger } from '../utils/logger.js';
+import { updateAssetRequest } from '../api/schemas/assets.js';
 export const GET = async ({ params, locals }) => {
     try {
         const { assetService } = locals.aphexCMS;
@@ -69,7 +70,16 @@ export const PATCH = async ({ params, locals, request }) => {
         if (!id) {
             return json({ success: false, error: 'Asset ID is required' }, { status: 400 });
         }
-        const { title, description, alt, creditLine } = await request.json();
+        const rawBody = await request.json();
+        const parsed = updateAssetRequest.safeParse(rawBody);
+        if (!parsed.success) {
+            return json({
+                success: false,
+                error: 'Invalid request body',
+                issues: parsed.error.issues
+            }, { status: 400 });
+        }
+        const { title, description, alt, creditLine } = parsed.data;
         let updatedAsset;
         if (auth.type == 'session') {
             updatedAsset = await assetService.updateAssetMetadata(auth.organizationId, id, {

package/dist/routes/assets-references-counts.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"assets-references-counts.d.ts","sourceRoot":"","sources":["../../src/lib/routes/assets-references-counts.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;~~AAGpD~~;;;GAGG;AACH,eAAO,MAAM,IAAI,EAAE,~~cA4BlB~~,CAAC"}
1	+ {"version":3,"file":"assets-references-counts.d.ts","sourceRoot":"","sources":["../../src/lib/routes/assets-references-counts.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAIpD;;;GAGG;AACH,eAAO,MAAM,IAAI,EAAE,cAwClB,CAAC"}

package/dist/routes/assets-references-counts.js CHANGED Viewed

@@ -1,5 +1,6 @@
 import { json } from '@sveltejs/kit';
 import { cmsLogger } from '../utils/logger.js';
+import { assetReferenceCountsRequest } from '../api/schemas/assets.js';
 /**
  * POST /api/assets/references/counts
  * Get reference counts for multiple asset IDs in batch
@@ -11,8 +12,17 @@ export const POST = async ({ request, locals }) => {
         if (!auth || auth.type === 'partial_session') {
             return json({ success: false, error: 'Unauthorized' }, { status: 401 });
         }
-        const { ids } = await request.json();
-        if (!Array.isArray(ids) || ids.length === 0) {
+        const rawBody = await request.json();
+        const parsed = assetReferenceCountsRequest.safeParse(rawBody);
+        if (!parsed.success) {
+            return json({
+                success: false,
+                error: 'Invalid request body',
+                issues: parsed.error.issues
+            }, { status: 400 });
+        }
+        const { ids } = parsed.data;
+        if (ids.length === 0) {
             return json({ success: true, data: {} });
         }
         if (!databaseAdapter.countDocumentReferencesForAssets) {

package/dist/routes/assets.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"assets.d.ts","sourceRoot":"","sources":["../../src/lib/routes/assets.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;~~AAIpD~~,eAAO,MAAM,IAAI,EAAE,cAuFlB,CAAC;AAEF,eAAO,MAAM,GAAG,EAAE,~~cAiEjB~~,CAAC"}
1	+ {"version":3,"file":"assets.d.ts","sourceRoot":"","sources":["../../src/lib/routes/assets.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAKpD,eAAO,MAAM,IAAI,EAAE,cAuFlB,CAAC;AAEF,eAAO,MAAM,GAAG,EAAE,cAqEjB,CAAC"}

package/dist/routes/assets.js CHANGED Viewed

@@ -2,6 +2,7 @@
 import { json } from '@sveltejs/kit';
 import { cmsLogger } from '../utils/logger.js';
 import { validateFile } from '../utils/mime-detect.js';
+import { listAssetsQuery } from '../api/schemas/assets.js';
 export const POST = async ({ request, locals }) => {
     try {
         const { assetService } = locals.aphexCMS;
@@ -82,20 +83,20 @@ export const GET = async ({ url, locals }) => {
         if (!auth || auth.type === 'partial_session') {
             return json({ success: false, error: 'Unauthorized' }, { status: 401 });
         }
-        // Parse query parameters
-        const assetType = url.searchParams.get('assetType');
-        const mimeType = url.searchParams.get('mimeType') || undefined;
-        const search = url.searchParams.get('search') || undefined;
-        const limitParam = url.searchParams.get('limit');
-        const offsetParam = url.searchParams.get('offset');
-        const limit = limitParam ? parseInt(limitParam) : 20;
-        const offset = offsetParam ? parseInt(offsetParam) : 0;
+        const parsedQuery = listAssetsQuery.safeParse(Object.fromEntries(url.searchParams.entries()));
+        if (!parsedQuery.success) {
+            return json({
+                success: false,
+                error: 'Invalid query parameters',
+                issues: parsedQuery.error.issues
+            }, { status: 400 });
+        }
         const filters = {
-            assetType,
-            mimeType,
-            search,
-            limit: isNaN(limit) ? 20 : limit,
-            offset: isNaN(offset) ? 0 : offset
+            assetType: parsedQuery.data.assetType,
+            mimeType: parsedQuery.data.mimeType,
+            search: parsedQuery.data.search,
+            limit: parsedQuery.data.limit ?? 20,
+            offset: parsedQuery.data.offset ?? 0
         };
         // Fetch assets and total count in parallel
         const [fetchedAssets, totalAssets] = await Promise.all([

package/dist/routes/document-versions.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"document-versions.d.ts","sourceRoot":"","sources":["../../src/lib/routes/document-versions.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;~~AAKpD~~,eAAO,MAAM,GAAG,EAAE,~~cAuDjB~~,CAAC;AAGF,eAAO,MAAM,UAAU,EAAE,cAuCxB,CAAC;AAGF,eAAO,MAAM,cAAc,EAAE,cA4C5B,CAAC"}
1	+ {"version":3,"file":"document-versions.d.ts","sourceRoot":"","sources":["../../src/lib/routes/document-versions.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAMpD,eAAO,MAAM,GAAG,EAAE,cAyEjB,CAAC;AAGF,eAAO,MAAM,UAAU,EAAE,cAuCxB,CAAC;AAGF,eAAO,MAAM,cAAc,EAAE,cA4C5B,CAAC"}

package/dist/routes/document-versions.js CHANGED Viewed

@@ -2,6 +2,7 @@
 import { json } from '@sveltejs/kit';
 import { authToContext } from '../local-api/auth-helpers.js';
 import { cmsLogger } from '../utils/logger.js';
+import { listVersionsQuery } from '../api/schemas/documents.js';
 // GET /api/documents/[id]/versions - List version history
 export const GET = async ({ params, url, locals }) => {
     try {
@@ -11,14 +12,27 @@ export const GET = async ({ params, url, locals }) => {
         if (!id) {
             return json({ success: false, error: 'Document ID is required' }, { status: 400 });
         }
-        const limit = parseInt(url.searchParams.get('limit') || '25');
-        const offset = parseInt(url.searchParams.get('offset') || '0');
+        const parsedQuery = listVersionsQuery.safeParse(Object.fromEntries(url.searchParams.entries()));
+        if (!parsedQuery.success) {
+            return json({
+                success: false,
+                error: 'Invalid query parameters',
+                issues: parsedQuery.error.issues
+            }, { status: 400 });
+        }
+        const limit = parsedQuery.data.limit ?? 25;
+        const offset = parsedQuery.data.offset ?? 0;
         const result = await localAPI.versionService.listVersions(databaseAdapter, context.organizationId, id, { limit, offset });
         // Resolve user names for createdBy IDs
         const userIds = [...new Set(result.versions.map((v) => v.createdBy).filter(Boolean))];
         const userMap = new Map();
         if (userIds.length > 0 && locals.aphexCMS.auth) {
             await Promise.all(userIds.map(async (userId) => {
+                // API key actions are stored as "apikey:<id>" — resolve to a friendly label
+                if (userId.startsWith('apikey:')) {
+                    userMap.set(userId, 'API Key');
+                    return;
+                }
                 try {
                     const user = await locals.aphexCMS.auth.getUserById(userId);
                     if (user) {

package/dist/routes/documents-by-id.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"documents-by-id.d.ts","sourceRoot":"","sources":["../../src/lib/routes/documents-by-id.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;~~AAOpD~~,eAAO,MAAM,GAAG,EAAE,cAuEjB,CAAC;AAIF,eAAO,MAAM,GAAG,EAAE,~~cAkFjB~~,CAAC;AAGF,eAAO,MAAM,MAAM,EAAE,cA+DpB,CAAC"}
1	+ {"version":3,"file":"documents-by-id.d.ts","sourceRoot":"","sources":["../../src/lib/routes/documents-by-id.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAQpD,eAAO,MAAM,GAAG,EAAE,cAuEjB,CAAC;AAIF,eAAO,MAAM,GAAG,EAAE,cAiGjB,CAAC;AAGF,eAAO,MAAM,MAAM,EAAE,cA+DpB,CAAC"}

package/dist/routes/documents-by-id.js CHANGED Viewed

@@ -3,6 +3,7 @@ import { json } from '@sveltejs/kit';
 import { authToContext } from '../local-api/auth-helpers.js';
 import { PermissionError } from '../local-api/permissions.js';
 import { cmsLogger } from '../utils/logger.js';
+import { updateDocumentRequest } from '../api/schemas/documents.js';
 // GET /api/documents/[id] - Get document by ID
 // TODO ENABLE CHILDREN ORG ACCESS BY DEFAULT - BECAUSE IF A PARENT ORG IS TRYING TO ACCESS A CHILD ORG. It should already have access to said id.
 export const GET = async ({ params, url, locals }) => {
@@ -67,12 +68,23 @@ export const PUT = async ({ params, request, locals }) => {
         const { localAPI } = locals.aphexCMS;
         const context = authToContext(locals.auth);
         const { id } = params;
-        const body = await request.json();
         if (!id) {
             return json({ success: false, error: 'Document ID is required' }, { status: 400 });
         }
-        const documentData = body.draftData || body.data;
-        const shouldPublish = body.publish || false;
+        const rawBody = await request.json();
+        const parsed = updateDocumentRequest.safeParse(rawBody);
+        if (!parsed.success) {
+            return json({
+                success: false,
+                error: 'Invalid request body',
+                issues: parsed.error.issues
+            }, { status: 400 });
+        }
+        const documentData = parsed.data.draftData ?? parsed.data.data;
+        if (!documentData) {
+            return json({ success: false, error: 'Document data is required' }, { status: 400 });
+        }
+        const shouldPublish = parsed.data.publish ?? false;
         // Fetch document to get its type (hierarchy-aware, no RLS transaction)
         const found = await localAPI.findDocumentById(context, id);
         if (!found) {

package/dist/routes/documents-query.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"documents-query.d.ts","sourceRoot":"","sources":["../../src/lib/routes/documents-query.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;~~AAUpD~~;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,eAAO,MAAM,IAAI,EAAE,~~cAuFlB~~,CAAC"}
1	+ {"version":3,"file":"documents-query.d.ts","sourceRoot":"","sources":["../../src/lib/routes/documents-query.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAWpD;;;;;;;;;;;;;;;;;;;;;;GAsBG;AACH,eAAO,MAAM,IAAI,EAAE,cAyFlB,CAAC"}

package/dist/routes/documents-query.js CHANGED Viewed

@@ -3,6 +3,7 @@ import { json } from '@sveltejs/kit';
 import { authToContext } from '../local-api/auth-helpers.js';
 import { PermissionError } from '../local-api/permissions.js';
 import { cmsLogger } from '../utils/logger.js';
+import { queryDocumentsRequest } from '../api/schemas/documents.js';
 // Default values
 const DEFAULT_PAGE_SIZE = 20;
 const DEFAULT_PAGE = 1;
@@ -33,16 +34,18 @@ export const POST = async ({ request, locals }) => {
     try {
         const { localAPI } = locals.aphexCMS;
         const context = authToContext(locals.auth);
-        const body = await request.json();
-        // Extract document type
-        const documentType = body.type;
-        if (!documentType) {
+        const rawBody = await request.json();
+        const parsed = queryDocumentsRequest.safeParse(rawBody);
+        if (!parsed.success) {
             return json({
                 success: false,
                 error: 'Bad Request',
-                message: 'Document type is required in request body'
+                message: 'Document type is required in request body',
+                issues: parsed.error.issues
             }, { status: 400 });
         }
+        const body = parsed.data;
+        const documentType = body.type;
         // Check if collection exists
         if (!localAPI.hasCollection(documentType)) {
             return json({
@@ -52,18 +55,18 @@ export const POST = async ({ request, locals }) => {
             }, { status: 400 });
         }
         // Parse pagination - support both page-based and offset-based
-        const page = body.page ? Math.max(1, parseInt(body.page)) : DEFAULT_PAGE;
-        const pageSize = body.pageSize || body.limit || DEFAULT_PAGE_SIZE;
+        const page = body.page ?? DEFAULT_PAGE;
+        const pageSize = body.pageSize ?? body.limit ?? DEFAULT_PAGE_SIZE;
         const offset = body.offset !== undefined ? body.offset : (page - 1) * pageSize;
         // Build FindOptions from request body
         const findOptions = {
             where: body.where,
             limit: pageSize,
-            offset: offset,
+            offset,
             sort: body.sort,
-            depth: body.depth !== undefined ? Math.max(0, Math.min(body.depth, 5)) : 0,
+            depth: body.depth ?? 0,
             select: body.select,
-            perspective: body.perspective || 'draft',
+            perspective: body.perspective ?? 'draft',
             includeChildOrganizations: body.includeChildOrganizations,
             filterOrganizationIds: body.filterOrganizationIds
         };

package/dist/routes/documents.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"documents.d.ts","sourceRoot":"","sources":["../../src/lib/routes/documents.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;~~AAUpD~~,eAAO,MAAM,GAAG,EAAE,~~cAwGjB~~,CAAC;AAGF,eAAO,MAAM,IAAI,EAAE,~~cAmFlB~~,CAAC"}
1	+ {"version":3,"file":"documents.d.ts","sourceRoot":"","sources":["../../src/lib/routes/documents.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAWpD,eAAO,MAAM,GAAG,EAAE,cA6GjB,CAAC;AAGF,eAAO,MAAM,IAAI,EAAE,cAkFlB,CAAC"}

package/dist/routes/documents.js CHANGED Viewed

@@ -3,6 +3,7 @@ import { json } from '@sveltejs/kit';
 import { authToContext } from '../local-api/auth-helpers.js';
 import { PermissionError } from '../local-api/permissions.js';
 import { cmsLogger } from '../utils/logger.js';
+import { createDocumentRequest, listDocumentsQuery } from '../api/schemas/documents.js';
 // Default values for API
 const DEFAULT_PAGE_SIZE = 20;
 const DEFAULT_PAGE = 1;
@@ -11,25 +12,27 @@ export const GET = async ({ url, locals }) => {
     try {
         const { localAPI } = locals.aphexCMS;
         const context = authToContext(locals.auth);
-        // Parse query params
-        const docType = url.searchParams.get('type') || url.searchParams.get('docType');
-        const status = url.searchParams.get('status');
-        const pageParam = url.searchParams.get('page');
-        const pageSizeParam = url.searchParams.get('pageSize') || url.searchParams.get('limit');
-        const depthParam = url.searchParams.get('depth');
-        const sortParam = url.searchParams.get('sort');
-        const perspective = url.searchParams.get('perspective') || 'draft';
-        const includeChildOrganizations = url.searchParams.get('includeChildOrganizations') === 'true';
-        const filterOrganizationIds = url.searchParams
-            .get('filterOrganizationIds')
-            ?.split(',')
-            .filter(Boolean);
-        // Parse pagination
-        const page = pageParam ? Math.max(1, parseInt(pageParam)) : DEFAULT_PAGE;
-        const pageSize = pageSizeParam ? parseInt(pageSizeParam) : DEFAULT_PAGE_SIZE;
+        // Parse + validate query params with zod
+        const rawQuery = Object.fromEntries(url.searchParams.entries());
+        const parsedQuery = listDocumentsQuery.safeParse(rawQuery);
+        if (!parsedQuery.success) {
+            return json({
+                success: false,
+                error: 'Invalid query parameters',
+                issues: parsedQuery.error.issues
+            }, { status: 400 });
+        }
+        const q = parsedQuery.data;
+        const docType = q.type ?? q.docType;
+        const status = q.status;
+        const sortParam = Array.isArray(q.sort) ? q.sort.join(',') : q.sort;
+        const perspective = q.perspective ?? 'draft';
+        const includeChildOrganizations = q.includeChildOrganizations;
+        const filterOrganizationIds = q.filterOrganizationIds;
+        const page = q.page ?? DEFAULT_PAGE;
+        const pageSize = q.pageSize ?? q.limit ?? DEFAULT_PAGE_SIZE;
         const offset = (page - 1) * pageSize;
-        // Parse depth (clamp between 0-5)
-        const depth = depthParam ? Math.max(0, Math.min(parseInt(depthParam), 5)) : 0;
+        const depth = q.depth ?? 0;
         if (!docType) {
             return json({
                 success: false,
@@ -96,18 +99,18 @@ export const POST = async ({ request, locals }) => {
     try {
         const { localAPI } = locals.aphexCMS;
         const context = authToContext(locals.auth);
-        const body = await request.json();
-        // Validate required fields (support both old and new format)
-        const documentType = body.type;
-        const documentData = body.draftData || body.data;
-        const shouldPublish = body.publish || false;
-        if (!documentType || !documentData) {
+        const rawBody = await request.json();
+        const parsed = createDocumentRequest.safeParse(rawBody);
+        if (!parsed.success) {
             return json({
                 success: false,
-                error: 'Missing required fields',
-                message: 'Document type and data are required'
+                error: 'Invalid request body',
+                issues: parsed.error.issues
             }, { status: 400 });
         }
+        const documentType = parsed.data.type;
+        const documentData = (parsed.data.draftData ?? parsed.data.data);
+        const shouldPublish = parsed.data.publish ?? false;
         // Get collection API (TypeScript-safe)
         const collection = localAPI.collections[documentType];
         if (!collection) {

package/dist/routes/organizations-by-id.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"organizations-by-id.d.ts","sourceRoot":"","sources":["../../src/lib/routes/organizations-by-id.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;~~AAIpD~~,eAAO,MAAM,GAAG,EAAE,cAmEjB,CAAC;AAGF,eAAO,MAAM,KAAK,EAAE,~~cAgGnB~~,CAAC;AAGF,eAAO,MAAM,MAAM,EAAE,cAmFpB,CAAC"}
1	+ {"version":3,"file":"organizations-by-id.d.ts","sourceRoot":"","sources":["../../src/lib/routes/organizations-by-id.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAKpD,eAAO,MAAM,GAAG,EAAE,cAmEjB,CAAC;AAGF,eAAO,MAAM,KAAK,EAAE,cA4GnB,CAAC;AAGF,eAAO,MAAM,MAAM,EAAE,cAmFpB,CAAC"}

package/dist/routes/organizations-by-id.js CHANGED Viewed

@@ -1,6 +1,7 @@
 // Aphex CMS Organization by ID API Handlers
 import { json } from '@sveltejs/kit';
 import { cmsLogger } from '../utils/logger.js';
+import { updateOrganizationRequest } from '../api/schemas/organizations.js';
 // GET /api/organizations/[id] - Get organization by ID
 export const GET = async ({ params, locals }) => {
     try {
@@ -80,7 +81,16 @@ export const PATCH = async ({ params, request, locals }) => {
                 message: 'Only owners and admins can update organization settings'
             }, { status: 403 });
         }
-        const body = await request.json();
+        const rawBody = await request.json();
+        const parsed = updateOrganizationRequest.safeParse(rawBody);
+        if (!parsed.success) {
+            return json({
+                success: false,
+                error: 'Invalid request body',
+                issues: parsed.error.issues
+            }, { status: 400 });
+        }
+        const body = parsed.data;
         // Validate: if slug is being changed, check it's not already taken
         if (body.slug) {
             const existingOrg = await databaseAdapter.findOrganizationBySlug(body.slug);

package/dist/routes/organizations-invitations.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"organizations-invitations.d.ts","sourceRoot":"","sources":["../../src/lib/routes/organizations-invitations.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;~~AAIpD~~,eAAO,MAAM,IAAI,EAAE,~~cAyGlB~~,CAAC;AAGF,eAAO,MAAM,MAAM,EAAE,~~cAqEpB~~,CAAC"}
1	+ {"version":3,"file":"organizations-invitations.d.ts","sourceRoot":"","sources":["../../src/lib/routes/organizations-invitations.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAKpD,eAAO,MAAM,IAAI,EAAE,cA+HlB,CAAC;AAGF,eAAO,MAAM,MAAM,EAAE,cAuEpB,CAAC"}

package/dist/routes/organizations-invitations.js CHANGED Viewed

@@ -1,6 +1,7 @@
 // Aphex CMS Organization Invitations API Handlers
 import { json } from '@sveltejs/kit';
 import { cmsLogger } from '../utils/logger.js';
+import { inviteMemberRequest, cancelInvitationRequest } from '../api/schemas/organizations.js';
 // POST /api/organizations/invitations - Create/send an invitation
 export const POST = async ({ request, locals }) => {
     try {
@@ -21,23 +22,39 @@ export const POST = async ({ request, locals }) => {
                 message: 'Only owners and admins can invite members'
             }, { status: 403 });
         }
-        const body = await request.json();
-        if (!body.email || !body.role) {
+        const rawBody = await request.json();
+        const parsed = inviteMemberRequest.safeParse(rawBody);
+        if (!parsed.success) {
             return json({
                 success: false,
-                error: 'Missing required fields',
-                message: 'email and role are required'
+                error: 'Invalid request body',
+                message: 'email and role (admin|editor|viewer) are required',
+                issues: parsed.error.issues
             }, { status: 400 });
         }
-        // Validate role
-        const validRoles = ['admin', 'editor', 'viewer'];
-        if (!validRoles.includes(body.role)) {
+        const body = parsed.data;
+        // Reject self-invitation
+        if (body.email.toLowerCase() === auth.user.email.toLowerCase()) {
             return json({
                 success: false,
-                error: 'Invalid role',
-                message: 'Role must be one of: admin, editor, viewer'
+                error: 'Invalid invitation',
+                message: 'You cannot invite yourself'
             }, { status: 400 });
         }
+        // Reject if the invitee is already a member of the organization
+        if (locals.aphexCMS.auth) {
+            const existingUser = await locals.aphexCMS.auth.getUserByEmail(body.email);
+            if (existingUser) {
+                const existingMembership = await databaseAdapter.findUserMembership(existingUser.id, auth.organizationId);
+                if (existingMembership) {
+                    return json({
+                        success: false,
+                        error: 'Already a member',
+                        message: 'This user is already a member of the organization'
+                    }, { status: 400 });
+                }
+            }
+        }
         // Check if there's already a pending invitation for this email
         const existingInvitations = await databaseAdapter.findOrganizationInvitations(auth.organizationId);
         const pendingInvitation = existingInvitations.find((inv) => inv.email.toLowerCase() === body.email.toLowerCase() && inv.acceptedAt === null);
@@ -94,14 +111,17 @@ export const DELETE = async ({ request, locals }) => {
                 message: 'Only owners and admins can cancel invitations'
             }, { status: 403 });
         }
-        const body = await request.json();
-        if (!body.invitationId) {
+        const rawBody = await request.json();
+        const parsed = cancelInvitationRequest.safeParse(rawBody);
+        if (!parsed.success) {
             return json({
                 success: false,
                 error: 'Missing required field',
-                message: 'invitationId is required'
+                message: 'invitationId is required',
+                issues: parsed.error.issues
             }, { status: 400 });
         }
+        const body = parsed.data;
         // Delete the invitation
         const deleted = await databaseAdapter.deleteInvitation(body.invitationId);
         if (!deleted) {

package/dist/routes/organizations-members.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"organizations-members.d.ts","sourceRoot":"","sources":["../../src/lib/routes/organizations-members.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;~~AAIpD~~,eAAO,MAAM,GAAG,EAAE,cAkCjB,CAAC;AAGF,eAAO,MAAM,MAAM,EAAE,~~cAmIpB~~,CAAC;AAGF,eAAO,MAAM,KAAK,EAAE,~~cA4HnB~~,CAAC"}
1	+ {"version":3,"file":"organizations-members.d.ts","sourceRoot":"","sources":["../../src/lib/routes/organizations-members.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAKpD,eAAO,MAAM,GAAG,EAAE,cAkCjB,CAAC;AAGF,eAAO,MAAM,MAAM,EAAE,cAqIpB,CAAC;AAGF,eAAO,MAAM,KAAK,EAAE,cAiHnB,CAAC"}

package/dist/routes/organizations-members.js CHANGED Viewed

@@ -1,6 +1,7 @@
 // Aphex CMS Organization Members API Handlers
 import { json } from '@sveltejs/kit';
 import { cmsLogger } from '../utils/logger.js';
+import { removeMemberRequest, updateMemberRoleRequest } from '../api/schemas/organizations.js';
 // GET /api/organizations/members - List organization members
 export const GET = async ({ locals }) => {
     try {
@@ -49,14 +50,17 @@ export const DELETE = async ({ request, locals }) => {
                 message: 'Only owners and admins can remove members'
             }, { status: 403 });
         }
-        const body = await request.json();
-        if (!body.userId) {
+        const rawBody = await request.json();
+        const parsed = removeMemberRequest.safeParse(rawBody);
+        if (!parsed.success) {
             return json({
                 success: false,
                 error: 'Missing required field',
-                message: 'userId is required'
+                message: 'userId is required',
+                issues: parsed.error.issues
             }, { status: 400 });
         }
+        const body = parsed.data;
         // Prevent removing yourself
         if (body.userId === auth.user.id) {
             return json({
@@ -141,23 +145,17 @@ export const PATCH = async ({ request, locals }) => {
                 message: 'Only owners and admins can update member roles'
             }, { status: 403 });
         }
-        const body = await request.json();
-        if (!body.userId || !body.role) {
+        const rawBody = await request.json();
+        const parsed = updateMemberRoleRequest.safeParse(rawBody);
+        if (!parsed.success) {
             return json({
                 success: false,
-                error: 'Missing required fields',
-                message: 'userId and role are required'
-            }, { status: 400 });
-        }
-        // Validate role
-        const validRoles = ['owner', 'admin', 'editor', 'viewer'];
-        if (!validRoles.includes(body.role)) {
-            return json({
-                success: false,
-                error: 'Invalid role',
-                message: 'Role must be one of: owner, admin, editor, viewer'
+                error: 'Invalid request body',
+                message: 'userId and role (owner|admin|editor|viewer) are required',
+                issues: parsed.error.issues
             }, { status: 400 });
         }
+        const body = parsed.data;
         // Prevent changing your own role
         if (body.userId === auth.user.id) {
             return json({

package/dist/routes/organizations-switch.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"organizations-switch.d.ts","sourceRoot":"","sources":["../../src/lib/routes/organizations-switch.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;~~AAIpD~~,eAAO,MAAM,IAAI,EAAE,~~cAoElB~~,CAAC"}
1	+ {"version":3,"file":"organizations-switch.d.ts","sourceRoot":"","sources":["../../src/lib/routes/organizations-switch.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAKpD,eAAO,MAAM,IAAI,EAAE,cAsElB,CAAC"}