@arch-cadre/panel 1.0.6 → 1.0.9

package/src/actions/actions.ts

@@ -0,0 +1,17 @@
+"use server";
+
+import { signOut as signOutAction } from "@arch-cadre/core/server";
+import { getTranslation } from "@arch-cadre/intl/server";
+import { revalidatePath } from "next/cache";
+
+/**
+ * Modern Logout Action delegating to Core Auth
+ */
+export async function logoutAction() {
+  await signOutAction();
+  const { t } = await getTranslation();
+
+  t("Pos");
+
+  revalidatePath("/", "layout");
+}

package/src/actions/activity-log/index.ts

@@ -0,0 +1,17 @@
+"use server";
+
+import { db, userTable } from "@arch-cadre/core/server";
+import { desc, eq } from "drizzle-orm";
+import { activityLogsTable } from "../../schema/activity-log.js";
+
+export async function getActivityLogs() {
+  return await db
+    .select({
+      log: activityLogsTable,
+      user: { name: userTable.name, email: userTable.email },
+    })
+    .from(activityLogsTable)
+    .leftJoin(userTable, eq(activityLogsTable.userId, userTable.id))
+    .orderBy(desc(activityLogsTable.createdAt))
+    .limit(100);
+}

package/src/actions/index.ts

@@ -0,0 +1,2 @@
+export * from "./actions.js";
+export * from "./settings.js";

package/src/actions/manager.ts

@@ -0,0 +1,168 @@
+"use server";
+
+import { exec } from "node:child_process";
+import fs, { constants } from "node:fs/promises";
+import path from "node:path";
+import { promisify } from "node:util";
+import {
+  db,
+  eventBus,
+  getModulesDir,
+  systemModulesTable,
+} from "@arch-cadre/core/server";
+import {
+  getModuleStatus,
+  getModules,
+  ModuleManifestSchema,
+  toggleModuleState,
+} from "@arch-cadre/modules/server";
+import AdmZip from "adm-zip";
+import { revalidatePath, unstable_noStore } from "next/cache";
+
+export async function toggleModuleAction(moduleId: string, isEnabled: boolean) {
+  try {
+    console.log(
+      `[Module:ModuleManager] Toggle request for ${moduleId} -> ${isEnabled}`,
+    );
+    const result = await toggleModuleState(moduleId, isEnabled);
+    await eventBus.publish("system:module:toggle", { moduleId, isEnabled });
+    revalidatePath("/admin/modules");
+    revalidatePath("/module/module-manager");
+    return result;
+  } catch (error) {
+    console.error(
+      `[Module:ModuleManager] Error toggling module ${moduleId}:`,
+      error,
+    );
+    throw error;
+  }
+}
+
+export async function uploadModuleAction(formData: FormData) {
+  try {
+    const file = formData.get("file") as File;
+    if (!file) throw new Error("No file provided");
+
+    const buffer = Buffer.from(await file.arrayBuffer());
+    const zip = new AdmZip(buffer);
+    const zipEntries = zip.getEntries();
+
+    const manifestEntry = zipEntries.find((e) =>
+      e.entryName.endsWith("manifest.json"),
+    );
+    if (!manifestEntry) throw new Error("ZIP must contain manifest.json");
+
+    const moduleRootInZip = manifestEntry.entryName.replace(
+      "manifest.json",
+      "",
+    );
+
+    const manifestRaw = JSON.parse(manifestEntry.getData().toString("utf8"));
+    const manifest = ModuleManifestSchema.parse(manifestRaw);
+
+    const modulesDir = await getModulesDir();
+    const targetDir = path.join(modulesDir, manifest.id);
+
+    try {
+      await fs.access(targetDir);
+      throw new Error(`Module with ID "${manifest.id}" already exists.`);
+    } catch (e: any) {
+      if (e.message.includes("already exists")) throw e;
+    }
+
+    await fs.mkdir(targetDir, { recursive: true });
+
+    for (const entry of zipEntries) {
+      if (entry.entryName.startsWith(moduleRootInZip) && !entry.isDirectory) {
+        const relativePath = entry.entryName.slice(moduleRootInZip.length);
+        const fullPath = path.join(targetDir, relativePath);
+        await fs.mkdir(path.dirname(fullPath), { recursive: true });
+        await fs.writeFile(fullPath, entry.getData());
+      }
+    }
+
+    await db
+      .insert(systemModulesTable)
+      .values({
+        id: manifest.id,
+        enabled: false,
+        installed: false,
+        system: manifest.system ?? false,
+      })
+      .onConflictDoNothing();
+
+    console.log(
+      `[Module:ModuleManager] Module "${manifest.id}" uploaded and extracted.`,
+    );
+    await eventBus.publish("system:module:upload", {
+      moduleId: manifest.id,
+      manifest,
+    });
+    revalidatePath("/admin/modules");
+    revalidatePath("/module/module-manager");
+    return { success: true };
+  } catch (error) {
+    console.error(`[Module:ModuleManager] Upload error:`, error);
+    return { success: false, error: (error as Error).message };
+  }
+}
+
+export async function checkDiskWriteAccess() {
+  const modulesDir = await getModulesDir();
+  try {
+    await fs.access(modulesDir, constants.W_OK);
+    return { canWrite: true };
+  } catch (error) {
+    console.error(
+      "[Module:ModuleManager] No write access to modules directory:",
+      error,
+    );
+    return { canWrite: false };
+  }
+}
+
+export async function getModuleStatusAction(moduleId: string) {
+  unstable_noStore();
+  return await getModuleStatus(moduleId);
+}
+
+export async function getModulesAction() {
+  unstable_noStore();
+  return await getModules();
+}
+
+export async function getModuleDocumentation(moduleId: string) {
+  const modulesDir = await getModulesDir();
+  const docsDir = path.join(modulesDir, moduleId, "docs");
+  try {
+    const exists = await fs
+      .access(docsDir)
+      .then(() => true)
+      .catch(() => false);
+    if (!exists) return null;
+
+    const files = await fs.readdir(docsDir);
+    const mdFiles = files.filter((f) => f.endsWith(".md"));
+
+    if (mdFiles.length === 0) return null;
+
+    const docs = await Promise.all(
+      mdFiles.map(async (file) => {
+        const content = await fs.readFile(path.join(docsDir, file), "utf-8");
+        return {
+          filename: file,
+          title: file
+            .replace(".md", "")
+            .split("-")
+            .map((s) => s.charAt(0).toUpperCase() + s.slice(1))
+            .join(" "),
+          content,
+        };
+      }),
+    );
+
+    return docs;
+  } catch (_error) {
+    return null;
+  }
+}

package/src/actions/profile.ts

@@ -0,0 +1,173 @@
+"use server";
+
+import type { SessionFlags } from "@arch-cadre/core";
+import {
+  checkEmailAvailability,
+  createEmailVerificationRequest,
+  createSession,
+  eventBus,
+  filesystemService,
+  generateSessionToken,
+  getCurrentSession,
+  getUserPasswordHash,
+  invalidateUserSessions,
+  sendVerificationEmail,
+  setEmailVerificationRequestCookie,
+  setSessionTokenCookie,
+  updateUserAwatar,
+  updateUserName,
+  updateUserPassword,
+  verifyEmailInput,
+  verifyPasswordHash,
+  verifyPasswordStrength,
+} from "@arch-cadre/core/server";
+import { getTranslation } from "@arch-cadre/intl/server";
+import { revalidatePath } from "next/cache";
+import { redirect } from "next/navigation";
+import type { ActionResult } from "../types.js";
+
+export async function updatePasswordAction(
+  _prev: ActionResult,
+  formData: FormData,
+): Promise<ActionResult> {
+  const { t } = await getTranslation();
+  const { session, user } = await getCurrentSession();
+  if (session === null || user === null) {
+    return { success: false, message: t("Not authenticated") };
+  }
+
+  if (user.registered2FA && !session.two_factor_verified) {
+    return { success: false, message: t("Forbidden") };
+  }
+
+  const password = formData.get("password");
+  const newPassword = formData.get("new_password");
+
+  if (typeof password !== "string" || typeof newPassword !== "string") {
+    return { success: false, message: t("Invalid or missing fields") };
+  }
+
+  if (!verifyPasswordStrength(newPassword)) {
+    return { success: false, message: t("Weak password") };
+  }
+
+  const passwordHash = await getUserPasswordHash(user.id);
+  if (!passwordHash) return { success: false, message: t("Internal error") };
+
+  const validPassword = await verifyPasswordHash(passwordHash, password);
+  if (!validPassword) {
+    return { success: false, message: t("Incorrect password") };
+  }
+
+  await invalidateUserSessions(user.id);
+  await updateUserPassword(user.id, newPassword);
+
+  const sessionToken = await generateSessionToken();
+  const sessionFlags: SessionFlags = {
+    twoFactorVerified: session.two_factor_verified ?? false,
+  };
+  const newSession = await createSession(sessionToken, user.id, sessionFlags);
+  await setSessionTokenCookie(sessionToken, newSession.expiresAt);
+
+  await eventBus.publish(
+    "activity.create",
+    {
+      action: "profile.updated.password",
+      description: `User ${user?.name} updated their password`,
+      userId: user?.id,
+      metadata: {},
+    },
+    "profile",
+  );
+
+  return { success: true, message: t("Updated password") };
+}
+
+export async function updateEmailAction(
+  _prev: ActionResult,
+  formData: FormData,
+): Promise<ActionResult> {
+  const { t } = await getTranslation();
+  const { session, user } = await getCurrentSession();
+  if (session === null || user === null)
+    return { success: false, message: t("Not authenticated") };
+  if (user.registered2FA && !session.two_factor_verified)
+    return { success: false, message: t("Forbidden") };
+
+  const email = formData.get("email");
+  if (typeof email !== "string" || email === "") {
+    return { success: false, message: t("Please enter your email") };
+  }
+  if (!verifyEmailInput(email)) {
+    return { success: false, message: t("Please enter a valid email") };
+  }
+  const emailAvailable = await checkEmailAvailability(email);
+  if (!emailAvailable) {
+    return { success: false, message: t("This email is already used") };
+  }
+
+  const verificationRequest = await createEmailVerificationRequest(
+    user.id,
+    email,
+  );
+  await sendVerificationEmail(
+    verificationRequest.email,
+    verificationRequest.code,
+  );
+  await setEmailVerificationRequestCookie(verificationRequest);
+
+  await eventBus.publish(
+    "activity.create",
+    {
+      action: "profile.updated.email",
+      description: `User ${user?.name} updated their email`,
+      userId: user?.id,
+      metadata: { email },
+    },
+    "profile",
+  );
+
+  return redirect("/verify-email");
+}
+
+export async function updateProfileAction(
+  name: string,
+  image?: File,
+): Promise<{ error?: string; success?: boolean; message?: string }> {
+  const { session, user } = await getCurrentSession();
+
+  const { t } = await getTranslation();
+
+  if (session === null || user === null)
+    return { error: t("Not authenticated") };
+
+  if (!name || name.trim().length === 0)
+    return { error: t("Name is required") };
+  if (name.trim().length > 100) return { error: t("Name is too long") };
+
+  if (image instanceof File) {
+    const uploaded = await filesystemService.upload(image, "vercel-blob");
+
+    if ("error" in uploaded) {
+      return { error: uploaded.error };
+    }
+
+    await updateUserAwatar(user.id, uploaded.url);
+  }
+
+  await updateUserName(user.id, name.trim());
+  revalidatePath("/profile"); // Updated path
+
+  await eventBus.publish(
+    "activity.create",
+    {
+      action: "profile.updated",
+      description: `User ${user?.name} updated their profile`,
+      userId: user?.id,
+      metadata: { name, imageUrl: image instanceof File ? image.name : null },
+    },
+    "profile",
+  );
+
+  return { success: true, message: t("Profile updated successfully") };
+}

package/src/actions/rbac/index.ts

@@ -0,0 +1,131 @@
+"use server";
+
+import * as rbac from "@arch-cadre/core/server";
+import { db, eventBus, userTable } from "@arch-cadre/core/server";
+import { revalidatePath } from "next/cache";
+
+/**
+ * RBAC Manager Module Actions
+ * These actions act as a bridge between the UI and the Core RBAC Logic.
+ */
+
+export async function getRoles() {
+  return await rbac.getRoles();
+}
+
+export async function createRole(name: string, description?: string) {
+  const result = await rbac.createRole(name, description);
+  revalidatePath("/", "layout");
+  return JSON.parse(JSON.stringify(result));
+}
+
+export async function deleteRole(roleId: string) {
+  await rbac.deleteRole(roleId);
+  revalidatePath("/", "layout");
+  return { success: true };
+}
+
+export async function getPermissions() {
+  return await rbac.getPermissions();
+}
+
+export async function createPermission(name: string, description?: string) {
+  const result = await rbac.createPermission(name, description);
+  revalidatePath("/", "layout");
+  return JSON.parse(JSON.stringify(result));
+}
+
+export async function deletePermission(permissionId: string) {
+  await rbac.deletePermission(permissionId);
+  revalidatePath("/", "layout");
+  return { success: true };
+}
+
+export async function getRolePermissions(roleId: string) {
+  return await rbac.getRolePermissions(roleId);
+}
+
+export async function assignPermissionToRole(
+  roleId: string,
+  permissionId: string,
+) {
+  await rbac.assignPermissionToRole(roleId, permissionId);
+  revalidatePath("/", "layout");
+  return { success: true };
+}
+
+export async function revokePermissionFromRole(
+  roleId: string,
+  permissionId: string,
+) {
+  await rbac.revokePermissionFromRole(roleId, permissionId);
+  revalidatePath("/", "layout");
+  return { success: true };
+}
+
+// User-specific actions (could also be in a 'user-manager' module)
+export async function getUsers() {
+  return await db
+    .select({
+      id: userTable.id,
+      name: userTable.name,
+      email: userTable.email,
+      image: userTable.image,
+    })
+    .from(userTable);
+}
+export async function getUserRbacData(userId: string) {
+  return await rbac.getUserRbacData(userId);
+}
+
+export async function assignRoleToUser(userId: string, roleId: string) {
+  const role = await rbac.getRoleById(roleId);
+  await rbac.assignRoleToUser(userId, roleId);
+
+  if (role) {
+    await eventBus.publish("notification:send", {
+      userId,
+      title: "Role assigned",
+      content: `You have been assigned the role: ${role.name}`,
+      type: "info",
+    });
+  }
+
+  revalidatePath("/", "layout");
+  return { success: true };
+}
+
+export async function revokeRoleFromUser(userId: string, roleId: string) {
+  const role = await rbac.getRoleById(roleId);
+  await rbac.revokeRoleFromUser(userId, roleId);
+
+  if (role) {
+    await eventBus.publish("notification:send", {
+      userId,
+      title: "Role revoked",
+      content: `The role ${role.name} has been removed from your account`,
+      type: "warning",
+    });
+  }
+
+  revalidatePath("/", "layout");
+  return { success: true };
+}
+
+export async function assignPermissionToUser(
+  userId: string,
+  permissionId: string,
+) {
+  await rbac.assignPermissionToUser(userId, permissionId);
+  revalidatePath("/", "layout");
+  return { success: true };
+}
+
+export async function revokePermissionFromUser(
+  userId: string,
+  permissionId: string,
+) {
+  await rbac.revokePermissionFromUser(userId, permissionId);
+  revalidatePath("/", "layout");
+  return { success: true };
+}

package/src/actions/session-manager/index.ts

@@ -0,0 +1,87 @@
+"use server";
+
+import {
+  eventBus,
+  getCurrentSession,
+  getUserSessions,
+  invalidateOtherSessions,
+  invalidateSession,
+} from "@arch-cadre/core/server";
+import { getTranslation } from "@arch-cadre/intl/server";
+import { revalidatePath } from "next/cache";
+
+export async function getSessionsAction() {
+  const { t } = await getTranslation();
+  const { session, user } = await getCurrentSession();
+  if (!session || !user) return { error: t("Not authenticated"), sessions: [] };
+
+  const sessions = await getUserSessions(user.id, session.id);
+  const sortedSessions = sessions.sort((a, b) => {
+    if (a.isCurrent) return -1;
+    if (b.isCurrent) return 1;
+    return b.createdAt.getTime() - a.createdAt.getTime();
+  });
+
+  return {
+    sessions: sortedSessions.map((s) => ({
+      id: s.id,
+      createdAt: s.createdAt,
+      expiresAt: s.expiresAt,
+      twoFactorVerified: s.twoFactorVerified,
+      isCurrent: s.isCurrent,
+    })),
+  };
+}
+
+export async function revokeSessionAction(sessionId: string) {
+  const { t } = await getTranslation();
+  const { session, user } = await getCurrentSession();
+  if (!session || !user) return { error: t("Not authenticated") };
+
+  if (sessionId === session.id) {
+    return { error: t("Cannot revoke current session. Use sign out instead.") };
+  }
+
+  const userSessions = await getUserSessions(user.id, session.id);
+  if (!userSessions.find((s) => s.id === sessionId)) {
+    return { error: t("Session not found") };
+  }
+
+  await invalidateSession(sessionId);
+  revalidatePath("/settings/sessions");
+
+  await eventBus.publish(
+    "activity.create",
+    {
+      action: "session.revoked",
+      description: `User ${user?.name} revoked a session`,
+      userId: user?.id,
+      metadata: { sessionId },
+    },
+    "session-manager",
+  );
+
+  return { success: true };
+}
+
+export async function revokeAllOtherSessionsAction() {
+  const { session, user } = await getCurrentSession();
+  const { t } = await getTranslation();
+  if (!session || !user) return { error: t("Not authenticated") };
+
+  await invalidateOtherSessions(user.id, session.id);
+  revalidatePath("/settings/sessions");
+
+  await eventBus.publish(
+    "activity.create",
+    {
+      action: "session.revoked.all-others",
+      description: `User ${user?.name} revoked all other sessions`,
+      userId: user?.id,
+      metadata: {},
+    },
+    "session-manager",
+  );
+
+  return { success: true };
+}

package/src/actions/settings.ts

@@ -0,0 +1,34 @@
+"use server";
+
+import {
+  getModuleConfig,
+  updateModuleConfig,
+} from "@arch-cadre/modules/server";
+import { revalidatePath } from "next/cache";
+
+export interface KryoPanelConfig {
+  pathPrefix: string;
+}
+
+export async function getKryoConfig(): Promise<KryoPanelConfig> {
+  const config = await getModuleConfig<KryoPanelConfig>("kryo-panel");
+  return (
+    config ?? {
+      pathPrefix: "/kryo",
+    }
+  );
+}
+
+export async function updateKryoConfig(config: KryoPanelConfig) {
+  // Simple validation: must start with / and be at least 2 chars
+  if (!config.pathPrefix.startsWith("/") || config.pathPrefix.length < 2) {
+    throw new Error("Path prefix must start with '/' and be valid.");
+  }
+
+  await updateModuleConfig("kryo-panel", config);
+
+  // Revalidate everything since the base path changed
+  revalidatePath("/", "layout");
+
+  return { success: true };
+}