@arch-cadre/panel 1.0.7 → 1.0.9

package/src/actions/profile.ts

@@ -0,0 +1,173 @@
+"use server";
+
+import type { SessionFlags } from "@arch-cadre/core";
+import {
+  checkEmailAvailability,
+  createEmailVerificationRequest,
+  createSession,
+  eventBus,
+  filesystemService,
+  generateSessionToken,
+  getCurrentSession,
+  getUserPasswordHash,
+  invalidateUserSessions,
+  sendVerificationEmail,
+  setEmailVerificationRequestCookie,
+  setSessionTokenCookie,
+  updateUserAwatar,
+  updateUserName,
+  updateUserPassword,
+  verifyEmailInput,
+  verifyPasswordHash,
+  verifyPasswordStrength,
+} from "@arch-cadre/core/server";
+import { getTranslation } from "@arch-cadre/intl/server";
+import { revalidatePath } from "next/cache";
+import { redirect } from "next/navigation";
+import type { ActionResult } from "../types.js";
+
+export async function updatePasswordAction(
+  _prev: ActionResult,
+  formData: FormData,
+): Promise<ActionResult> {
+  const { t } = await getTranslation();
+  const { session, user } = await getCurrentSession();
+  if (session === null || user === null) {
+    return { success: false, message: t("Not authenticated") };
+  }
+
+  if (user.registered2FA && !session.two_factor_verified) {
+    return { success: false, message: t("Forbidden") };
+  }
+
+  const password = formData.get("password");
+  const newPassword = formData.get("new_password");
+
+  if (typeof password !== "string" || typeof newPassword !== "string") {
+    return { success: false, message: t("Invalid or missing fields") };
+  }
+
+  if (!verifyPasswordStrength(newPassword)) {
+    return { success: false, message: t("Weak password") };
+  }
+
+  const passwordHash = await getUserPasswordHash(user.id);
+  if (!passwordHash) return { success: false, message: t("Internal error") };
+
+  const validPassword = await verifyPasswordHash(passwordHash, password);
+  if (!validPassword) {
+    return { success: false, message: t("Incorrect password") };
+  }
+
+  await invalidateUserSessions(user.id);
+  await updateUserPassword(user.id, newPassword);
+
+  const sessionToken = await generateSessionToken();
+  const sessionFlags: SessionFlags = {
+    twoFactorVerified: session.two_factor_verified ?? false,
+  };
+  const newSession = await createSession(sessionToken, user.id, sessionFlags);
+  await setSessionTokenCookie(sessionToken, newSession.expiresAt);
+
+  await eventBus.publish(
+    "activity.create",
+    {
+      action: "profile.updated.password",
+      description: `User ${user?.name} updated their password`,
+      userId: user?.id,
+      metadata: {},
+    },
+    "profile",
+  );
+
+  return { success: true, message: t("Updated password") };
+}
+
+export async function updateEmailAction(
+  _prev: ActionResult,
+  formData: FormData,
+): Promise<ActionResult> {
+  const { t } = await getTranslation();
+  const { session, user } = await getCurrentSession();
+  if (session === null || user === null)
+    return { success: false, message: t("Not authenticated") };
+  if (user.registered2FA && !session.two_factor_verified)
+    return { success: false, message: t("Forbidden") };
+
+  const email = formData.get("email");
+  if (typeof email !== "string" || email === "") {
+    return { success: false, message: t("Please enter your email") };
+  }
+  if (!verifyEmailInput(email)) {
+    return { success: false, message: t("Please enter a valid email") };
+  }
+  const emailAvailable = await checkEmailAvailability(email);
+  if (!emailAvailable) {
+    return { success: false, message: t("This email is already used") };
+  }
+
+  const verificationRequest = await createEmailVerificationRequest(
+    user.id,
+    email,
+  );
+  await sendVerificationEmail(
+    verificationRequest.email,
+    verificationRequest.code,
+  );
+  await setEmailVerificationRequestCookie(verificationRequest);
+
+  await eventBus.publish(
+    "activity.create",
+    {
+      action: "profile.updated.email",
+      description: `User ${user?.name} updated their email`,
+      userId: user?.id,
+      metadata: { email },
+    },
+    "profile",
+  );
+
+  return redirect("/verify-email");
+}
+
+export async function updateProfileAction(
+  name: string,
+  image?: File,
+): Promise<{ error?: string; success?: boolean; message?: string }> {
+  const { session, user } = await getCurrentSession();
+
+  const { t } = await getTranslation();
+
+  if (session === null || user === null)
+    return { error: t("Not authenticated") };
+
+  if (!name || name.trim().length === 0)
+    return { error: t("Name is required") };
+  if (name.trim().length > 100) return { error: t("Name is too long") };
+
+  if (image instanceof File) {
+    const uploaded = await filesystemService.upload(image, "vercel-blob");
+
+    if ("error" in uploaded) {
+      return { error: uploaded.error };
+    }
+
+    await updateUserAwatar(user.id, uploaded.url);
+  }
+
+  await updateUserName(user.id, name.trim());
+  revalidatePath("/profile"); // Updated path
+
+  await eventBus.publish(
+    "activity.create",
+    {
+      action: "profile.updated",
+      description: `User ${user?.name} updated their profile`,
+      userId: user?.id,
+      metadata: { name, imageUrl: image instanceof File ? image.name : null },
+    },
+    "profile",
+  );
+
+  return { success: true, message: t("Profile updated successfully") };
+}

package/src/actions/rbac/index.ts

@@ -0,0 +1,131 @@
+"use server";
+
+import * as rbac from "@arch-cadre/core/server";
+import { db, eventBus, userTable } from "@arch-cadre/core/server";
+import { revalidatePath } from "next/cache";
+
+/**
+ * RBAC Manager Module Actions
+ * These actions act as a bridge between the UI and the Core RBAC Logic.
+ */
+
+export async function getRoles() {
+  return await rbac.getRoles();
+}
+
+export async function createRole(name: string, description?: string) {
+  const result = await rbac.createRole(name, description);
+  revalidatePath("/", "layout");
+  return JSON.parse(JSON.stringify(result));
+}
+
+export async function deleteRole(roleId: string) {
+  await rbac.deleteRole(roleId);
+  revalidatePath("/", "layout");
+  return { success: true };
+}
+
+export async function getPermissions() {
+  return await rbac.getPermissions();
+}
+
+export async function createPermission(name: string, description?: string) {
+  const result = await rbac.createPermission(name, description);
+  revalidatePath("/", "layout");
+  return JSON.parse(JSON.stringify(result));
+}
+
+export async function deletePermission(permissionId: string) {
+  await rbac.deletePermission(permissionId);
+  revalidatePath("/", "layout");
+  return { success: true };
+}
+
+export async function getRolePermissions(roleId: string) {
+  return await rbac.getRolePermissions(roleId);
+}
+
+export async function assignPermissionToRole(
+  roleId: string,
+  permissionId: string,
+) {
+  await rbac.assignPermissionToRole(roleId, permissionId);
+  revalidatePath("/", "layout");
+  return { success: true };
+}
+
+export async function revokePermissionFromRole(
+  roleId: string,
+  permissionId: string,
+) {
+  await rbac.revokePermissionFromRole(roleId, permissionId);
+  revalidatePath("/", "layout");
+  return { success: true };
+}
+
+// User-specific actions (could also be in a 'user-manager' module)
+export async function getUsers() {
+  return await db
+    .select({
+      id: userTable.id,
+      name: userTable.name,
+      email: userTable.email,
+      image: userTable.image,
+    })
+    .from(userTable);
+}
+export async function getUserRbacData(userId: string) {
+  return await rbac.getUserRbacData(userId);
+}
+
+export async function assignRoleToUser(userId: string, roleId: string) {
+  const role = await rbac.getRoleById(roleId);
+  await rbac.assignRoleToUser(userId, roleId);
+
+  if (role) {
+    await eventBus.publish("notification:send", {
+      userId,
+      title: "Role assigned",
+      content: `You have been assigned the role: ${role.name}`,
+      type: "info",
+    });
+  }
+
+  revalidatePath("/", "layout");
+  return { success: true };
+}
+
+export async function revokeRoleFromUser(userId: string, roleId: string) {
+  const role = await rbac.getRoleById(roleId);
+  await rbac.revokeRoleFromUser(userId, roleId);
+
+  if (role) {
+    await eventBus.publish("notification:send", {
+      userId,
+      title: "Role revoked",
+      content: `The role ${role.name} has been removed from your account`,
+      type: "warning",
+    });
+  }
+
+  revalidatePath("/", "layout");
+  return { success: true };
+}
+
+export async function assignPermissionToUser(
+  userId: string,
+  permissionId: string,
+) {
+  await rbac.assignPermissionToUser(userId, permissionId);
+  revalidatePath("/", "layout");
+  return { success: true };
+}
+
+export async function revokePermissionFromUser(
+  userId: string,
+  permissionId: string,
+) {
+  await rbac.revokePermissionFromUser(userId, permissionId);
+  revalidatePath("/", "layout");
+  return { success: true };
+}

package/src/actions/session-manager/index.ts

@@ -0,0 +1,87 @@
+"use server";
+
+import {
+  eventBus,
+  getCurrentSession,
+  getUserSessions,
+  invalidateOtherSessions,
+  invalidateSession,
+} from "@arch-cadre/core/server";
+import { getTranslation } from "@arch-cadre/intl/server";
+import { revalidatePath } from "next/cache";
+
+export async function getSessionsAction() {
+  const { t } = await getTranslation();
+  const { session, user } = await getCurrentSession();
+  if (!session || !user) return { error: t("Not authenticated"), sessions: [] };
+
+  const sessions = await getUserSessions(user.id, session.id);
+  const sortedSessions = sessions.sort((a, b) => {
+    if (a.isCurrent) return -1;
+    if (b.isCurrent) return 1;
+    return b.createdAt.getTime() - a.createdAt.getTime();
+  });
+
+  return {
+    sessions: sortedSessions.map((s) => ({
+      id: s.id,
+      createdAt: s.createdAt,
+      expiresAt: s.expiresAt,
+      twoFactorVerified: s.twoFactorVerified,
+      isCurrent: s.isCurrent,
+    })),
+  };
+}
+
+export async function revokeSessionAction(sessionId: string) {
+  const { t } = await getTranslation();
+  const { session, user } = await getCurrentSession();
+  if (!session || !user) return { error: t("Not authenticated") };
+
+  if (sessionId === session.id) {
+    return { error: t("Cannot revoke current session. Use sign out instead.") };
+  }
+
+  const userSessions = await getUserSessions(user.id, session.id);
+  if (!userSessions.find((s) => s.id === sessionId)) {
+    return { error: t("Session not found") };
+  }
+
+  await invalidateSession(sessionId);
+  revalidatePath("/settings/sessions");
+
+  await eventBus.publish(
+    "activity.create",
+    {
+      action: "session.revoked",
+      description: `User ${user?.name} revoked a session`,
+      userId: user?.id,
+      metadata: { sessionId },
+    },
+    "session-manager",
+  );
+
+  return { success: true };
+}
+
+export async function revokeAllOtherSessionsAction() {
+  const { session, user } = await getCurrentSession();
+  const { t } = await getTranslation();
+  if (!session || !user) return { error: t("Not authenticated") };
+
+  await invalidateOtherSessions(user.id, session.id);
+  revalidatePath("/settings/sessions");
+
+  await eventBus.publish(
+    "activity.create",
+    {
+      action: "session.revoked.all-others",
+      description: `User ${user?.name} revoked all other sessions`,
+      userId: user?.id,
+      metadata: {},
+    },
+    "session-manager",
+  );
+
+  return { success: true };
+}

package/src/actions/settings.ts

@@ -0,0 +1,34 @@
+"use server";
+
+import {
+  getModuleConfig,
+  updateModuleConfig,
+} from "@arch-cadre/modules/server";
+import { revalidatePath } from "next/cache";
+
+export interface KryoPanelConfig {
+  pathPrefix: string;
+}
+
+export async function getKryoConfig(): Promise<KryoPanelConfig> {
+  const config = await getModuleConfig<KryoPanelConfig>("kryo-panel");
+  return (
+    config ?? {
+      pathPrefix: "/kryo",
+    }
+  );
+}
+
+export async function updateKryoConfig(config: KryoPanelConfig) {
+  // Simple validation: must start with / and be at least 2 chars
+  if (!config.pathPrefix.startsWith("/") || config.pathPrefix.length < 2) {
+    throw new Error("Path prefix must start with '/' and be valid.");
+  }
+
+  await updateModuleConfig("kryo-panel", config);
+
+  // Revalidate everything since the base path changed
+  revalidatePath("/", "layout");
+
+  return { success: true };
+}

package/src/index.ts

@@ -0,0 +1,135 @@
+import type { SystemEvent } from "@arch-cadre/core/server";
+import { db, eventBus } from "@arch-cadre/core/server";
+import type { IModule } from "@arch-cadre/modules";
+import manifest from "../manifest.json";
+import { navigation } from "./navigation.js";
+import { apiRoutes, privateRoutes, publicRoutes } from "./routes.js";
+import { activityLogsTable } from "./schema/activity-log.js";
+import ActivityStatsWidget from "./ui/activity-log/components/ActivityStatsWidget.js";
+import RecentLogsWidget from "./ui/activity-log/components/RecentLogsWidget.js";
+import { UserDropdownLink } from "./ui/components/profile/link.js";
+import WelcomeBackUserWidget from "./ui/dashboard/widgets/WelcomeBackUserWidget.js";
+
+export interface ActivityCreatePayload {
+  action: string;
+  description: string;
+  userId?: string;
+  metadata?: any;
+}
+
+const kryoPanelModule: IModule = {
+  manifest,
+
+  init: async () => {
+    console.log("[ActivityLog] Registering core system listeners...");
+
+    // Helper to log any event
+    const logEvent = async (
+      event: SystemEvent<any>,
+      descriptionOverride?: string,
+    ) => {
+      try {
+        const userId = event.payload?.userId || undefined;
+        await db.insert(activityLogsTable).values({
+          userId,
+          action: event.type,
+          description: descriptionOverride || `System event: ${event.type}`,
+          metadata: event.payload,
+        });
+      } catch (error) {
+        console.error(
+          `[ActivityLog] Failed to save log for ${event.type}:`,
+          error,
+        );
+      }
+    };
+
+    // 1. Existing manual activity creation
+    eventBus.subscribe(
+      "activity.create",
+      "activity-log-manual",
+      async (event) => {
+        const { action, description, userId, metadata } = event.payload as any;
+        await db
+          .insert(activityLogsTable)
+          .values({ userId, action, description, metadata });
+      },
+    );
+
+    // 2. Auth Events
+    eventBus.subscribe("auth:login", "activity-log-auth", (e) =>
+      logEvent(e, `User logged in: ${(e.payload as any).email}`),
+    );
+    eventBus.subscribe("auth:signup", "activity-log-auth", (e) =>
+      logEvent(e, `New user registered: ${(e.payload as any).email}`),
+    );
+    eventBus.subscribe("auth:logout", "activity-log-auth", (e) =>
+      logEvent(e, `User logged out: ${(e.payload as any).email}`),
+    );
+
+    // 3. System Module Events
+    eventBus.subscribe("system:module:toggle", "activity-log-system", (e) =>
+      logEvent(
+        e,
+        `Module "${(e.payload as any).moduleId}" ${(e.payload as any).isEnabled ? "enabled" : "disabled"}`,
+      ),
+    );
+    eventBus.subscribe("system:module:upload", "activity-log-system", (e) =>
+      logEvent(e, `New module uploaded: "${(e.payload as any).moduleId}"`),
+    );
+  },
+
+  onDisable: async () => {
+    console.log("[ActivityLog] Unsubscribing listeners...");
+    eventBus.unsubscribe("activity.create", "activity-log-manual");
+    eventBus.unsubscribe("auth:login", "activity-log-auth");
+    eventBus.unsubscribe("auth:signup", "activity-log-auth");
+    eventBus.unsubscribe("auth:logout", "activity-log-auth");
+    eventBus.unsubscribe("system:module:toggle", "activity-log-system");
+    eventBus.unsubscribe("system:module:upload", "activity-log-system");
+  },
+
+  widgets: [
+    {
+      id: "welcome-back-user",
+      name: "Welcome Back User",
+      area: "dashboard-stats",
+      component: WelcomeBackUserWidget,
+      priority: 0,
+    },
+    {
+      id: "recent-activity",
+      name: "Recent Activity",
+      area: "dashboard-main",
+      component: RecentLogsWidget,
+      priority: 10,
+    },
+    {
+      id: "activity-stats",
+      name: "Activity Stats",
+      area: "dashboard-stats",
+      component: ActivityStatsWidget,
+      priority: 10,
+    },
+  ],
+
+  routes: {
+    public: publicRoutes,
+    private: privateRoutes,
+    api: apiRoutes,
+  },
+
+  navigation,
+
+  extensions: [
+    {
+      id: "user-settings-link",
+      targetModule: "panel",
+      point: "app-user:extra-link",
+      component: UserDropdownLink,
+      priority: 50,
+    },
+  ],
+};
+
+export default kryoPanelModule;

package/src/intl.d.ts

@@ -0,0 +1,9 @@
+import type messages from "../locales/en/global.json";
+
+type JsonDataType = typeof messages;
+
+declare module "@arch-cadre/intl" {
+  export interface IntlMessages extends JsonDataType {}
+}
+
+export {};

package/src/navigation.ts

@@ -0,0 +1,57 @@
+import { i18n } from "@arch-cadre/intl";
+import type { ModuleNavigation } from "@arch-cadre/modules";
+
+export const navigation: ModuleNavigation = {
+  admin: {
+    [i18n("General")]: [
+      {
+        id: "dashboard",
+        title: i18n("Dashboard"),
+        url: "/",
+        icon: "solar:widget-bold-duotone",
+      },
+      {
+        id: "settings",
+        title: i18n("Settings"),
+        url: "/settings",
+        icon: "solar:settings-bold-duotone",
+      },
+    ],
+    [i18n("System")]: [
+      {
+        id: "module-manager-nav",
+        title: i18n("Module Manager"),
+        url: "/modules",
+        icon: "solar:settings-bold-duotone",
+        // roles: ["admin"],
+        permissions: ["system:modules"],
+      },
+      {
+        id: "activity-logs-nav",
+        title: i18n("Activity Logs"),
+        url: "/activity-logs",
+        icon: "solar:condicioner-2-bold-duotone",
+        // roles: ["admin"],
+        permissions: ["system:activity-logs"],
+      },
+      {
+        id: "rbac-admin-nav",
+        title: i18n("Roles & Permissions"),
+        url: "/rbac",
+        icon: "solar:shield-keyhole-bold-duotone",
+        // roles: ["admin"],
+        permissions: ["system:rbac"],
+      },
+    ],
+  },
+  settings: {
+    [i18n("Panel Core")]: [
+      {
+        id: "kryo-config",
+        title: i18n("Panel Core Settings"),
+        url: "/settings/panel/config",
+        icon: "solar:tuning-bold-duotone",
+      },
+    ],
+  },
+};