@betterstart/cli 0.1.69 → 0.1.71

package/templates/init/lib/actions/upload.ts

@@ -0,0 +1,153 @@
+'use server'
+
+import { PutObjectCommand } from '@aws-sdk/client-s3'
+import { BUCKET_NAME, generateFilePath, getPublicUrl, getR2Client } from '@cms/lib/r2'
+
+interface UploadedFile {
+  key: string
+  url: string
+  filename: string
+  size: number
+  contentType: string
+}
+
+interface UploadResult {
+  success: boolean
+  files?: UploadedFile[]
+  error?: string
+}
+
+interface FileValidationConfig {
+  maxFiles?: number
+  maxSizeInBytes?: number
+  allowedTypes?: string[]
+}
+
+/**
+ * Upload multiple files to Cloudflare R2
+ */
+export async function uploadFiles(
+  formData: FormData,
+  config: FileValidationConfig = {},
+): Promise<UploadResult> {
+  try {
+    const files: File[] = []
+    const prefix = formData.get('prefix')?.toString() || 'uploads'
+
+    for (const [key, value] of formData.entries()) {
+      if (value instanceof File && key.startsWith('file')) {
+        files.push(value)
+      }
+    }
+
+    if (files.length === 0) {
+      return { success: false, error: 'No files provided' }
+    }
+
+    if (config.maxFiles && files.length > config.maxFiles) {
+      return { success: false, error: `Too many files. Maximum is ${config.maxFiles}` }
+    }
+
+    const uploadedFiles: UploadedFile[] = []
+
+    for (const file of files) {
+      if (config.maxSizeInBytes && file.size > config.maxSizeInBytes) {
+        return { success: false, error: `File ${file.name} exceeds size limit` }
+      }
+      if (config.allowedTypes && !config.allowedTypes.includes(file.type)) {
+        return { success: false, error: `File type ${file.type} is not allowed` }
+      }
+
+      const key = generateFilePath(file.name, prefix)
+      const arrayBuffer = await file.arrayBuffer()
+      const buffer = Buffer.from(arrayBuffer)
+
+      const command = new PutObjectCommand({
+        Bucket: BUCKET_NAME,
+        Key: key,
+        Body: buffer,
+        ContentType: file.type,
+        ContentLength: file.size,
+      })
+
+      await getR2Client().send(command)
+
+      uploadedFiles.push({
+        key,
+        url: getPublicUrl(key),
+        filename: file.name,
+        size: file.size,
+        contentType: file.type,
+      })
+    }
+
+    return { success: true, files: uploadedFiles }
+  } catch (error) {
+    const message = error instanceof Error ? error.message : 'Failed to upload files'
+    return { success: false, error: message }
+  }
+}
+
+/**
+ * Upload a single file to Cloudflare R2
+ */
+export async function uploadFile(
+  formData: FormData,
+  config: FileValidationConfig = {},
+): Promise<UploadResult> {
+  return uploadFiles(formData, { ...config, maxFiles: 1 })
+}
+
+/**
+ * Upload an image from a URL to Cloudflare R2
+ */
+export async function uploadImageFromUrl(
+  imageUrl: string,
+  prefix = 'images',
+): Promise<{ success: boolean; url?: string; error?: string }> {
+  try {
+    const url = new URL(imageUrl)
+    if (!['http:', 'https:'].includes(url.protocol)) {
+      return { success: false, error: 'Only HTTP and HTTPS URLs are allowed' }
+    }
+
+    const response = await fetch(imageUrl, {
+      headers: { 'User-Agent': 'Mozilla/5.0 (compatible; ImageFetcher/1.0)' },
+      signal: AbortSignal.timeout(30000),
+    })
+
+    if (!response.ok) {
+      return { success: false, error: `Failed to fetch image: ${response.status}` }
+    }
+
+    const contentType = response.headers.get('content-type') || 'image/jpeg'
+    if (!contentType.startsWith('image/')) {
+      return { success: false, error: `Invalid content type: ${contentType}` }
+    }
+
+    const arrayBuffer = await response.arrayBuffer()
+    const buffer = Buffer.from(arrayBuffer)
+
+    if (buffer.length === 0) return { success: false, error: 'Image file is empty' }
+    if (buffer.length > 10 * 1024 * 1024) {
+      return { success: false, error: 'Image exceeds 10MB limit' }
+    }
+
+    const filename = url.pathname.split('/').pop()?.split('?')[0] || 'image.jpg'
+    const key = generateFilePath(filename, prefix)
+
+    const command = new PutObjectCommand({
+      Bucket: BUCKET_NAME,
+      Key: key,
+      Body: buffer,
+      ContentType: contentType,
+      ContentLength: buffer.length,
+    })
+
+    await getR2Client().send(command)
+    return { success: true, url: getPublicUrl(key) }
+  } catch (error) {
+    const message = error instanceof Error ? error.message : 'Failed to upload image from URL'
+    return { success: false, error: message }
+  }
+}

package/templates/init/lib/actions/users.ts

@@ -0,0 +1,145 @@
+'use server'
+
+import { auth } from '@cms/auth'
+import db from '@cms/db'
+import { user } from '@cms/db/schema'
+import { eq } from 'drizzle-orm'
+
+export interface UserData {
+  id: string
+  email: string
+  name: string
+  emailVerified: boolean
+  createdAt: string
+  updatedAt: string
+  role: string
+}
+
+export interface UsersResponse {
+  users: UserData[]
+  total: number
+}
+
+export interface CreateUserInput {
+  email: string
+  name: string
+  password: string
+}
+
+export interface CreateUserResult {
+  success: boolean
+  error?: string
+  user?: UserData
+}
+
+export interface UpdateUserRoleResult {
+  success: boolean
+  error?: string
+}
+
+export interface DeleteUserResult {
+  success: boolean
+  error?: string
+}
+
+/**
+ * Create a new user via Better Auth's built-in API
+ */
+export async function createUser(input: CreateUserInput): Promise<CreateUserResult> {
+  try {
+    const result = await auth.api.signUpEmail({
+      body: {
+        email: input.email,
+        password: input.password,
+        name: input.name,
+      },
+    })
+
+    if (!result?.user) {
+      return { success: false, error: 'Failed to create user' }
+    }
+
+    return {
+      success: true,
+      user: {
+        id: result.user.id,
+        email: result.user.email,
+        name: input.name,
+        emailVerified: false,
+        createdAt: new Date().toISOString(),
+        updatedAt: new Date().toISOString(),
+        role: 'member',
+      },
+    }
+  } catch (error) {
+    return {
+      success: false,
+      error: error instanceof Error ? error.message : 'Failed to create user',
+    }
+  }
+}
+
+/**
+ * Get all users
+ */
+export async function getUsers(): Promise<UsersResponse> {
+  try {
+    const users = await db
+      .select({
+        id: user.id,
+        email: user.email,
+        name: user.name,
+        emailVerified: user.emailVerified,
+        createdAt: user.createdAt,
+        updatedAt: user.updatedAt,
+        role: user.role,
+      })
+      .from(user)
+      .orderBy(user.createdAt)
+
+    const userData: UserData[] = users.map((u) => ({
+      id: u.id,
+      email: u.email,
+      name: u.name,
+      emailVerified: u.emailVerified,
+      createdAt: u.createdAt.toISOString(),
+      updatedAt: u.updatedAt.toISOString(),
+      role: u.role || 'member',
+    }))
+
+    return { users: userData, total: userData.length }
+  } catch {
+    return { users: [], total: 0 }
+  }
+}
+
+/**
+ * Update a user's role
+ */
+export async function updateUserRole(userId: string, role: string): Promise<UpdateUserRoleResult> {
+  try {
+    await db.update(user).set({ role, updatedAt: new Date() }).where(eq(user.id, userId))
+
+    return { success: true }
+  } catch (error) {
+    return {
+      success: false,
+      error: error instanceof Error ? error.message : 'Failed to update user role',
+    }
+  }
+}
+
+/**
+ * Delete a user
+ */
+export async function deleteUser(userId: string): Promise<DeleteUserResult> {
+  try {
+    await db.delete(user).where(eq(user.id, userId))
+    return { success: true }
+  } catch (error) {
+    return {
+      success: false,
+      error: error instanceof Error ? error.message : 'Failed to delete user',
+    }
+  }
+}

package/templates/init/lib/auth/auth-client.ts

@@ -0,0 +1,12 @@
+'use client'
+
+import { createAuthClient } from 'better-auth/react'
+
+export const authClient = createAuthClient({
+  baseURL:
+    process.env.NEXT_PUBLIC_BETTERSTART_AUTH_URL ||
+    (typeof window !== 'undefined' ? window.location.origin : ''),
+  basePath: '/api/cms/auth',
+})
+
+export const { signIn, signUp, signOut, useSession } = authClient

package/templates/init/lib/auth/auth.ts

@@ -0,0 +1,43 @@
+import db from '@cms/db'
+import * as schema from '@cms/db/schema'
+import { betterAuth } from 'better-auth'
+import { drizzleAdapter } from 'better-auth/adapters/drizzle'
+import { toNextJsHandler } from 'better-auth/next-js'
+
+export { toNextJsHandler }
+
+export const auth = betterAuth({
+  secret: process.env.BETTERSTART_AUTH_SECRET,
+  baseURL: process.env.BETTERSTART_AUTH_URL,
+  basePath: process.env.BETTERSTART_AUTH_BASE_PATH || '/api/cms/auth',
+  database: drizzleAdapter(db, {
+    provider: 'pg',
+    schema: {
+      user: schema.user,
+      session: schema.session,
+      account: schema.account,
+      verification: schema.verification,
+    },
+  }),
+  emailAndPassword: {
+    enabled: true,
+    minPasswordLength: 8,
+  },
+  session: {
+    expiresIn: 60 * 60 * 24 * 7, // 7 days
+    updateAge: 60 * 60 * 24, // 1 day
+  },
+  user: {
+    additionalFields: {
+      role: {
+        type: 'string',
+        required: false,
+        defaultValue: 'member',
+        input: false,
+      },
+    },
+  },
+})
+
+export type Session = typeof auth.$Infer.Session
+export type User = typeof auth.$Infer.Session.user

package/templates/init/lib/auth/middleware.ts

@@ -0,0 +1,44 @@
+import { headers } from 'next/headers'
+import { redirect } from 'next/navigation'
+import { auth, type User } from './auth'
+
+export enum UserRole {
+  ADMIN = 'admin',
+  EDITOR = 'editor',
+  MEMBER = 'member',
+}
+
+export function isUserRole(value: unknown): value is UserRole {
+  return typeof value === 'string' && Object.values(UserRole).includes(value as UserRole)
+}
+
+/**
+ * Get the current session from Better Auth
+ */
+export async function getSession() {
+  const session = await auth.api.getSession({
+    headers: await headers(),
+  })
+  return session
+}
+
+/**
+ * Require the user to have one of the specified roles.
+ * Redirects to /cms/login if not authenticated or unauthorized.
+ */
+export async function requireRole(allowedRoles: UserRole[]): Promise<User> {
+  const session = await getSession()
+
+  if (!session?.user) {
+    redirect('/cms/login')
+  }
+
+  const user = session.user
+  const role = isUserRole(user.role) ? user.role : UserRole.MEMBER
+
+  if (!allowedRoles.includes(role)) {
+    redirect('/cms/login')
+  }
+
+  return user
+}

package/templates/init/lib/markdown/cached.ts

@@ -0,0 +1,7 @@
+'use cache'
+
+import { renderMarkdownSync } from './render'
+
+export async function renderMarkdown(src: string): Promise<string> {
+  return renderMarkdownSync(src)
+}

package/templates/init/lib/markdown/format.ts

@@ -0,0 +1,55 @@
+/**
+ * Format markdown content for consistent styling and readability
+ */
+export function formatMarkdown(content: string): string {
+  if (!content || !content.trim()) {
+    return ''
+  }
+
+  let formatted = content
+
+  // Normalize line endings
+  formatted = formatted.replace(/\r\n/g, '\n')
+
+  // Trim trailing whitespace from each line
+  formatted = formatted
+    .split('\n')
+    .map((line) => line.trimEnd())
+    .join('\n')
+
+  // Normalize multiple blank lines to maximum of 2 (one blank line)
+  formatted = formatted.replace(/\n{3,}/g, '\n\n')
+
+  // Ensure blank line before headings (unless at start)
+  formatted = formatted.replace(/([^\n])\n(#{1,6}\s)/g, '$1\n\n$2')
+
+  // Ensure blank line after headings
+  formatted = formatted.replace(/(#{1,6}\s.*)\n([^\n#])/g, '$1\n\n$2')
+
+  // Ensure blank line before code blocks
+  formatted = formatted.replace(/([^\n])\n(```)/g, '$1\n\n$2')
+
+  // Ensure blank line after code blocks
+  formatted = formatted.replace(/(```)\n([^\n])/g, '$1\n\n$2')
+
+  // Ensure blank line before horizontal rules
+  formatted = formatted.replace(/([^\n])\n(---+)/g, '$1\n\n$2')
+
+  // Ensure blank line after horizontal rules
+  formatted = formatted.replace(/(---+)\n([^\n])/g, '$1\n\n$2')
+
+  // Ensure blank line before blockquotes (unless nested)
+  formatted = formatted.replace(/([^\n>])\n(>\s)/g, '$1\n\n$2')
+
+  // Normalize list item spacing
+  formatted = formatted.replace(/^(\s*)([-*+])\s+/gm, '$1$2 ')
+  formatted = formatted.replace(/^(\s*)(\d+\.)\s+/gm, '$1$2 ')
+
+  // Remove leading blank lines
+  formatted = formatted.replace(/^\n+/, '')
+
+  // Ensure single trailing newline
+  formatted = `${formatted.trimEnd()}\n`
+
+  return formatted
+}

package/templates/init/lib/markdown/render.ts

@@ -0,0 +1,182 @@
+import { transformerNotationDiff, transformerNotationHighlight } from '@shikijs/transformers'
+import { renderToString } from 'katex'
+import MarkdownIt from 'markdown-it'
+import { createHighlighterCoreSync } from 'shiki/core'
+import { createJavaScriptRegexEngine } from 'shiki/engine/javascript'
+import css from 'shiki/langs/css.mjs'
+import go from 'shiki/langs/go.mjs'
+import javascript from 'shiki/langs/javascript.mjs'
+import json from 'shiki/langs/json.mjs'
+import jsx from 'shiki/langs/jsx.mjs'
+import markdown from 'shiki/langs/markdown.mjs'
+import python from 'shiki/langs/python.mjs'
+import rust from 'shiki/langs/rust.mjs'
+import shellscript from 'shiki/langs/shellscript.mjs'
+import sql from 'shiki/langs/sql.mjs'
+import tsx from 'shiki/langs/tsx.mjs'
+import typescript from 'shiki/langs/typescript.mjs'
+import yaml from 'shiki/langs/yaml.mjs'
+import githubDark from 'shiki/themes/github-dark.mjs'
+import githubLight from 'shiki/themes/github-light.mjs'
+
+// --- Helpers ---
+
+function slugify(text: string): string {
+  return text
+    .toLowerCase()
+    .trim()
+    .replace(/[^\w\s-]/g, '')
+    .replace(/\s+/g, '-')
+    .replace(/-+/g, '-')
+    .replace(/^-+|-+$/g, '')
+}
+
+function trimMathBlock(content: string): string {
+  return content.replace(/\$\$([\s\S]*?)\$\$/g, (_match, mathContent: string) => {
+    const trimmed = mathContent.trim()
+    if (!trimmed) return '$$\n$$'
+    const lines = trimmed.split('\n').filter((line: string) => line.trim().length > 0)
+    return `$$\n${lines.join('\n')}\n$$`
+  })
+}
+
+// --- Shiki Highlighter ---
+
+const shiki = createHighlighterCoreSync({
+  themes: [githubDark, githubLight],
+  langs: [
+    javascript,
+    typescript,
+    jsx,
+    tsx,
+    python,
+    rust,
+    go,
+    json,
+    yaml,
+    css,
+    sql,
+    shellscript,
+    markdown,
+  ],
+  engine: createJavaScriptRegexEngine(),
+})
+
+const loadedLangs = shiki.getLoadedLanguages()
+
+// --- Heading Anchor Plugin ---
+
+function headingAnchorPlugin(md: MarkdownIt) {
+  md.core.ruler.push('heading_anchors', (state) => {
+    const tokens = state.tokens
+    for (let i = 0; i < tokens.length; i++) {
+      const token = tokens[i]
+      if (token.type === 'heading_open') {
+        const contentToken = tokens[i + 1]
+        if (contentToken && contentToken.type === 'inline' && contentToken.content) {
+          const slug = slugify(contentToken.content)
+          const idIndex = token.attrIndex('id')
+          if (idIndex < 0) {
+            token.attrPush(['id', slug])
+          } else if (token.attrs) {
+            token.attrs[idIndex][1] = slug
+          }
+        }
+      }
+    }
+    return true
+  })
+}
+
+// --- Inline KaTeX math plugin (replaces markdown-it-dollarmath) ---
+
+function mathPlugin(md: MarkdownIt) {
+  // Inline: $...$
+  md.inline.ruler.after('escape', 'math_inline', (state, silent) => {
+    if (state.src.charCodeAt(state.pos) !== 0x24) return false
+    if (state.src.charCodeAt(state.pos + 1) === 0x24) return false
+    const start = state.pos + 1
+    let end = start
+    while (end < state.posMax && state.src.charCodeAt(end) !== 0x24) {
+      if (state.src.charCodeAt(end) === 0x5C) end++
+      end++
+    }
+    if (end >= state.posMax) return false
+    const content = state.src.slice(start, end).trim()
+    if (!content) return false
+    if (!silent) {
+      const token = state.push('math_inline', 'math', 0)
+      token.content = content
+      token.markup = '$'
+    }
+    state.pos = end + 1
+    return true
+  })
+
+  md.renderer.rules.math_inline = (tokens, idx) => {
+    return renderToString(tokens[idx].content, { displayMode: false, throwOnError: false, strict: 'ignore' })
+  }
+
+  // Block: $$...$$
+  md.block.ruler.after('blockquote', 'math_block', (state, startLine, endLine, silent) => {
+    const startPos = state.bMarks[startLine] + state.tShift[startLine]
+    if (state.src.charCodeAt(startPos) !== 0x24 || state.src.charCodeAt(startPos + 1) !== 0x24) return false
+    if (silent) return true
+    let nextLine = startLine
+    let found = false
+    while (nextLine < endLine) {
+      nextLine++
+      if (nextLine >= endLine) break
+      const pos = state.bMarks[nextLine] + state.tShift[nextLine]
+      const max = state.eMarks[nextLine]
+      const line = state.src.slice(pos, max).trim()
+      if (line === '$$') { found = true; break }
+    }
+    if (!found) return false
+    const contentLines: string[] = []
+    for (let i = startLine + 1; i < nextLine; i++) {
+      contentLines.push(state.src.slice(state.bMarks[i] + state.tShift[i], state.eMarks[i]))
+    }
+    const token = state.push('math_block', 'math', 0)
+    token.content = contentLines.join('\n').trim()
+    token.markup = '$$'
+    token.map = [startLine, nextLine + 1]
+    state.line = nextLine + 1
+    return true
+  })
+
+  md.renderer.rules.math_block = (tokens, idx) => {
+    return '<div class="math-display">' + renderToString(tokens[idx].content, { displayMode: true, throwOnError: false, strict: 'ignore' }) + '</div>\n'
+  }
+}
+
+// --- Markdown-it Instance ---
+
+const md = MarkdownIt({
+  html: true,
+  linkify: true,
+  typographer: true,
+  breaks: true,
+  highlight: (code, lang) => {
+    const language = loadedLangs.includes(lang) ? lang : 'bash'
+    const highlighted = shiki.codeToHtml(code, {
+      lang: language,
+      themes: { light: 'github-light', dark: 'github-dark' },
+      defaultColor: false,
+      transformers: [transformerNotationHighlight(), transformerNotationDiff()],
+    })
+    const escapedCode = code.replace(/</g, '&lt;').replace(/>/g, '&gt;')
+    return `<div class="code-block-wrapper not-prose" data-lang="${language}"><button class="copy-button" data-code="${escapedCode.replace(/"/g, '&quot;')}" aria-label="Copy code">Copy</button>${highlighted}</div>`
+  },
+})
+  .use(headingAnchorPlugin)
+  .use(mathPlugin)
+
+export function renderMarkdownSync(src: string): string {
+  const trimmedContent = trimMathBlock(src)
+  return md.render(trimmedContent)
+}
+
+export function renderMarkdownInline(src: string): string {
+  return md.renderInline(src)
+}

package/templates/init/lib/r2.ts

@@ -0,0 +1,55 @@
+import { S3Client } from '@aws-sdk/client-s3'
+
+let _r2Client: S3Client | null = null
+
+/**
+ * Get or create the R2 client (lazy initialization, server-side only)
+ */
+export function getR2Client(): S3Client {
+  if (typeof window !== 'undefined') {
+    throw new Error('R2 client can only be used on the server side')
+  }
+
+  if (_r2Client) return _r2Client
+
+  if (!process.env.BETTERSTART_R2_ACCESS_KEY_ID) {
+    throw new Error('BETTERSTART_R2_ACCESS_KEY_ID is not set')
+  }
+  if (!process.env.BETTERSTART_R2_SECRET_ACCESS_KEY) {
+    throw new Error('BETTERSTART_R2_SECRET_ACCESS_KEY is not set')
+  }
+  if (!process.env.BETTERSTART_R2_ACCOUNT_ID) {
+    throw new Error('BETTERSTART_R2_ACCOUNT_ID is not set')
+  }
+
+  _r2Client = new S3Client({
+    region: 'auto',
+    endpoint: `https://${process.env.BETTERSTART_R2_ACCOUNT_ID}.r2.cloudflarestorage.com`,
+    credentials: {
+      accessKeyId: process.env.BETTERSTART_R2_ACCESS_KEY_ID,
+      secretAccessKey: process.env.BETTERSTART_R2_SECRET_ACCESS_KEY,
+    },
+  })
+
+  return _r2Client
+}
+
+export const BUCKET_NAME = process.env.BETTERSTART_R2_BUCKET_NAME || ''
+export const PUBLIC_URL = process.env.BETTERSTART_R2_PUBLIC_URL || ''
+
+/**
+ * Generate a unique file path for uploads
+ */
+export function generateFilePath(filename: string, prefix = 'uploads'): string {
+  const timestamp = Date.now()
+  const randomStr = Math.random().toString(36).substring(2, 15)
+  const sanitizedFilename = filename.replace(/[^a-zA-Z0-9.-]/g, '_')
+  return `${prefix}/${timestamp}-${randomStr}-${sanitizedFilename}`
+}
+
+/**
+ * Get the public URL for a file
+ */
+export function getPublicUrl(key: string): string {
+  return `${PUBLIC_URL}/${key}`
+}