npm - @byline/host-tanstack-start - Versions diffs - 0.9.3 - Mend

@byline/host-tanstack-start 0.9.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (511) hide show

package/LICENSE +373 -0
package/README.md +48 -0
package/dist/admin-shell/admin-roles/container.d.ts +34 -0
package/dist/admin-shell/admin-roles/container.d.ts.map +1 -0
package/dist/admin-shell/admin-roles/container.js +259 -0
package/dist/admin-shell/admin-roles/container.module.js +17 -0
package/dist/admin-shell/admin-roles/container_module.css +93 -0
package/dist/admin-shell/admin-roles/delete.d.ts +9 -0
package/dist/admin-shell/admin-roles/delete.d.ts.map +1 -0
package/dist/admin-shell/admin-roles/delete.js +107 -0
package/dist/admin-shell/admin-roles/delete.module.js +10 -0
package/dist/admin-shell/admin-roles/delete_module.css +35 -0
package/dist/admin-shell/admin-roles/list.d.ts +25 -0
package/dist/admin-shell/admin-roles/list.d.ts.map +1 -0
package/dist/admin-shell/admin-roles/list.js +292 -0
package/dist/admin-shell/admin-roles/list.module.js +24 -0
package/dist/admin-shell/admin-roles/list_module.css +113 -0
package/dist/admin-shell/admin-users/container.d.ts +18 -0
package/dist/admin-shell/admin-users/container.d.ts.map +1 -0
package/dist/admin-shell/admin-users/container.js +418 -0
package/dist/admin-shell/admin-users/container.module.js +22 -0
package/dist/admin-shell/admin-users/container_module.css +136 -0
package/dist/admin-shell/admin-users/delete.d.ts +9 -0
package/dist/admin-shell/admin-users/delete.d.ts.map +1 -0
package/dist/admin-shell/admin-users/delete.js +115 -0
package/dist/admin-shell/admin-users/delete.module.js +10 -0
package/dist/admin-shell/admin-users/delete_module.css +35 -0
package/dist/admin-shell/admin-users/list.d.ts +13 -0
package/dist/admin-shell/admin-users/list.d.ts.map +1 -0
package/dist/admin-shell/admin-users/list.js +328 -0
package/dist/admin-shell/admin-users/list.module.js +22 -0
package/dist/admin-shell/admin-users/list_module.css +112 -0
package/dist/admin-shell/chrome/admin-app-bar.d.ts +7 -0
package/dist/admin-shell/chrome/admin-app-bar.d.ts.map +1 -0
package/dist/admin-shell/chrome/admin-app-bar.js +71 -0
package/dist/admin-shell/chrome/admin-app-bar.module.js +9 -0
package/dist/admin-shell/chrome/admin-app-bar_module.css +54 -0
package/dist/admin-shell/chrome/admin-layout.module.js +5 -0
package/dist/admin-shell/chrome/admin-layout_module.css +8 -0
package/dist/admin-shell/chrome/branding.d.ts +9 -0
package/dist/admin-shell/chrome/branding.d.ts.map +1 -0
package/dist/admin-shell/chrome/branding.js +17 -0
package/dist/admin-shell/chrome/branding.module.js +6 -0
package/dist/admin-shell/chrome/branding_module.css +11 -0
package/dist/admin-shell/chrome/breadcrumbs/@types.d.ts +6 -0
package/dist/admin-shell/chrome/breadcrumbs/@types.d.ts.map +1 -0
package/dist/admin-shell/chrome/breadcrumbs/@types.js +1 -0
package/dist/admin-shell/chrome/breadcrumbs/breadcrumbs-client.d.ts +7 -0
package/dist/admin-shell/chrome/breadcrumbs/breadcrumbs-client.d.ts.map +1 -0
package/dist/admin-shell/chrome/breadcrumbs/breadcrumbs-client.js +20 -0
package/dist/admin-shell/chrome/breadcrumbs/breadcrumbs-provider.d.ts +24 -0
package/dist/admin-shell/chrome/breadcrumbs/breadcrumbs-provider.d.ts.map +1 -0
package/dist/admin-shell/chrome/breadcrumbs/breadcrumbs-provider.js +23 -0
package/dist/admin-shell/chrome/breadcrumbs/breadcrumbs.d.ts +15 -0
package/dist/admin-shell/chrome/breadcrumbs/breadcrumbs.d.ts.map +1 -0
package/dist/admin-shell/chrome/breadcrumbs/breadcrumbs.js +77 -0
package/dist/admin-shell/chrome/breadcrumbs/breadcrumbs.module.js +12 -0
package/dist/admin-shell/chrome/breadcrumbs/breadcrumbs_module.css +81 -0
package/dist/admin-shell/chrome/byline-logo.d.ts +12 -0
package/dist/admin-shell/chrome/byline-logo.d.ts.map +1 -0
package/dist/admin-shell/chrome/byline-logo.js +178 -0
package/dist/admin-shell/chrome/content.d.ts +24 -0
package/dist/admin-shell/chrome/content.d.ts.map +1 -0
package/dist/admin-shell/chrome/content.js +31 -0
package/dist/admin-shell/chrome/content.module.js +5 -0
package/dist/admin-shell/chrome/content_module.css +10 -0
package/dist/admin-shell/chrome/dashboard.d.ts +14 -0
package/dist/admin-shell/chrome/dashboard.d.ts.map +1 -0
package/dist/admin-shell/chrome/dashboard.js +129 -0
package/dist/admin-shell/chrome/dashboard.module.js +19 -0
package/dist/admin-shell/chrome/dashboard_module.css +175 -0
package/dist/admin-shell/chrome/drawer-toggle.d.ts +9 -0
package/dist/admin-shell/chrome/drawer-toggle.d.ts.map +1 -0
package/dist/admin-shell/chrome/drawer-toggle.js +57 -0
package/dist/admin-shell/chrome/drawer-toggle.module.js +8 -0
package/dist/admin-shell/chrome/drawer-toggle_module.css +21 -0
package/dist/admin-shell/chrome/hamburger.d.ts +10 -0
package/dist/admin-shell/chrome/hamburger.d.ts.map +1 -0
package/dist/admin-shell/chrome/hamburger.js +30 -0
package/dist/admin-shell/chrome/hamburger.module.js +5 -0
package/dist/admin-shell/chrome/hamburger_module.css +7 -0
package/dist/admin-shell/chrome/loose-router.d.ts +33 -0
package/dist/admin-shell/chrome/loose-router.d.ts.map +1 -0
package/dist/admin-shell/chrome/loose-router.js +6 -0
package/dist/admin-shell/chrome/menu-drawer.d.ts +10 -0
package/dist/admin-shell/chrome/menu-drawer.d.ts.map +1 -0
package/dist/admin-shell/chrome/menu-drawer.js +141 -0
package/dist/admin-shell/chrome/menu-drawer.module.js +12 -0
package/dist/admin-shell/chrome/menu-drawer_module.css +137 -0
package/dist/admin-shell/chrome/menu-provider.d.ts +21 -0
package/dist/admin-shell/chrome/menu-provider.d.ts.map +1 -0
package/dist/admin-shell/chrome/menu-provider.js +54 -0
package/dist/admin-shell/chrome/preview-toggle.d.ts +13 -0
package/dist/admin-shell/chrome/preview-toggle.d.ts.map +1 -0
package/dist/admin-shell/chrome/preview-toggle.js +75 -0
package/dist/admin-shell/chrome/route-error.d.ts +22 -0
package/dist/admin-shell/chrome/route-error.d.ts.map +1 -0
package/dist/admin-shell/chrome/route-error.js +119 -0
package/dist/admin-shell/chrome/route-error.module.js +14 -0
package/dist/admin-shell/chrome/route-error_module.css +94 -0
package/dist/admin-shell/chrome/router-pager.d.ts +19 -0
package/dist/admin-shell/chrome/router-pager.d.ts.map +1 -0
package/dist/admin-shell/chrome/router-pager.js +91 -0
package/dist/admin-shell/chrome/sign-in-page.d.ts +19 -0
package/dist/admin-shell/chrome/sign-in-page.d.ts.map +1 -0
package/dist/admin-shell/chrome/sign-in-page.js +20 -0
package/dist/admin-shell/chrome/sign-in-page.module.js +6 -0
package/dist/admin-shell/chrome/sign-in-page_module.css +22 -0
package/dist/admin-shell/chrome/sort-icons.d.ts +10 -0
package/dist/admin-shell/chrome/sort-icons.d.ts.map +1 -0
package/dist/admin-shell/chrome/sort-icons.js +103 -0
package/dist/admin-shell/chrome/th-sortable.d.ts +23 -0
package/dist/admin-shell/chrome/th-sortable.d.ts.map +1 -0
package/dist/admin-shell/chrome/th-sortable.js +75 -0
package/dist/admin-shell/chrome/th-sortable.module.js +10 -0
package/dist/admin-shell/chrome/th-sortable_module.css +37 -0
package/dist/admin-shell/chrome/use-media-query.d.ts +9 -0
package/dist/admin-shell/chrome/use-media-query.d.ts.map +1 -0
package/dist/admin-shell/chrome/use-media-query.js +20 -0
package/dist/admin-shell/chrome/utils.d.ts +12 -0
package/dist/admin-shell/chrome/utils.d.ts.map +1 -0
package/dist/admin-shell/chrome/utils.js +8 -0
package/dist/admin-shell/collections/api.d.ts +28 -0
package/dist/admin-shell/collections/api.d.ts.map +1 -0
package/dist/admin-shell/collections/api.js +51 -0
package/dist/admin-shell/collections/api.module.js +9 -0
package/dist/admin-shell/collections/api_module.css +42 -0
package/dist/admin-shell/collections/create.d.ts +14 -0
package/dist/admin-shell/collections/create.d.ts.map +1 -0
package/dist/admin-shell/collections/create.js +77 -0
package/dist/admin-shell/collections/edit.d.ts +19 -0
package/dist/admin-shell/collections/edit.d.ts.map +1 -0
package/dist/admin-shell/collections/edit.js +279 -0
package/dist/admin-shell/collections/history.d.ts +20 -0
package/dist/admin-shell/collections/history.d.ts.map +1 -0
package/dist/admin-shell/collections/history.js +252 -0
package/dist/admin-shell/collections/history.module.js +18 -0
package/dist/admin-shell/collections/history_module.css +121 -0
package/dist/admin-shell/collections/list.d.ts +16 -0
package/dist/admin-shell/collections/list.d.ts.map +1 -0
package/dist/admin-shell/collections/list.js +253 -0
package/dist/admin-shell/collections/list.module.js +16 -0
package/dist/admin-shell/collections/list_module.css +88 -0
package/dist/admin-shell/collections/preview-link.d.ts +32 -0
package/dist/admin-shell/collections/preview-link.d.ts.map +1 -0
package/dist/admin-shell/collections/preview-link.js +54 -0
package/dist/admin-shell/collections/tanstack-navigation-guard.d.ts +16 -0
package/dist/admin-shell/collections/tanstack-navigation-guard.d.ts.map +1 -0
package/dist/admin-shell/collections/tanstack-navigation-guard.js +19 -0
package/dist/admin-shell/collections/view-menu.d.ts +58 -0
package/dist/admin-shell/collections/view-menu.d.ts.map +1 -0
package/dist/admin-shell/collections/view-menu.js +203 -0
package/dist/admin-shell/collections/view-menu.module.js +11 -0
package/dist/admin-shell/collections/view-menu_module.css +43 -0
package/dist/auth/auth-context.d.ts +38 -0
package/dist/auth/auth-context.d.ts.map +1 -0
package/dist/auth/auth-context.js +57 -0
package/dist/auth/auth-cookies.d.ts +35 -0
package/dist/auth/auth-cookies.d.ts.map +1 -0
package/dist/auth/auth-cookies.js +46 -0
package/dist/auth/preview-cookies.d.ts +20 -0
package/dist/auth/preview-cookies.d.ts.map +1 -0
package/dist/auth/preview-cookies.js +26 -0
package/dist/index.d.ts +43 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +1 -0
package/dist/integrations/abilities.d.ts +67 -0
package/dist/integrations/abilities.d.ts.map +1 -0
package/dist/integrations/abilities.js +25 -0
package/dist/integrations/api-utils.d.ts +34 -0
package/dist/integrations/api-utils.d.ts.map +1 -0
package/dist/integrations/api-utils.js +22 -0
package/dist/integrations/byline-admin-services.d.ts +25 -0
package/dist/integrations/byline-admin-services.d.ts.map +1 -0
package/dist/integrations/byline-admin-services.js +26 -0
package/dist/integrations/byline-client.d.ts +22 -0
package/dist/integrations/byline-client.d.ts.map +1 -0
package/dist/integrations/byline-client.js +13 -0
package/dist/integrations/byline-core.d.ts +28 -0
package/dist/integrations/byline-core.d.ts.map +1 -0
package/dist/integrations/byline-core.js +5 -0
package/dist/integrations/byline-field-services.d.ts +19 -0
package/dist/integrations/byline-field-services.d.ts.map +1 -0
package/dist/integrations/byline-field-services.js +14 -0
package/dist/integrations/byline-public-client.d.ts +10 -0
package/dist/integrations/byline-public-client.d.ts.map +1 -0
package/dist/integrations/byline-public-client.js +15 -0
package/dist/integrations/byline-viewer-client.d.ts +21 -0
package/dist/integrations/byline-viewer-client.d.ts.map +1 -0
package/dist/integrations/byline-viewer-client.js +39 -0
package/dist/integrations/start-errors.d.ts +23 -0
package/dist/integrations/start-errors.d.ts.map +1 -0
package/dist/integrations/start-errors.js +32 -0
package/dist/routes/create-admin-account-route.d.ts +9 -0
package/dist/routes/create-admin-account-route.d.ts.map +1 -0
package/dist/routes/create-admin-account-route.js +68 -0
package/dist/routes/create-admin-dashboard-route.d.ts +9 -0
package/dist/routes/create-admin-dashboard-route.d.ts.map +1 -0
package/dist/routes/create-admin-dashboard-route.js +44 -0
package/dist/routes/create-admin-layout-route.d.ts +14 -0
package/dist/routes/create-admin-layout-route.d.ts.map +1 -0
package/dist/routes/create-admin-layout-route.js +64 -0
package/dist/routes/create-admin-permissions-route.d.ts +9 -0
package/dist/routes/create-admin-permissions-route.d.ts.map +1 -0
package/dist/routes/create-admin-permissions-route.js +39 -0
package/dist/routes/create-admin-role-edit-route.d.ts +9 -0
package/dist/routes/create-admin-role-edit-route.d.ts.map +1 -0
package/dist/routes/create-admin-role-edit-route.js +79 -0
package/dist/routes/create-admin-roles-list-route.d.ts +9 -0
package/dist/routes/create-admin-roles-list-route.d.ts.map +1 -0
package/dist/routes/create-admin-roles-list-route.js +39 -0
package/dist/routes/create-admin-user-edit-route.d.ts +9 -0
package/dist/routes/create-admin-user-edit-route.d.ts.map +1 -0
package/dist/routes/create-admin-user-edit-route.js +86 -0
package/dist/routes/create-admin-users-list-route.d.ts +9 -0
package/dist/routes/create-admin-users-list-route.d.ts.map +1 -0
package/dist/routes/create-admin-users-list-route.js +71 -0
package/dist/routes/create-collection-api-route.d.ts +15 -0
package/dist/routes/create-collection-api-route.d.ts.map +1 -0
package/dist/routes/create-collection-api-route.js +71 -0
package/dist/routes/create-collection-create-route.d.ts +9 -0
package/dist/routes/create-collection-create-route.d.ts.map +1 -0
package/dist/routes/create-collection-create-route.js +53 -0
package/dist/routes/create-collection-edit-route.d.ts +15 -0
package/dist/routes/create-collection-edit-route.d.ts.map +1 -0
package/dist/routes/create-collection-edit-route.js +65 -0
package/dist/routes/create-collection-history-route.d.ts +15 -0
package/dist/routes/create-collection-history-route.d.ts.map +1 -0
package/dist/routes/create-collection-history-route.js +94 -0
package/dist/routes/create-collection-list-route.d.ts +9 -0
package/dist/routes/create-collection-list-route.d.ts.map +1 -0
package/dist/routes/create-collection-list-route.js +130 -0
package/dist/routes/create-sign-in-route.d.ts +9 -0
package/dist/routes/create-sign-in-route.d.ts.map +1 -0
package/dist/routes/create-sign-in-route.js +21 -0
package/dist/routes/index.d.ts +35 -0
package/dist/routes/index.d.ts.map +1 -0
package/dist/routes/index.js +14 -0
package/dist/server-fns/admin-account/change-password.d.ts +30 -0
package/dist/server-fns/admin-account/change-password.d.ts.map +1 -0
package/dist/server-fns/admin-account/change-password.js +13 -0
package/dist/server-fns/admin-account/get.d.ts +31 -0
package/dist/server-fns/admin-account/get.d.ts.map +1 -0
package/dist/server-fns/admin-account/get.js +13 -0
package/dist/server-fns/admin-account/index.d.ts +22 -0
package/dist/server-fns/admin-account/index.d.ts.map +1 -0
package/dist/server-fns/admin-account/index.js +3 -0
package/dist/server-fns/admin-account/update.d.ts +34 -0
package/dist/server-fns/admin-account/update.d.ts.map +1 -0
package/dist/server-fns/admin-account/update.js +13 -0
package/dist/server-fns/admin-permissions/get-role-abilities.d.ts +16 -0
package/dist/server-fns/admin-permissions/get-role-abilities.d.ts.map +1 -0
package/dist/server-fns/admin-permissions/get-role-abilities.js +14 -0
package/dist/server-fns/admin-permissions/index.d.ts +25 -0
package/dist/server-fns/admin-permissions/index.d.ts.map +1 -0
package/dist/server-fns/admin-permissions/index.js +4 -0
package/dist/server-fns/admin-permissions/list-registered.d.ts +33 -0
package/dist/server-fns/admin-permissions/list-registered.d.ts.map +1 -0
package/dist/server-fns/admin-permissions/list-registered.js +14 -0
package/dist/server-fns/admin-permissions/set-role-abilities.d.ts +16 -0
package/dist/server-fns/admin-permissions/set-role-abilities.d.ts.map +1 -0
package/dist/server-fns/admin-permissions/set-role-abilities.js +14 -0
package/dist/server-fns/admin-permissions/who-has.d.ts +26 -0
package/dist/server-fns/admin-permissions/who-has.d.ts.map +1 -0
package/dist/server-fns/admin-permissions/who-has.js +14 -0
package/dist/server-fns/admin-roles/create.d.ts +24 -0
package/dist/server-fns/admin-roles/create.d.ts.map +1 -0
package/dist/server-fns/admin-roles/create.js +13 -0
package/dist/server-fns/admin-roles/delete.d.ts +17 -0
package/dist/server-fns/admin-roles/delete.d.ts.map +1 -0
package/dist/server-fns/admin-roles/delete.js +13 -0
package/dist/server-fns/admin-roles/get.d.ts +22 -0
package/dist/server-fns/admin-roles/get.d.ts.map +1 -0
package/dist/server-fns/admin-roles/get.js +13 -0
package/dist/server-fns/admin-roles/index.d.ts +23 -0
package/dist/server-fns/admin-roles/index.d.ts.map +1 -0
package/dist/server-fns/admin-roles/index.js +6 -0
package/dist/server-fns/admin-roles/list.d.ts +26 -0
package/dist/server-fns/admin-roles/list.d.ts.map +1 -0
package/dist/server-fns/admin-roles/list.js +13 -0
package/dist/server-fns/admin-roles/reorder.d.ts +15 -0
package/dist/server-fns/admin-roles/reorder.d.ts.map +1 -0
package/dist/server-fns/admin-roles/reorder.js +13 -0
package/dist/server-fns/admin-roles/update.d.ts +27 -0
package/dist/server-fns/admin-roles/update.d.ts.map +1 -0
package/dist/server-fns/admin-roles/update.js +13 -0
package/dist/server-fns/admin-users/create.d.ts +35 -0
package/dist/server-fns/admin-users/create.d.ts.map +1 -0
package/dist/server-fns/admin-users/create.js +13 -0
package/dist/server-fns/admin-users/delete.d.ts +17 -0
package/dist/server-fns/admin-users/delete.d.ts.map +1 -0
package/dist/server-fns/admin-users/delete.js +13 -0
package/dist/server-fns/admin-users/disable.d.ts +15 -0
package/dist/server-fns/admin-users/disable.d.ts.map +1 -0
package/dist/server-fns/admin-users/disable.js +13 -0
package/dist/server-fns/admin-users/enable.d.ts +15 -0
package/dist/server-fns/admin-users/enable.d.ts.map +1 -0
package/dist/server-fns/admin-users/enable.js +13 -0
package/dist/server-fns/admin-users/get-user-roles.d.ts +25 -0
package/dist/server-fns/admin-users/get-user-roles.d.ts.map +1 -0
package/dist/server-fns/admin-users/get-user-roles.js +13 -0
package/dist/server-fns/admin-users/get.d.ts +29 -0
package/dist/server-fns/admin-users/get.d.ts.map +1 -0
package/dist/server-fns/admin-users/get.js +13 -0
package/dist/server-fns/admin-users/index.d.ts +28 -0
package/dist/server-fns/admin-users/index.d.ts.map +1 -0
package/dist/server-fns/admin-users/index.js +10 -0
package/dist/server-fns/admin-users/list.d.ts +51 -0
package/dist/server-fns/admin-users/list.d.ts.map +1 -0
package/dist/server-fns/admin-users/list.js +13 -0
package/dist/server-fns/admin-users/set-password.d.ts +30 -0
package/dist/server-fns/admin-users/set-password.d.ts.map +1 -0
package/dist/server-fns/admin-users/set-password.js +13 -0
package/dist/server-fns/admin-users/set-user-roles.d.ts +25 -0
package/dist/server-fns/admin-users/set-user-roles.d.ts.map +1 -0
package/dist/server-fns/admin-users/set-user-roles.js +13 -0
package/dist/server-fns/admin-users/update.d.ts +37 -0
package/dist/server-fns/admin-users/update.d.ts.map +1 -0
package/dist/server-fns/admin-users/update.js +13 -0
package/dist/server-fns/auth/current-user.d.ts +38 -0
package/dist/server-fns/auth/current-user.d.ts.map +1 -0
package/dist/server-fns/auth/current-user.js +52 -0
package/dist/server-fns/auth/index.d.ts +11 -0
package/dist/server-fns/auth/index.d.ts.map +1 -0
package/dist/server-fns/auth/index.js +3 -0
package/dist/server-fns/auth/sign-in.d.ts +19 -0
package/dist/server-fns/auth/sign-in.d.ts.map +1 -0
package/dist/server-fns/auth/sign-in.js +31 -0
package/dist/server-fns/auth/sign-out.d.ts +11 -0
package/dist/server-fns/auth/sign-out.d.ts.map +1 -0
package/dist/server-fns/auth/sign-out.js +17 -0
package/dist/server-fns/collections/create.d.ts +21 -0
package/dist/server-fns/collections/create.d.ts.map +1 -0
package/dist/server-fns/collections/create.js +40 -0
package/dist/server-fns/collections/delete.d.ts +18 -0
package/dist/server-fns/collections/delete.d.ts.map +1 -0
package/dist/server-fns/collections/delete.js +44 -0
package/dist/server-fns/collections/get.d.ts +26 -0
package/dist/server-fns/collections/get.d.ts.map +1 -0
package/dist/server-fns/collections/get.js +133 -0
package/dist/server-fns/collections/history.d.ts +43 -0
package/dist/server-fns/collections/history.d.ts.map +1 -0
package/dist/server-fns/collections/history.js +29 -0
package/dist/server-fns/collections/index.d.ts +16 -0
package/dist/server-fns/collections/index.d.ts.map +1 -0
package/dist/server-fns/collections/index.js +9 -0
package/dist/server-fns/collections/list.d.ts +54 -0
package/dist/server-fns/collections/list.d.ts.map +1 -0
package/dist/server-fns/collections/list.js +65 -0
package/dist/server-fns/collections/stats.d.ts +17 -0
package/dist/server-fns/collections/stats.d.ts.map +1 -0
package/dist/server-fns/collections/stats.js +28 -0
package/dist/server-fns/collections/status.d.ts +31 -0
package/dist/server-fns/collections/status.d.ts.map +1 -0
package/dist/server-fns/collections/status.js +79 -0
package/dist/server-fns/collections/update.d.ts +26 -0
package/dist/server-fns/collections/update.d.ts.map +1 -0
package/dist/server-fns/collections/update.js +41 -0
package/dist/server-fns/collections/upload.d.ts +57 -0
package/dist/server-fns/collections/upload.d.ts.map +1 -0
package/dist/server-fns/collections/upload.js +132 -0
package/dist/server-fns/collections/utils.d.ts +15 -0
package/dist/server-fns/collections/utils.d.ts.map +1 -0
package/dist/server-fns/collections/utils.js +4 -0
package/dist/server-fns/preview/disable.d.ts +12 -0
package/dist/server-fns/preview/disable.d.ts.map +1 -0
package/dist/server-fns/preview/disable.js +12 -0
package/dist/server-fns/preview/enable.d.ts +12 -0
package/dist/server-fns/preview/enable.d.ts.map +1 -0
package/dist/server-fns/preview/enable.js +14 -0
package/dist/server-fns/preview/index.d.ts +11 -0
package/dist/server-fns/preview/index.d.ts.map +1 -0
package/dist/server-fns/preview/index.js +3 -0
package/dist/server-fns/preview/state.d.ts +11 -0
package/dist/server-fns/preview/state.d.ts.map +1 -0
package/dist/server-fns/preview/state.js +8 -0
package/package.json +164 -0
package/src/admin-shell/admin-roles/container.module.css +132 -0
package/src/admin-shell/admin-roles/container.tsx +209 -0
package/src/admin-shell/admin-roles/delete.module.css +52 -0
package/src/admin-shell/admin-roles/delete.tsx +117 -0
package/src/admin-shell/admin-roles/list.module.css +158 -0
package/src/admin-shell/admin-roles/list.tsx +308 -0
package/src/admin-shell/admin-users/container.module.css +199 -0
package/src/admin-shell/admin-users/container.tsx +344 -0
package/src/admin-shell/admin-users/delete.module.css +52 -0
package/src/admin-shell/admin-users/delete.tsx +129 -0
package/src/admin-shell/admin-users/list.module.css +164 -0
package/src/admin-shell/admin-users/list.tsx +314 -0
package/src/admin-shell/chrome/admin-app-bar.module.css +72 -0
package/src/admin-shell/chrome/admin-app-bar.tsx +74 -0
package/src/admin-shell/chrome/admin-layout.module.css +16 -0
package/src/admin-shell/chrome/branding.module.css +20 -0
package/src/admin-shell/chrome/branding.tsx +23 -0
package/src/admin-shell/chrome/breadcrumbs/@types.ts +5 -0
package/src/admin-shell/chrome/breadcrumbs/breadcrumbs-client.tsx +30 -0
package/src/admin-shell/chrome/breadcrumbs/breadcrumbs-provider.tsx +48 -0
package/src/admin-shell/chrome/breadcrumbs/breadcrumbs.module.css +93 -0
package/src/admin-shell/chrome/breadcrumbs/breadcrumbs.tsx +96 -0
package/src/admin-shell/chrome/byline-logo.tsx +151 -0
package/src/admin-shell/chrome/content.module.css +16 -0
package/src/admin-shell/chrome/content.tsx +60 -0
package/src/admin-shell/chrome/dashboard.module.css +245 -0
package/src/admin-shell/chrome/dashboard.tsx +128 -0
package/src/admin-shell/chrome/drawer-toggle.module.css +30 -0
package/src/admin-shell/chrome/drawer-toggle.tsx +62 -0
package/src/admin-shell/chrome/hamburger.module.css +16 -0
package/src/admin-shell/chrome/hamburger.tsx +56 -0
package/src/admin-shell/chrome/loose-router.ts +47 -0
package/src/admin-shell/chrome/menu-drawer.module.css +196 -0
package/src/admin-shell/chrome/menu-drawer.tsx +155 -0
package/src/admin-shell/chrome/menu-provider.tsx +95 -0
package/src/admin-shell/chrome/preview-toggle.tsx +107 -0
package/src/admin-shell/chrome/route-error.module.css +114 -0
package/src/admin-shell/chrome/route-error.tsx +125 -0
package/src/admin-shell/chrome/router-pager.tsx +179 -0
package/src/admin-shell/chrome/sign-in-page.module.css +32 -0
package/src/admin-shell/chrome/sign-in-page.tsx +35 -0
package/src/admin-shell/chrome/sort-icons.tsx +127 -0
package/src/admin-shell/chrome/th-sortable.module.css +51 -0
package/src/admin-shell/chrome/th-sortable.tsx +114 -0
package/src/admin-shell/chrome/use-media-query.ts +28 -0
package/src/admin-shell/chrome/utils.ts +20 -0
package/src/admin-shell/collections/api.module.css +62 -0
package/src/admin-shell/collections/api.tsx +70 -0
package/src/admin-shell/collections/create.tsx +108 -0
package/src/admin-shell/collections/edit.tsx +319 -0
package/src/admin-shell/collections/history.module.css +156 -0
package/src/admin-shell/collections/history.tsx +352 -0
package/src/admin-shell/collections/list.module.css +124 -0
package/src/admin-shell/collections/list.tsx +313 -0
package/src/admin-shell/collections/preview-link.tsx +138 -0
package/src/admin-shell/collections/tanstack-navigation-guard.ts +43 -0
package/src/admin-shell/collections/view-menu.module.css +60 -0
package/src/admin-shell/collections/view-menu.tsx +238 -0
package/src/auth/auth-context.test.node.ts +200 -0
package/src/auth/auth-context.ts +119 -0
package/src/auth/auth-cookies.ts +113 -0
package/src/auth/preview-cookies.ts +73 -0
package/src/declarations.d.ts +4 -0
package/src/index.ts +44 -0
package/src/integrations/abilities.tsx +90 -0
package/src/integrations/api-utils.ts +66 -0
package/src/integrations/byline-admin-services.ts +86 -0
package/src/integrations/byline-client.ts +40 -0
package/src/integrations/byline-core.ts +32 -0
package/src/integrations/byline-field-services.ts +35 -0
package/src/integrations/byline-public-client.ts +53 -0
package/src/integrations/byline-viewer-client.ts +99 -0
package/src/integrations/start-errors.ts +86 -0
package/src/routes/create-admin-account-route.tsx +65 -0
package/src/routes/create-admin-dashboard-route.tsx +52 -0
package/src/routes/create-admin-layout-route.tsx +89 -0
package/src/routes/create-admin-permissions-route.tsx +43 -0
package/src/routes/create-admin-role-edit-route.tsx +88 -0
package/src/routes/create-admin-roles-list-route.tsx +39 -0
package/src/routes/create-admin-user-edit-route.tsx +105 -0
package/src/routes/create-admin-users-list-route.tsx +84 -0
package/src/routes/create-collection-api-route.tsx +111 -0
package/src/routes/create-collection-create-route.tsx +66 -0
package/src/routes/create-collection-edit-route.tsx +102 -0
package/src/routes/create-collection-history-route.tsx +130 -0
package/src/routes/create-collection-list-route.tsx +175 -0
package/src/routes/create-sign-in-route.tsx +39 -0
package/src/routes/index.ts +36 -0
package/src/server-fns/admin-account/change-password.ts +27 -0
package/src/server-fns/admin-account/get.ts +27 -0
package/src/server-fns/admin-account/index.ts +28 -0
package/src/server-fns/admin-account/update.ts +31 -0
package/src/server-fns/admin-permissions/get-role-abilities.ts +27 -0
package/src/server-fns/admin-permissions/index.ts +36 -0
package/src/server-fns/admin-permissions/list-registered.ts +36 -0
package/src/server-fns/admin-permissions/set-role-abilities.ts +32 -0
package/src/server-fns/admin-permissions/who-has.ts +24 -0
package/src/server-fns/admin-roles/create.ts +28 -0
package/src/server-fns/admin-roles/delete.ts +25 -0
package/src/server-fns/admin-roles/get.ts +21 -0
package/src/server-fns/admin-roles/index.ts +25 -0
package/src/server-fns/admin-roles/list.ts +27 -0
package/src/server-fns/admin-roles/reorder.ts +21 -0
package/src/server-fns/admin-roles/update.ts +31 -0
package/src/server-fns/admin-users/create.ts +32 -0
package/src/server-fns/admin-users/delete.ts +21 -0
package/src/server-fns/admin-users/disable.ts +24 -0
package/src/server-fns/admin-users/enable.ts +24 -0
package/src/server-fns/admin-users/get-user-roles.ts +21 -0
package/src/server-fns/admin-users/get.ts +21 -0
package/src/server-fns/admin-users/index.ts +35 -0
package/src/server-fns/admin-users/list.ts +40 -0
package/src/server-fns/admin-users/set-password.ts +27 -0
package/src/server-fns/admin-users/set-user-roles.ts +26 -0
package/src/server-fns/admin-users/update.ts +34 -0
package/src/server-fns/auth/current-user.ts +117 -0
package/src/server-fns/auth/index.ts +15 -0
package/src/server-fns/auth/sign-in.ts +71 -0
package/src/server-fns/auth/sign-out.ts +42 -0
package/src/server-fns/collections/create.ts +58 -0
package/src/server-fns/collections/delete.ts +62 -0
package/src/server-fns/collections/get.ts +233 -0
package/src/server-fns/collections/history.ts +73 -0
package/src/server-fns/collections/index.ts +16 -0
package/src/server-fns/collections/list.ts +121 -0
package/src/server-fns/collections/stats.ts +52 -0
package/src/server-fns/collections/status.ts +102 -0
package/src/server-fns/collections/update.ts +67 -0
package/src/server-fns/collections/upload.ts +274 -0
package/src/server-fns/collections/utils.ts +17 -0
package/src/server-fns/preview/disable.ts +24 -0
package/src/server-fns/preview/enable.ts +27 -0
package/src/server-fns/preview/index.ts +11 -0
package/src/server-fns/preview/state.ts +30 -0

package/src/admin-shell/collections/view-menu.tsx ADDED Viewed

@@ -0,0 +1,238 @@
+/**
+ * This Source Code is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * Copyright (c) Infonomic Company Limited
+ */
+import { useEffect } from 'react'
+import type { CollectionAdminConfig, PreviewDocument } from '@byline/core'
+import { Button, HistoryIcon, IconButton, Label, Select } from '@infonomic/uikit/react'
+import cx from 'classnames'
+import { useNavigate } from '../chrome/loose-router.js'
+import { PreviewLink } from './preview-link.js'
+import styles from './view-menu.module.css'
+export type ViewMenuPaths = 'edit' | 'history' | 'api'
+export interface ContentLocaleOption {
+  code: string
+  label: string
+}
+/**
+ * Shared mini-navigation bar for document-level views (Edit, History, API).
+ * Renders a locale selector, the History icon button, Edit button, and API
+ * button with appropriate variant styling based on the currently active view.
+ * Changing the locale triggers a navigate to the current view's route so the
+ * loader re-fetches with the new locale — all three views react automatically.
+ *
+ * On the API route, an additional Depth selector appears — it drives the
+ * `populateDocuments` call inside the api loader and lets editors see
+ * what a client library `find({ populate: true, depth: N })` call would
+ * return. Capped at 3 in the UI to avoid runaway fan-out.
+ *
+ * `contentLocales` and `defaultContentLocale` are passed in from the host
+ * route shell (which reads them from the host's i18n config) so this
+ * component stays free of host-specific imports.
+ */
+export const ViewMenu = ({
+  collection,
+  documentId,
+  activeView,
+  locale,
+  depth,
+  contentLocales,
+  defaultContentLocale,
+  adminConfig,
+  doc,
+}: {
+  /** Collection path (e.g. "docs", "news"). */
+  collection: string
+  /** The document ID to navigate to. */
+  documentId: string
+  /** Which view is currently active — used to style the active button. */
+  activeView?: ViewMenuPaths
+  /** Current content locale. undefined means "All" (full multi-locale shape). */
+  locale?: string
+  /** Populate depth (api route only). undefined → 0 (no populate). */
+  depth?: number
+  /** Content locales the host advertises in language switchers. */
+  contentLocales: ReadonlyArray<ContentLocaleOption>
+  /** Fallback content locale used when the URL has none. */
+  defaultContentLocale: string
+  /**
+   * Admin config for the collection. When present and `adminConfig.preview`
+   * is configured (or the default URL convention applies), a `<PreviewLink>`
+   * external-link icon is rendered next to the History button.
+   */
+  adminConfig?: CollectionAdminConfig
+  /**
+   * The currently-loaded document. Required for the preview link's
+   * URL resolution; omit this prop to suppress the preview affordance
+   * entirely (e.g. on the create route, where no doc exists yet).
+   */
+  doc?: PreviewDocument
+}) => {
+  const navigate = useNavigate()
+  // Edit view must never use 'all' locale — strip it from the URL and fall
+  // back to the default locale if it somehow arrives via navigation.
+  useEffect(() => {
+    if (activeView === 'edit' && locale === 'all') {
+      navigate({
+        to: '/admin/collections/$collection/$id' as never,
+        params: { collection, id: documentId },
+        search: (prev: Record<string, unknown>) => ({
+          ...prev,
+          locale: defaultContentLocale,
+        }),
+      })
+    }
+  }, [activeView, locale, collection, documentId, defaultContentLocale, navigate])
+  const handleLocaleChange = (value: string | null) => {
+    if (value == null) return
+    // Always put locale explicitly in the URL — 'all' is stored as 'all',
+    // never as undefined, so the loader knows the intent unambiguously.
+    const search = (prev: Record<string, unknown>) => ({ ...prev, locale: value })
+    if (activeView === 'api') {
+      navigate({
+        to: '/admin/collections/$collection/$id/api' as never,
+        params: { collection, id: documentId },
+        search: search as never,
+      })
+    } else if (activeView === 'history') {
+      navigate({
+        to: '/admin/collections/$collection/$id/history' as never,
+        params: { collection, id: documentId },
+        search: search as never,
+      })
+    } else {
+      navigate({
+        to: '/admin/collections/$collection/$id' as never,
+        params: { collection, id: documentId },
+        search: search as never,
+      })
+    }
+  }
+  const handleDepthChange = (value: string | null) => {
+    if (value == null || activeView !== 'api') return
+    const n = Number.parseInt(value, 10)
+    const nextDepth = Number.isFinite(n) ? Math.max(0, Math.min(3, n)) : 0
+    navigate({
+      to: '/admin/collections/$collection/$id/api' as never,
+      params: { collection, id: documentId },
+      // Store 0 as undefined so the URL stays clean when the user picks
+      // "no populate" — avoids `?depth=0` in bookmarks / share links.
+      search: ((prev: Record<string, unknown>) => ({
+        ...prev,
+        depth: nextDepth === 0 ? undefined : nextDepth,
+      })) as never,
+    })
+  }
+  return (
+    <div className={cx('byline-view-menu', styles.root)}>
+      <Label
+        className={cx('muted byline-view-menu-label', styles.label)}
+        id="contentLocaleLabel"
+        htmlFor="contentLocale"
+        label="Content Locale:"
+      />
+      <Select<string>
+        name="contentLocale"
+        id="contentLocale"
+        className={cx('byline-view-menu-locale-select', styles.localeSelect)}
+        size="xs"
+        variant="outlined"
+        value={locale ?? defaultContentLocale}
+        items={[
+          ...(activeView !== 'edit' ? [{ value: 'all', label: 'All' }] : []),
+          ...contentLocales.map((loc) => ({ value: loc.code, label: loc.label })),
+        ]}
+        onValueChange={handleLocaleChange}
+      />
+      {activeView === 'api' && (
+        <>
+          <Label
+            className={cx('muted byline-view-menu-label', styles.label)}
+            id="populateDepthLabel"
+            htmlFor="populateDepth"
+            label="Depth:"
+          />
+          <Select<string>
+            name="populateDepth"
+            id="populateDepth"
+            className={cx('byline-view-menu-depth-select', styles.depthSelect)}
+            size="xs"
+            variant="outlined"
+            value={String(depth ?? 0)}
+            items={[
+              { value: '0', label: '0' },
+              { value: '1', label: '1' },
+              { value: '2', label: '2' },
+              { value: '3', label: '3' },
+            ]}
+            onValueChange={handleDepthChange}
+          />
+        </>
+      )}
+      {doc && (
+        <PreviewLink
+          collectionPath={collection}
+          doc={doc}
+          adminConfig={adminConfig}
+          locale={locale}
+          className={cx('byline-view-menu-icon-button', styles.iconButton)}
+        />
+      )}
+      <IconButton
+        className={cx('byline-view-menu-icon-button', styles.iconButton)}
+        size="xs"
+        variant={activeView === 'history' ? 'filled' : 'text'}
+        onClick={() =>
+          navigate({
+            to: '/admin/collections/$collection/$id/history' as never,
+            params: { collection, id: documentId },
+            search: locale ? { locale } : {},
+          })
+        }
+      >
+        <HistoryIcon className={cx('byline-view-menu-icon-button-icon', styles.iconButtonIcon)} />
+      </IconButton>
+      <Button
+        size="xs"
+        variant={activeView === 'edit' ? 'filled' : 'outlined'}
+        className={cx('byline-view-menu-button', styles.button)}
+        onClick={() =>
+          navigate({
+            to: '/admin/collections/$collection/$id' as never,
+            params: { collection, id: documentId },
+            search: locale ? { locale } : {},
+          })
+        }
+      >
+        Edit
+      </Button>
+      <Button
+        size="xs"
+        variant={activeView === 'api' ? 'filled' : 'outlined'}
+        className={cx('byline-view-menu-button', styles.button)}
+        onClick={() =>
+          navigate({
+            to: '/admin/collections/$collection/$id/api' as never,
+            params: { collection, id: documentId },
+            search: locale ? { locale } : {},
+          })
+        }
+      >
+        API
+      </Button>
+    </div>
+  )
+}

package/src/auth/auth-context.test.node.ts ADDED Viewed

@@ -0,0 +1,200 @@
+/**
+ * This Source Code is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * Copyright (c) Infonomic Company Limited
+ */
+/**
+ * Unit coverage for the admin request-context resolver. Mocks the
+ * TanStack Start cookie helpers and the `bylineCore.sessionProvider` so
+ * the branches can be exercised without a live Postgres or JWT
+ * machinery.
+ */
+import { AdminAuth, AuthError, AuthErrorCodes } from '@byline/auth'
+import { afterEach, beforeEach, describe, expect, it, vi } from 'vitest'
+// ---------------------------------------------------------------------------
+// Mocks — must be declared before the module under test is imported.
+// `vi.mock` is hoisted to the top of the file, so the fakes themselves
+// have to go through `vi.hoisted` to be available when the factory runs.
+// ---------------------------------------------------------------------------
+const mocks = vi.hoisted(() => ({
+  verifyAccessToken: vi.fn(),
+  refreshSession: vi.fn(),
+  getCookie: vi.fn(),
+  setCookie: vi.fn(),
+  getRequestHeader: vi.fn(),
+}))
+vi.mock('@byline/core', async () => {
+  const actual = await vi.importActual<typeof import('@byline/core')>('@byline/core')
+  return {
+    ...actual,
+    getServerConfig: () => ({
+      sessionProvider: {
+        verifyAccessToken: mocks.verifyAccessToken,
+        refreshSession: mocks.refreshSession,
+      },
+    }),
+  }
+})
+vi.mock('@tanstack/react-start/server', () => ({
+  getCookie: mocks.getCookie,
+  setCookie: mocks.setCookie,
+  getRequestHeader: mocks.getRequestHeader,
+}))
+const { verifyAccessToken, refreshSession, getCookie, setCookie } = mocks
+// Import AFTER mocks are declared.
+import { getAdminRequestContext } from './auth-context.js'
+// ---------------------------------------------------------------------------
+function cookiesReturn(values: Record<string, string | undefined>) {
+  getCookie.mockImplementation((name: string) => values[name])
+}
+function stubActor() {
+  return new AdminAuth({
+    id: 'admin-1',
+    abilities: ['collections.pages.read'],
+  })
+}
+describe('getAdminRequestContext', () => {
+  beforeEach(() => {
+    vi.clearAllMocks()
+  })
+  afterEach(() => {
+    vi.clearAllMocks()
+  })
+  it('returns the actor directly when the access token verifies', async () => {
+    cookiesReturn({
+      byline_access_token: 'valid-access',
+      byline_refresh_token: 'some-refresh',
+    })
+    const actor = stubActor()
+    verifyAccessToken.mockResolvedValueOnce({ actor })
+    const ctx = await getAdminRequestContext()
+    expect(ctx.actor).toBe(actor)
+    expect(ctx.readMode).toBe('any')
+    expect(refreshSession).not.toHaveBeenCalled()
+    expect(setCookie).not.toHaveBeenCalled()
+  })
+  it('refreshes when the access token fails verification', async () => {
+    cookiesReturn({
+      byline_access_token: 'stale-access',
+      byline_refresh_token: 'valid-refresh',
+    })
+    const actor = stubActor()
+    verifyAccessToken.mockRejectedValueOnce(new Error('expired')).mockResolvedValueOnce({ actor })
+    refreshSession.mockResolvedValueOnce({
+      accessToken: 'fresh-access',
+      refreshToken: 'fresh-refresh',
+      accessTokenExpiresAt: new Date(Date.now() + 15 * 60_000),
+      refreshTokenExpiresAt: new Date(Date.now() + 30 * 24 * 60 * 60_000),
+    })
+    const ctx = await getAdminRequestContext()
+    expect(ctx.actor).toBe(actor)
+    expect(refreshSession).toHaveBeenCalledWith({ refreshToken: 'valid-refresh' })
+    // Both access + refresh cookies should have been written with maxAge > 0.
+    expect(setCookie).toHaveBeenCalledTimes(2)
+    const accessCall = setCookie.mock.calls.find((c) => c[0] === 'byline_access_token')
+    expect(accessCall?.[1]).toBe('fresh-access')
+    expect(accessCall?.[2]?.maxAge).toBeGreaterThan(0)
+  })
+  it('refreshes when the access cookie is missing but a refresh cookie exists', async () => {
+    cookiesReturn({ byline_refresh_token: 'only-refresh' })
+    const actor = stubActor()
+    refreshSession.mockResolvedValueOnce({
+      accessToken: 'fresh-access',
+      refreshToken: 'fresh-refresh',
+      accessTokenExpiresAt: new Date(Date.now() + 15 * 60_000),
+      refreshTokenExpiresAt: new Date(Date.now() + 30 * 24 * 60 * 60_000),
+    })
+    verifyAccessToken.mockResolvedValueOnce({ actor })
+    const ctx = await getAdminRequestContext()
+    expect(ctx.actor).toBe(actor)
+    // The access-token path was skipped (no cookie) so verifyAccessToken ran
+    // only for the freshly-issued token.
+    expect(verifyAccessToken).toHaveBeenCalledTimes(1)
+    expect(verifyAccessToken).toHaveBeenCalledWith('fresh-access')
+  })
+  it('throws ERR_UNAUTHENTICATED and clears cookies when no session exists', async () => {
+    cookiesReturn({})
+    try {
+      await getAdminRequestContext()
+      expect.fail('expected ERR_UNAUTHENTICATED')
+    } catch (err) {
+      expect(err).toBeInstanceOf(AuthError)
+      expect((err as AuthError).code).toBe(AuthErrorCodes.UNAUTHENTICATED)
+    }
+    // Cookie clear = setCookie with empty value and maxAge 0 for both names.
+    const clears = setCookie.mock.calls.filter((c) => c[2]?.maxAge === 0)
+    const clearedNames = new Set(clears.map((c) => c[0]))
+    expect(clearedNames.has('byline_access_token')).toBe(true)
+    expect(clearedNames.has('byline_refresh_token')).toBe(true)
+  })
+  it('clears cookies and throws when refresh itself fails', async () => {
+    cookiesReturn({
+      byline_access_token: 'stale',
+      byline_refresh_token: 'bad-refresh',
+    })
+    verifyAccessToken.mockRejectedValueOnce(new Error('expired'))
+    refreshSession.mockRejectedValueOnce(new Error('revoked'))
+    try {
+      await getAdminRequestContext()
+      expect.fail('expected ERR_UNAUTHENTICATED')
+    } catch (err) {
+      expect(err).toBeInstanceOf(AuthError)
+      expect((err as AuthError).code).toBe(AuthErrorCodes.UNAUTHENTICATED)
+    }
+    const clears = setCookie.mock.calls.filter((c) => c[2]?.maxAge === 0)
+    expect(clears.length).toBe(2)
+  })
+  it('clears cookies and throws when the refreshed access token fails to verify', async () => {
+    cookiesReturn({
+      byline_access_token: 'stale',
+      byline_refresh_token: 'valid',
+    })
+    verifyAccessToken
+      .mockRejectedValueOnce(new Error('expired'))
+      .mockRejectedValueOnce(new Error('still bad'))
+    refreshSession.mockResolvedValueOnce({
+      accessToken: 'fresh-but-somehow-bad',
+      refreshToken: 'fresh-refresh',
+      accessTokenExpiresAt: new Date(Date.now() + 15 * 60_000),
+      refreshTokenExpiresAt: new Date(Date.now() + 30 * 24 * 60 * 60_000),
+    })
+    try {
+      await getAdminRequestContext()
+      expect.fail('expected ERR_UNAUTHENTICATED')
+    } catch (err) {
+      expect((err as AuthError).code).toBe(AuthErrorCodes.UNAUTHENTICATED)
+    }
+    const clears = setCookie.mock.calls.filter((c) => c[2]?.maxAge === 0)
+    expect(clears.length).toBe(2)
+  })
+})

package/src/auth/auth-context.ts ADDED Viewed

@@ -0,0 +1,119 @@
+/**
+ * This Source Code is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * Copyright (c) Infonomic Company Limited
+ */
+/**
+ * Request-scoped auth context for admin server functions.
+ *
+ * Reads the session cookies, verifies the access token, transparently
+ * refreshes when needed, and returns a `RequestContext` carrying the
+ * authenticated `AdminAuth`. Every admin server fn calls this as its
+ * first step — it is the single point where the admin transport boundary
+ * meets the actor/ability machinery.
+ *
+ * Flow, in order:
+ *
+ *   1. Read the access cookie.
+ *   2. If present, try `sessionProvider.verifyAccessToken`. On success,
+ *      return the context — no DB write, no cookie churn.
+ *   3. On verify failure (or missing access cookie), read the refresh
+ *      cookie. If present, call `sessionProvider.refreshSession` — this
+ *      rotates the refresh token atomically and issues a new access
+ *      token. Write both fresh cookies to the response.
+ *   4. Verify the new access token (populate the actor) and return the
+ *      context.
+ *   5. Any failure along the way clears both cookies so the browser
+ *      stops sending a session the server has already rejected, and
+ *      throws `ERR_UNAUTHENTICATED`.
+ *
+ * Burns a refresh-token rotation only when the access token actually
+ * fails verification — not on every request. The "one session" UX is
+ * the consequence of this helper working invisibly behind each call.
+ */
+import { ERR_UNAUTHENTICATED, type RequestContext } from '@byline/auth'
+import { getServerConfig } from '@byline/core'
+import { v7 as uuidv7 } from 'uuid'
+import {
+  clearSessionCookies,
+  readAccessTokenCookie,
+  readRefreshTokenCookie,
+  setSessionCookies,
+} from './auth-cookies.js'
+function requireSessionProvider() {
+  const provider = getServerConfig().sessionProvider
+  if (!provider) {
+    throw new Error(
+      'No sessionProvider configured on ServerConfig. ' +
+        'Construct a JwtSessionProvider in your server config and pass it to initBylineCore().'
+    )
+  }
+  return provider
+}
+export async function getAdminRequestContext(): Promise<RequestContext> {
+  const provider = requireSessionProvider()
+  const accessToken = readAccessTokenCookie()
+  // Happy path: valid access token.
+  if (accessToken) {
+    try {
+      const { actor } = await provider.verifyAccessToken(accessToken)
+      return {
+        actor,
+        requestId: uuidv7(),
+        readMode: 'any',
+      }
+    } catch {
+      // Fall through to refresh — we'll burn a rotation only when the
+      // access token genuinely can't verify.
+    }
+  }
+  // Refresh path: swap the refresh cookie for a fresh token pair.
+  const refreshToken = readRefreshTokenCookie()
+  if (!refreshToken) {
+    // No session at all — clear anything stale and reject.
+    clearSessionCookies()
+    throw ERR_UNAUTHENTICATED({ message: 'no admin session' })
+  }
+  let refreshed: Awaited<ReturnType<typeof provider.refreshSession>>
+  try {
+    refreshed = await provider.refreshSession({ refreshToken })
+  } catch (err) {
+    clearSessionCookies()
+    throw ERR_UNAUTHENTICATED({
+      message: 'admin session could not be refreshed',
+      cause: err,
+    })
+  }
+  // Write the new cookies so subsequent requests skip the refresh path.
+  setSessionCookies(refreshed)
+  // Verify the freshly-minted access token to extract the actor.
+  let verified: Awaited<ReturnType<typeof provider.verifyAccessToken>>
+  try {
+    verified = await provider.verifyAccessToken(refreshed.accessToken)
+  } catch (err) {
+    clearSessionCookies()
+    throw ERR_UNAUTHENTICATED({
+      message: 'refreshed access token did not verify',
+      cause: err,
+    })
+  }
+  return {
+    actor: verified.actor,
+    requestId: uuidv7(),
+    readMode: 'any',
+  }
+}

package/src/auth/auth-cookies.ts ADDED Viewed

@@ -0,0 +1,113 @@
+/**
+ * This Source Code is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * Copyright (c) Infonomic Company Limited
+ */
+/**
+ * Cookie helpers for admin session management.
+ *
+ * Two separate httpOnly cookies, one for each token half:
+ *
+ *   - `byline_access_token`  — short-lived JWT; sent on every request.
+ *   - `byline_refresh_token` — long-lived opaque string; sent back only
+ *                              when the access cookie is missing or
+ *                              expired, to mint a new access token.
+ *
+ * Presenting "one session" to the user is a function of the middleware —
+ * `getAdminRequestContext()` transparently refreshes the access cookie
+ * using the refresh cookie, so the UI layer doesn't have to care.
+ *
+ * All cookies set here use:
+ *   - `httpOnly: true`   — inaccessible to JavaScript (XSS-hardened).
+ *   - `sameSite: 'lax'`  — sent on top-level navigations but not
+ *                          cross-origin subrequests (reasonable default
+ *                          for an admin SSR app).
+ *   - `secure: true` in production — https-only; dev keeps it off so
+ *                          cookies work on http://localhost.
+ *   - `path: '/'`        — available everywhere in the app.
+ */
+import { getCookie, setCookie } from '@tanstack/react-start/server'
+export const ACCESS_TOKEN_COOKIE = 'byline_access_token'
+export const REFRESH_TOKEN_COOKIE = 'byline_refresh_token'
+const IS_PROD = process.env.NODE_ENV === 'production'
+/** Read the access-token cookie. Returns undefined when not present. */
+export function readAccessTokenCookie(): string | undefined {
+  return getCookie(ACCESS_TOKEN_COOKIE)
+}
+/** Read the refresh-token cookie. Returns undefined when not present. */
+export function readRefreshTokenCookie(): string | undefined {
+  return getCookie(REFRESH_TOKEN_COOKIE)
+}
+export interface SessionCookieTokens {
+  accessToken: string
+  refreshToken: string
+  accessTokenExpiresAt: Date
+  refreshTokenExpiresAt: Date
+}
+/**
+ * Write both access and refresh cookies. Called after sign-in and after
+ * every transparent refresh in `getAdminRequestContext()`.
+ *
+ * `maxAge` is derived from each token's own expiry claim so the browser
+ * drops the cookies at the same moment the server would reject them —
+ * saves round trips when the refresh token has fully expired.
+ */
+export function setSessionCookies(tokens: SessionCookieTokens): void {
+  const now = Date.now()
+  const accessMaxAgeSeconds = Math.max(
+    0,
+    Math.floor((tokens.accessTokenExpiresAt.getTime() - now) / 1000)
+  )
+  const refreshMaxAgeSeconds = Math.max(
+    0,
+    Math.floor((tokens.refreshTokenExpiresAt.getTime() - now) / 1000)
+  )
+  setCookie(ACCESS_TOKEN_COOKIE, tokens.accessToken, {
+    httpOnly: true,
+    sameSite: 'lax',
+    secure: IS_PROD,
+    path: '/',
+    maxAge: accessMaxAgeSeconds,
+  })
+  setCookie(REFRESH_TOKEN_COOKIE, tokens.refreshToken, {
+    httpOnly: true,
+    sameSite: 'lax',
+    secure: IS_PROD,
+    path: '/',
+    maxAge: refreshMaxAgeSeconds,
+  })
+}
+/**
+ * Clear both session cookies. Called on sign-out and on any auth failure
+ * during `getAdminRequestContext()` (ensures the browser does not keep
+ * trying a token that the server has already rejected).
+ */
+export function clearSessionCookies(): void {
+  setCookie(ACCESS_TOKEN_COOKIE, '', {
+    httpOnly: true,
+    sameSite: 'lax',
+    secure: IS_PROD,
+    path: '/',
+    maxAge: 0,
+  })
+  setCookie(REFRESH_TOKEN_COOKIE, '', {
+    httpOnly: true,
+    sameSite: 'lax',
+    secure: IS_PROD,
+    path: '/',
+    maxAge: 0,
+  })
+}