npm - @c9up/station - Versions diffs - 0.1.5 - Mend

@c9up/station 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (73) hide show

package/LICENSE +21 -0
package/README.md +3 -0
package/dist/ResourceRegistry.d.ts +18 -0
package/dist/ResourceRegistry.d.ts.map +1 -0
package/dist/ResourceRegistry.js +38 -0
package/dist/ResourceRegistry.js.map +1 -0
package/dist/StationProvider.d.ts +109 -0
package/dist/StationProvider.d.ts.map +1 -0
package/dist/StationProvider.js +1144 -0
package/dist/StationProvider.js.map +1 -0
package/dist/casing.d.ts +27 -0
package/dist/casing.d.ts.map +1 -0
package/dist/casing.js +75 -0
package/dist/casing.js.map +1 -0
package/dist/defineResource.d.ts +9 -0
package/dist/defineResource.d.ts.map +1 -0
package/dist/defineResource.js +84 -0
package/dist/defineResource.js.map +1 -0
package/dist/index.d.ts +7 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +6 -0
package/dist/index.js.map +1 -0
package/dist/services/main.d.ts +18 -0
package/dist/services/main.d.ts.map +1 -0
package/dist/services/main.js +31 -0
package/dist/services/main.js.map +1 -0
package/dist/types.d.ts +85 -0
package/dist/types.d.ts.map +1 -0
package/dist/types.js +8 -0
package/dist/types.js.map +1 -0
package/dist/views/errors/404.d.ts +12 -0
package/dist/views/errors/404.d.ts.map +1 -0
package/dist/views/errors/404.js +19 -0
package/dist/views/errors/404.js.map +1 -0
package/dist/views/escape.d.ts +30 -0
package/dist/views/escape.d.ts.map +1 -0
package/dist/views/escape.js +34 -0
package/dist/views/escape.js.map +1 -0
package/dist/views/form.d.ts +34 -0
package/dist/views/form.d.ts.map +1 -0
package/dist/views/form.js +139 -0
package/dist/views/form.js.map +1 -0
package/dist/views/layout.d.ts +24 -0
package/dist/views/layout.d.ts.map +1 -0
package/dist/views/layout.js +85 -0
package/dist/views/layout.js.map +1 -0
package/dist/views/list.d.ts +22 -0
package/dist/views/list.d.ts.map +1 -0
package/dist/views/list.js +85 -0
package/dist/views/list.js.map +1 -0
package/dist/views/login.d.ts +25 -0
package/dist/views/login.d.ts.map +1 -0
package/dist/views/login.js +44 -0
package/dist/views/login.js.map +1 -0
package/dist/views/show.d.ts +17 -0
package/dist/views/show.d.ts.map +1 -0
package/dist/views/show.js +24 -0
package/dist/views/show.js.map +1 -0
package/package.json +63 -0
package/src/ResourceRegistry.ts +49 -0
package/src/StationProvider.ts +1579 -0
package/src/casing.ts +86 -0
package/src/defineResource.ts +126 -0
package/src/index.ts +14 -0
package/src/services/main.ts +39 -0
package/src/types.ts +108 -0
package/src/views/errors/404.ts +27 -0
package/src/views/escape.ts +46 -0
package/src/views/form.ts +191 -0
package/src/views/layout.ts +90 -0
package/src/views/list.ts +121 -0
package/src/views/login.ts +65 -0
package/src/views/show.ts +37 -0

package/src/views/layout.ts ADDED Viewed

@@ -0,0 +1,90 @@
+/**
+ * Layout shell shared by every Station page (list / show / 404 in this
+ * story; create / edit will join later). Pure string output so consumers
+ * can `response.send(html)` directly without bundler glue.
+ *
+ * Inline CSS lives here rather than `/_assets/station/*` because Story
+ * 54.2 ships zero assets — the route mount that serves a separate
+ * stylesheet lands in 54.7 alongside the Warden + login plumbing. The
+ * size budget (~80 lines, ~3 KB) keeps the inline approach cheaper than
+ * an extra round-trip per page until then.
+ */
+import { escapeHtml, type SafeHtml } from "./escape.js";
+/** ~80 LOC inline stylesheet. Dependency-free; no PostCSS, no Tailwind. */
+export const STATION_INLINE_CSS = `
+:root {
+  color-scheme: light dark;
+  --st-fg: #1f2937;
+  --st-fg-muted: #6b7280;
+  --st-bg: #ffffff;
+  --st-bg-alt: #f9fafb;
+  --st-border: #e5e7eb;
+  --st-accent: #2563eb;
+  --st-accent-hover: #1d4ed8;
+  --st-danger: #b91c1c;
+  font-family: system-ui, -apple-system, "Segoe UI", Roboto, sans-serif;
+}
+@media (prefers-color-scheme: dark) {
+  :root {
+    --st-fg: #e5e7eb;
+    --st-fg-muted: #9ca3af;
+    --st-bg: #0f172a;
+    --st-bg-alt: #1e293b;
+    --st-border: #334155;
+    --st-accent: #60a5fa;
+    --st-accent-hover: #93c5fd;
+  }
+}
+body { margin: 0; color: var(--st-fg); background: var(--st-bg); }
+main { max-width: 64rem; margin: 0 auto; padding: 2rem 1.5rem; }
+h1 { font-size: 1.75rem; margin: 0 0 1.5rem; }
+a { color: var(--st-accent); text-decoration: none; }
+a:hover { color: var(--st-accent-hover); text-decoration: underline; }
+table { width: 100%; border-collapse: collapse; margin-bottom: 1.5rem; }
+th, td {
+  text-align: left;
+  padding: 0.5rem 0.75rem;
+  border-bottom: 1px solid var(--st-border);
+  vertical-align: top;
+}
+th { background: var(--st-bg-alt); font-weight: 600; }
+tbody tr:hover { background: var(--st-bg-alt); }
+.st-empty { color: var(--st-fg-muted); font-style: italic; }
+.st-pager { display: flex; gap: 0.5rem; align-items: center; flex-wrap: wrap; margin-bottom: 0.75rem; }
+.st-pager a, .st-pager span { padding: 0.25rem 0.5rem; border-radius: 0.25rem; }
+.st-pager a { border: 1px solid var(--st-border); }
+.st-pager strong { padding: 0.25rem 0.5rem; background: var(--st-accent); color: var(--st-bg); border-radius: 0.25rem; }
+.st-pager .st-disabled { color: var(--st-fg-muted); border: 1px solid var(--st-border); }
+.st-pager .st-ellipsis { color: var(--st-fg-muted); }
+.st-caption { color: var(--st-fg-muted); font-size: 0.875rem; }
+dl { display: grid; grid-template-columns: max-content 1fr; gap: 0.5rem 1.5rem; }
+dt { font-weight: 600; color: var(--st-fg-muted); }
+dd { margin: 0; }
+.st-backlink { display: inline-block; margin-top: 1.5rem; }
+`.trim();
+/**
+ * Render the outer HTML shell. `bodyHtml` is a `SafeHtml` brand to make
+ * the trust boundary explicit: callers must escape every dynamic value
+ * inside the body, then wrap the final string via `safeHtml()`.
+ */
+export function renderLayout(input: {
+	title: string;
+	bodyHtml: SafeHtml;
+}): string {
+	const titleEscaped = escapeHtml(input.title);
+	return `<!doctype html>
+<html lang="en">
+<head>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width,initial-scale=1">
+  <title>${titleEscaped} · Station</title>
+  <style>${STATION_INLINE_CSS}</style>
+</head>
+<body>
+  <main>${input.bodyHtml.html}</main>
+</body>
+</html>`;
+}

package/src/views/list.ts ADDED Viewed

@@ -0,0 +1,121 @@
+/**
+ * `GET /admin/<slug>` — paginated list view.
+ *
+ * Pure `(input) => string` renderer. Every dynamic value flows through
+ * `escapeHtml()` or `encodeURIComponent()` (URL components). The
+ * "interpolation must wrap" rule is grep-enforced by
+ * `tests/unit/no-unescaped-interpolation.test.ts`.
+ */
+import type { ColumnMetadata } from "@c9up/atlas";
+import type { Resource } from "../types.js";
+import { escapeHtml, safeHtml } from "./escape.js";
+import { renderLayout } from "./layout.js";
+export interface ListPageInput {
+	resource: Resource;
+	rows: ReadonlyArray<Record<string, unknown>>;
+	columns: ReadonlyArray<ColumnMetadata>;
+	pkColumn: string;
+	page: number;
+	perPage: number;
+	total: number;
+	lastPage: number;
+}
+export function renderListPage(input: ListPageInput): string {
+	const { resource, rows, columns, pkColumn, page, perPage, total, lastPage } =
+		input;
+	const slug = encodeURIComponent(resource.name);
+	const body =
+		rows.length === 0
+			? renderEmptyState(resource)
+			: renderTable(rows, columns, pkColumn, slug);
+	const pager = renderPager(slug, page, perPage, lastPage);
+	const caption = renderCaption(page, perPage, total);
+	return renderLayout({
+		title: resource.label,
+		bodyHtml: safeHtml(
+			`<h1>${escapeHtml(resource.label)}</h1>${body}${pager}${caption}`,
+		),
+	});
+}
+function renderEmptyState(resource: Resource): string {
+	return `<p class="st-empty">No ${escapeHtml(resource.label.toLowerCase())} yet.</p>`;
+}
+function renderTable(
+	rows: ReadonlyArray<Record<string, unknown>>,
+	columns: ReadonlyArray<ColumnMetadata>,
+	pkColumn: string,
+	slug: string,
+): string {
+	const headers = columns
+		.map((c) => `<th>${escapeHtml(c.propertyKey)}</th>`)
+		.join("");
+	const headerRow = `<thead><tr>${headers}<th></th></tr></thead>`;
+	const bodyRows = rows
+		.map((row) => {
+			const cells = columns
+				.map((c) => `<td>${escapeHtml(row[c.propertyKey])}</td>`)
+				.join("");
+			const id = String(row[pkColumn] ?? "");
+			const showLink = `<td><a href="/admin/${slug}/${encodeURIComponent(id)}">Show</a></td>`;
+			return `<tr>${cells}${showLink}</tr>`;
+		})
+		.join("");
+	return `<table>${headerRow}<tbody>${bodyRows}</tbody></table>`;
+}
+function renderPager(
+	slug: string,
+	page: number,
+	perPage: number,
+	lastPage: number,
+): string {
+	const pp = encodeURIComponent(String(perPage));
+	const prev =
+		page > 1
+			? `<a href="/admin/${slug}?page=${page - 1}&perPage=${pp}">« Prev</a>`
+			: `<span class="st-disabled">« Prev</span>`;
+	const next =
+		page < lastPage
+			? `<a href="/admin/${slug}?page=${page + 1}&perPage=${pp}">Next »</a>`
+			: `<span class="st-disabled">Next »</span>`;
+	const numbers = renderPageNumbers(slug, page, lastPage, pp);
+	return `<div class="st-pager">${prev}${numbers}${next}</div>`;
+}
+function renderPageNumbers(
+	slug: string,
+	page: number,
+	lastPage: number,
+	pp: string,
+): string {
+	const link = (n: number): string =>
+		n === page
+			? `<strong>${n}</strong>`
+			: `<a href="/admin/${slug}?page=${n}&perPage=${pp}">${n}</a>`;
+	if (lastPage <= 7) {
+		const parts: string[] = [];
+		for (let i = 1; i <= lastPage; i++) parts.push(link(i));
+		return parts.join("");
+	}
+	// Collapsed shape: 1 … current-1, current, current+1 … lastPage
+	const parts: string[] = [link(1)];
+	const start = Math.max(2, page - 1);
+	const end = Math.min(lastPage - 1, page + 1);
+	if (start > 2) parts.push(`<span class="st-ellipsis">…</span>`);
+	for (let i = start; i <= end; i++) parts.push(link(i));
+	if (end < lastPage - 1) parts.push(`<span class="st-ellipsis">…</span>`);
+	parts.push(link(lastPage));
+	return parts.join("");
+}
+function renderCaption(page: number, perPage: number, total: number): string {
+	if (total === 0) return "";
+	const start = (page - 1) * perPage + 1;
+	const end = Math.min(page * perPage, total);
+	return `<p class="st-caption">Showing ${start}–${end} of ${total}</p>`;
+}

package/src/views/login.ts ADDED Viewed

@@ -0,0 +1,65 @@
+/**
+ * `GET /admin/login` — sign-in form rendered by StationProvider when
+ * the host has `@c9up/warden` wired (Story 54.7). The form POSTs
+ * `email` + `password` to `/admin/login`; the provider's
+ * `buildLoginHandler` runs them through `auth.authenticate(...)` and
+ * sets a session cookie on success.
+ *
+ * Every dynamic value flows through `escapeHtml()` so a tampered
+ * `?error=…` query parameter cannot smuggle markup into the page.
+ */
+import { escapeHtml, safeHtml } from "./escape.js";
+import { renderLayout } from "./layout.js";
+export interface LoginPageInput {
+	/** Pre-fill the email field (e.g. after a failed attempt). */
+	email?: string;
+	/** Optional error message to display above the form. */
+	error?: string;
+	/** Form action path. Default `/admin/login`. */
+	action?: string;
+	/** Caller-controlled hidden inputs (typically `_csrf`). */
+	hiddenInputs?: ReadonlyArray<{ name: string; value: string }>;
+}
+export function renderLoginPage(input: LoginPageInput): string {
+	const email = input.email ?? "";
+	const error = input.error;
+	const action = input.action ?? "/admin/login";
+	const hiddens = (input.hiddenInputs ?? [])
+		.map(
+			(h) =>
+				`<input type="hidden" name="${escapeHtml(h.name)}" value="${escapeHtml(h.value)}">`,
+		)
+		.join("");
+	const errorBlock =
+		error !== undefined
+			? `<p class="st-form-error" role="alert">${escapeHtml(error)}</p>`
+			: "";
+	const body =
+		`<h1>Sign in</h1>` +
+		errorBlock +
+		`<form class="st-form" method="POST" action="${escapeHtml(action)}">` +
+		hiddens +
+		`<div class="st-field">` +
+		`<label for="f-email">Email</label>` +
+		`<input id="f-email" type="email" name="email" value="${escapeHtml(email)}" required autocomplete="email" autofocus>` +
+		`</div>` +
+		`<div class="st-field">` +
+		`<label for="f-password">Password</label>` +
+		`<input id="f-password" type="password" name="password" required autocomplete="current-password">` +
+		`</div>` +
+		`<div class="st-form-actions">` +
+		`<button type="submit">Sign in</button>` +
+		`</div>` +
+		`</form>`;
+	return renderLayout({
+		title: "Sign in",
+		bodyHtml: safeHtml(body),
+	});
+}

package/src/views/show.ts ADDED Viewed

@@ -0,0 +1,37 @@
+/**
+ * `GET /admin/<slug>/:id` — detail view (columns only in 54.2).
+ *
+ * Relations are deferred — see story spec AC17 Spec Deviations. Every
+ * dynamic value flows through `escapeHtml()`; URL components through
+ * `encodeURIComponent()`.
+ */
+import type { ColumnMetadata } from "@c9up/atlas";
+import type { Resource } from "../types.js";
+import { escapeHtml, safeHtml } from "./escape.js";
+import { renderLayout } from "./layout.js";
+export interface ShowPageInput {
+	resource: Resource;
+	row: Record<string, unknown>;
+	columns: ReadonlyArray<ColumnMetadata>;
+	pkColumn: string;
+}
+export function renderShowPage(input: ShowPageInput): string {
+	const { resource, row, columns, pkColumn } = input;
+	const id = String(row[pkColumn] ?? "");
+	const slug = encodeURIComponent(resource.name);
+	const heading = `${escapeHtml(resource.label)} #${escapeHtml(id)}`;
+	const dl = columns
+		.map(
+			(c) =>
+				`<dt>${escapeHtml(c.propertyKey)}</dt><dd>${escapeHtml(row[c.propertyKey])}</dd>`,
+		)
+		.join("");
+	const backLink = `<a class="st-backlink" href="/admin/${slug}">← Back to ${escapeHtml(resource.label)}</a>`;
+	return renderLayout({
+		title: `${resource.label} #${id}`,
+		bodyHtml: safeHtml(`<h1>${heading}</h1><dl>${dl}</dl>${backLink}`),
+	});
+}