@camox/api 0.2.0-alpha.5

package/src/lib/content-markdown.ts

@@ -0,0 +1,117 @@
+export function contentToMarkdown(
+  toMarkdown: readonly string[],
+  schemaProperties: Record<string, any>,
+  content: Record<string, unknown>,
+  { insideList = false } = {},
+): string {
+  const parts: string[] = [];
+
+  for (const line of toMarkdown) {
+    const resolved = resolveLine(line, schemaProperties, content);
+    if (resolved !== null) parts.push(resolved);
+  }
+
+  return parts.join(insideList ? "\n" : "\n\n");
+}
+
+const PLACEHOLDER_RE = /\{\{(\w+)\}\}/g;
+
+function resolveLine(
+  line: string,
+  schemaProperties: Record<string, any>,
+  content: Record<string, unknown>,
+): string | null {
+  const placeholders = [...line.matchAll(PLACEHOLDER_RE)].map((m) => m[1]);
+  if (placeholders.length === 0) return line;
+
+  const resolvedValues = placeholders.map((key) =>
+    resolveField(schemaProperties[key], content[key]),
+  );
+  if (resolvedValues.every((v) => !v)) return null;
+
+  return line.replace(PLACEHOLDER_RE, (_match, key: string) => {
+    return resolveField(schemaProperties[key], content[key]) ?? "";
+  });
+}
+
+function resolveField(schema: any, value: unknown): string | undefined {
+  if (value == null) return undefined;
+  const fieldType: string | undefined = schema?.fieldType;
+
+  if (fieldType === "String") {
+    const text = String(value);
+    if (!text) return undefined;
+    return text;
+  }
+
+  if (fieldType === "Link") {
+    const link = value as Record<string, unknown>;
+    const text = link.text ?? "";
+    const href = link.href ?? link.pageId ?? "";
+    if (!text && !href) return undefined;
+    return `[${text}](${href})`;
+  }
+
+  if (fieldType === "Image") {
+    const img = value as Record<string, unknown>;
+    const alt = img.alt ?? "";
+    const filename = img.filename ?? "";
+    return `![${alt}](${filename})`;
+  }
+
+  if (fieldType === "File") {
+    const file = value as Record<string, unknown>;
+    const filename = file.filename ?? "";
+    const url = file.url ?? "";
+    return `[${filename}](${url})`;
+  }
+
+  if (fieldType === "Embed") {
+    const url = String(value);
+    return url || undefined;
+  }
+
+  if (fieldType === "RepeatableItem") {
+    if (!Array.isArray(value)) return undefined;
+    const itemSchema = schema?.items?.properties;
+    if (!itemSchema) return undefined;
+
+    const itemToMarkdown: readonly string[] | undefined = schema?.toMarkdown;
+
+    const itemParts: string[] = [];
+    for (const item of value) {
+      const itemContent =
+        item && typeof item === "object" && "content" in item ? (item as any).content : item;
+      if (!itemContent || typeof itemContent !== "object") continue;
+
+      let md: string;
+      if (itemToMarkdown) {
+        md = contentToMarkdown(itemToMarkdown, itemSchema, itemContent as Record<string, unknown>, {
+          insideList: true,
+        });
+      } else {
+        const fieldParts: string[] = [];
+        for (const key of Object.keys(itemSchema)) {
+          const resolved = resolveField(
+            itemSchema[key],
+            (itemContent as Record<string, unknown>)[key],
+          );
+          if (resolved) fieldParts.push(resolved);
+        }
+        md = fieldParts.join(" — ");
+      }
+      if (!md) continue;
+
+      const lines = md.split("\n");
+      const listItem = [`- ${lines[0]}`, ...lines.slice(1).map((l) => `  ${l}`)].join("\n");
+      itemParts.push(listItem);
+    }
+    return itemParts.length > 0 ? itemParts.join("\n") : undefined;
+  }
+
+  if (fieldType === "Boolean" || fieldType === "Enum") {
+    return String(value);
+  }
+
+  return undefined;
+}

package/src/lib/cross-domain.ts

@@ -0,0 +1,186 @@
+import type { BetterAuthPlugin } from "better-auth";
+import { createAuthEndpoint, createAuthMiddleware } from "better-auth/api";
+import { setSessionCookie } from "better-auth/cookies";
+import { generateRandomString } from "better-auth/crypto";
+import { oneTimeToken as oneTimeTokenPlugin } from "better-auth/plugins";
+import { z } from "zod";
+
+/**
+ * Cross-domain authentication plugin for better-auth.
+ *
+ * When the API server and frontend live on completely different domains,
+ * browsers won't send or accept cookies across origins. This plugin works
+ * around that by:
+ *
+ * 1. Reading cookies from a custom `Better-Auth-Cookie` request header
+ *    (sent by the client plugin) and injecting them as real cookies.
+ * 2. Moving `set-cookie` response headers into a custom
+ *    `Set-Better-Auth-Cookie` header so the client can persist them in
+ *    localStorage.
+ * 3. Rewriting relative callback URLs to absolute URLs using `siteUrl`.
+ * 4. Generating a one-time token after OAuth callbacks and redirecting
+ *    to the site with `?ott=<token>` so the frontend can exchange it
+ *    for a session.
+ *
+ * Adapted from `@convex-dev/better-auth/plugins/cross-domain`.
+ */
+export function crossDomain({ siteUrl }: { siteUrl: string }) {
+  const oneTimeToken = oneTimeTokenPlugin();
+
+  const rewriteCallbackURL = (callbackURL?: string) => {
+    if (!callbackURL) return callbackURL;
+    if (!callbackURL.startsWith("/")) return callbackURL;
+    if (!siteUrl) return callbackURL;
+    return new URL(callbackURL, siteUrl).toString();
+  };
+
+  const isExpoNative = (ctx: { headers?: Headers }) => {
+    return ctx.headers?.has("expo-origin");
+  };
+
+  return {
+    id: "cross-domain",
+    init() {
+      return {
+        options: {
+          trustedOrigins: [siteUrl],
+        },
+        context: {
+          oauthConfig: {
+            storeStateStrategy: "database",
+            // We can't relay the state cookie across a 302 redirect from the
+            // identity provider. The state token is still verified against the
+            // database, so this only means we can't prevent an OAuth flow
+            // started in one browser from completing in another.
+            skipStateCookieCheck: true,
+          },
+        },
+      };
+    },
+    hooks: {
+      before: [
+        // Inject the `Better-Auth-Cookie` header as a real cookie header
+        {
+          matcher(ctx) {
+            return (
+              Boolean(
+                ctx.request?.headers.has("better-auth-cookie") ||
+                ctx.headers?.has("better-auth-cookie"),
+              ) && !isExpoNative(ctx)
+            );
+          },
+          handler: createAuthMiddleware(async (ctx) => {
+            const existingHeaders = (ctx.request?.headers || ctx.headers) as Headers;
+            const headers = new Headers(Object.fromEntries(existingHeaders?.entries()));
+            if (headers.get("authorization")) return;
+            const cookie = headers.get("better-auth-cookie");
+            if (!cookie) return;
+            headers.append("cookie", cookie);
+            return { context: { headers } };
+          }),
+        },
+        // Rewrite relative callbackURL on email-verification GET requests
+        {
+          matcher: (ctx) =>
+            Boolean(
+              ctx.method === "GET" && ctx.path?.startsWith("/verify-email") && !isExpoNative(ctx),
+            ),
+          handler: createAuthMiddleware(async (ctx) => {
+            if (ctx.query?.callbackURL) {
+              ctx.query.callbackURL = rewriteCallbackURL(ctx.query.callbackURL);
+            }
+            return { context: ctx };
+          }),
+        },
+        // Rewrite relative callback URLs on POST requests
+        {
+          matcher: (ctx) => Boolean(ctx.method === "POST" && !isExpoNative(ctx)),
+          handler: createAuthMiddleware(async (ctx) => {
+            if (ctx.body?.callbackURL) {
+              ctx.body.callbackURL = rewriteCallbackURL(ctx.body.callbackURL);
+            }
+            if (ctx.body?.newUserCallbackURL) {
+              ctx.body.newUserCallbackURL = rewriteCallbackURL(ctx.body.newUserCallbackURL);
+            }
+            if (ctx.body?.errorCallbackURL) {
+              ctx.body.errorCallbackURL = rewriteCallbackURL(ctx.body.errorCallbackURL);
+            }
+            return { context: ctx };
+          }),
+        },
+      ],
+      after: [
+        // Move `set-cookie` → `Set-Better-Auth-Cookie` header
+        {
+          matcher(ctx) {
+            return (
+              Boolean(
+                ctx.request?.headers.has("better-auth-cookie") ||
+                ctx.headers?.has("better-auth-cookie"),
+              ) && !isExpoNative(ctx)
+            );
+          },
+          handler: createAuthMiddleware(async (ctx) => {
+            const setCookie = ctx.context.responseHeaders?.get("set-cookie");
+            if (!setCookie) return;
+            ctx.context.responseHeaders?.delete("set-cookie");
+            ctx.setHeader("Set-Better-Auth-Cookie", setCookie);
+          }),
+        },
+        // After OAuth / magic-link callbacks, generate a one-time token and
+        // redirect to the site URL with `?ott=<token>`
+        {
+          matcher: (ctx) =>
+            Boolean(
+              (ctx.path?.startsWith("/callback") ||
+                ctx.path?.startsWith("/oauth2/callback") ||
+                ctx.path?.startsWith("/magic-link/verify")) &&
+              !isExpoNative(ctx),
+            ),
+          handler: createAuthMiddleware(async (ctx) => {
+            const session = ctx.context.newSession;
+            if (!session) {
+              ctx.context.logger.error("No session found");
+              return;
+            }
+            const token = generateRandomString(32);
+            const expiresAt = new Date(Date.now() + 3 * 60 * 1000);
+            await ctx.context.internalAdapter.createVerificationValue({
+              value: session.session.token,
+              identifier: `one-time-token:${token}`,
+              expiresAt,
+            });
+            const redirectTo = ctx.context.responseHeaders?.get("location");
+            if (!redirectTo) {
+              ctx.context.logger.error("No redirect to found");
+              return;
+            }
+            const url = new URL(redirectTo);
+            url.searchParams.set("ott", token);
+            throw ctx.redirect(url.toString());
+          }),
+        },
+      ],
+    },
+    endpoints: {
+      verifyOneTimeToken: createAuthEndpoint(
+        "/cross-domain/one-time-token/verify",
+        {
+          method: "POST",
+          body: z.object({
+            token: z.string(),
+          }),
+        },
+        async (ctx) => {
+          const response = await oneTimeToken.endpoints.verifyOneTimeToken({
+            ...ctx,
+            returnHeaders: false,
+            returnStatus: false,
+          });
+          await setSessionCookie(ctx, response);
+          return response;
+        },
+      ),
+    },
+  } satisfies BetterAuthPlugin;
+}

package/src/lib/lexical-state.ts

@@ -0,0 +1,196 @@
+const FORMAT_FLAGS = {
+  bold: 1,
+  italic: 2,
+} as const;
+
+const MARKDOWN_WRAPPERS: Record<string, (text: string) => string> = {
+  bold: (text) => `**${text}**`,
+  italic: (text) => `*${text}*`,
+};
+
+function lexicalTextToMarkdown(text: string, format: number): string {
+  let result = text;
+  for (const [key, wrapper] of Object.entries(MARKDOWN_WRAPPERS)) {
+    const flag = FORMAT_FLAGS[key as keyof typeof FORMAT_FLAGS];
+    if (flag && format & flag) {
+      result = wrapper(result);
+    }
+  }
+  return result;
+}
+
+export function isLexicalState(value: unknown): boolean {
+  if (typeof value === "object" && value !== null) {
+    return (value as any)?.root?.type === "root";
+  }
+  if (typeof value !== "string") return false;
+  try {
+    const parsed = JSON.parse(value);
+    return parsed?.root?.type === "root";
+  } catch {
+    return false;
+  }
+}
+
+export function plainTextToLexicalState(text: string): Record<string, unknown> {
+  return {
+    root: {
+      children: [
+        {
+          children: [
+            {
+              detail: 0,
+              format: 0,
+              mode: "normal",
+              style: "",
+              text,
+              type: "text",
+              version: 1,
+            },
+          ],
+          direction: "ltr",
+          format: "",
+          indent: 0,
+          type: "paragraph",
+          version: 1,
+          textFormat: 0,
+          textStyle: "",
+        },
+      ],
+      direction: "ltr",
+      format: "",
+      indent: 0,
+      type: "root",
+      version: 1,
+    },
+  };
+}
+
+export function lexicalStateToPlainText(serialized: string | Record<string, unknown>): string {
+  try {
+    const parsed = typeof serialized === "object" ? serialized : JSON.parse(serialized);
+    return extractText(parsed.root);
+  } catch {
+    return typeof serialized === "string" ? serialized : "";
+  }
+}
+
+function extractText(node: any): string {
+  if (node.type === "text") return node.text ?? "";
+  if (node.type === "linebreak") return "\n";
+  if (!node.children) return "";
+
+  const parts: string[] = [];
+  for (const child of node.children) {
+    parts.push(extractText(child));
+  }
+
+  if (node.type === "paragraph" || node.type === "inline-paragraph" || node.type === "heading") {
+    return parts.join("");
+  }
+
+  return parts.join("\n\n");
+}
+
+export function lexicalStateToMarkdown(serialized: string | Record<string, unknown>): string {
+  try {
+    const parsed = typeof serialized === "object" ? serialized : JSON.parse(serialized);
+    return extractMarkdown(parsed.root);
+  } catch {
+    return typeof serialized === "string" ? serialized : "";
+  }
+}
+
+function extractMarkdownFromNode(node: any): string {
+  if (node.type === "text") {
+    return lexicalTextToMarkdown(node.text ?? "", node.format ?? 0);
+  }
+  if (node.type === "linebreak") return "\n";
+  if (!node.children) return "";
+
+  const parts: string[] = [];
+  for (const child of node.children) {
+    parts.push(extractMarkdownFromNode(child));
+  }
+  return parts.join("");
+}
+
+function extractMarkdown(node: any): string {
+  if (!node.children) return "";
+
+  const paragraphs: string[] = [];
+  for (const child of node.children) {
+    paragraphs.push(extractMarkdownFromNode(child));
+  }
+  return paragraphs.join("\n\n");
+}
+
+interface TextSegment {
+  text: string;
+  format: number;
+}
+
+function parseInlineMarkdown(text: string): any[] {
+  const segments: TextSegment[] = [];
+  const regex = /(\*{1,3})((?:(?!\1).)+)\1/g;
+  let lastIndex = 0;
+  let match;
+
+  while ((match = regex.exec(text)) !== null) {
+    if (match.index > lastIndex) {
+      segments.push({ text: text.slice(lastIndex, match.index), format: 0 });
+    }
+
+    const stars = match[1].length;
+    let format = 0;
+    if (stars === 1) format = FORMAT_FLAGS.italic;
+    else if (stars === 2) format = FORMAT_FLAGS.bold;
+    else if (stars === 3) format = FORMAT_FLAGS.bold | FORMAT_FLAGS.italic;
+
+    segments.push({ text: match[2], format });
+    lastIndex = match.index + match[0].length;
+  }
+
+  if (lastIndex < text.length) {
+    segments.push({ text: text.slice(lastIndex), format: 0 });
+  }
+
+  if (segments.length === 0) {
+    segments.push({ text, format: 0 });
+  }
+
+  return segments.map((seg) => ({
+    detail: 0,
+    format: seg.format,
+    mode: "normal",
+    style: "",
+    text: seg.text,
+    type: "text",
+    version: 1,
+  }));
+}
+
+export function markdownToLexicalState(markdown: string): Record<string, unknown> {
+  const paragraphs = markdown.split(/\n\n+/);
+  const children = paragraphs.map((para) => ({
+    children: parseInlineMarkdown(para),
+    direction: "ltr" as const,
+    format: "" as const,
+    indent: 0,
+    type: "paragraph" as const,
+    version: 1,
+    textFormat: 0,
+    textStyle: "",
+  }));
+
+  return {
+    root: {
+      children,
+      direction: "ltr",
+      format: "",
+      indent: 0,
+      type: "root",
+      version: 1,
+    },
+  };
+}

package/src/lib/query-keys.ts

@@ -0,0 +1,36 @@
+/**
+ * Use TypeScript to enforce 'camox' as the first query key to ensure they're all namespaced.
+ * This is because the Tanstack Query client on the frontend may be shared with the user's routes,
+ * so we ensure there won't be any key collisions.
+ */
+export type QueryKey = [first: "camox", ...rest: Array<string | number>];
+type QueryKeyGroup = Record<string, QueryKey | ((...args: any[]) => QueryKey)>;
+
+export const queryKeys = {
+  pages: {
+    list: ["camox", "pages", "list"],
+    getByPath: (path: string) => ["camox", "pages", "getByPath", path],
+    getByPathAll: ["camox", "pages", "getByPath"],
+    getById: (id: number) => ["camox", "pages", "getById", id],
+  },
+  files: {
+    list: ["camox", "files", "list"],
+    get: (id: number) => ["camox", "files", "get", id],
+  },
+  blocks: {
+    get: (id: number) => ["camox", "blocks", "get", id],
+    getUsageCounts: ["camox", "blocks", "getUsageCounts"],
+    getPageMarkdown: (pageId: number) => ["camox", "blocks", "getPageMarkdown", pageId],
+  },
+  repeatableItems: {
+    get: (id: number) => ["camox", "repeatableItems", "get", id],
+  },
+  layouts: {
+    all: ["camox", "layouts"],
+  },
+} satisfies Record<string, QueryKeyGroup>;
+
+export type InvalidationMessage = {
+  type: "invalidate";
+  targets: QueryKey[];
+};