@commonpub/layer 0.11.0 → 0.13.0

package/server/api/admin/navigation/items.put.ts

@@ -0,0 +1,51 @@
+import type { NavItem } from '@commonpub/server';
+import { setNavItems } from '@commonpub/server';
+import { z } from 'zod';
+
+const navItemSchema: z.ZodType<NavItem> = z.lazy(() =>
+  z.object({
+    id: z.string().min(1).max(64),
+    type: z.enum(['link', 'dropdown', 'external']),
+    label: z.string().min(1).max(128),
+    icon: z.string().max(128).optional(),
+    route: z.string().max(255).optional(),
+    href: z.string().url().max(1024).optional(),
+    featureGate: z.string().max(64).optional(),
+    children: z.array(navItemSchema).max(20).optional(),
+    visibleTo: z.enum(['all', 'authenticated', 'admin']).optional(),
+    disabled: z.boolean().optional(),
+  }),
+) as z.ZodType<NavItem>;
+
+const updateNavSchema = z.object({
+  items: z.array(navItemSchema).min(1).max(30),
+});
+
+/**
+ * PUT /api/admin/navigation/items
+ * Save navigation item configuration.
+ */
+export default defineEventHandler(async (event) => {
+  const user = requireAdmin(event);
+  const db = useDB();
+  const body = await parseBody(event, updateNavSchema);
+
+  // Validate unique IDs (flatten to check children too)
+  const ids = new Set<string>();
+  function collectIds(items: NavItem[]): void {
+    for (const item of items) {
+      if (ids.has(item.id)) {
+        throw createError({ statusCode: 400, statusMessage: `Duplicate nav item ID: ${item.id}` });
+      }
+      ids.add(item.id);
+      if (item.children) {
+        collectIds(item.children);
+      }
+    }
+  }
+  collectIds(body.items);
+
+  await setNavItems(db, body.items, user.id, getRequestIP(event) ?? undefined);
+
+  return { items: body.items, message: 'Navigation updated' };
+});

package/server/api/contests/[slug]/entries/[entryId]/vote.delete.ts

@@ -0,0 +1,20 @@
+import { removeContestEntryVote } from '@commonpub/server';
+
+/**
+ * DELETE /api/contests/:slug/entries/:entryId/vote
+ * Remove community vote from a contest entry.
+ */
+export default defineEventHandler(async (event) => {
+  requireFeature('contests');
+  const user = requireAuth(event);
+  const db = useDB();
+  const entryId = getRouterParam(event, 'entryId');
+  if (!entryId) throw createError({ statusCode: 400, statusMessage: 'Missing entryId' });
+
+  const removed = await removeContestEntryVote(db, entryId, user.id);
+  if (!removed) {
+    throw createError({ statusCode: 400, statusMessage: 'No vote found' });
+  }
+
+  return { removed: true };
+});

package/server/api/contests/[slug]/entries/[entryId]/vote.post.ts

@@ -0,0 +1,20 @@
+import { voteOnContestEntry } from '@commonpub/server';
+
+/**
+ * POST /api/contests/:slug/entries/:entryId/vote
+ * Vote on a contest entry (community voting).
+ */
+export default defineEventHandler(async (event) => {
+  requireFeature('contests');
+  const user = requireAuth(event);
+  const db = useDB();
+  const entryId = getRouterParam(event, 'entryId');
+  if (!entryId) throw createError({ statusCode: 400, statusMessage: 'Missing entryId' });
+
+  const result = await voteOnContestEntry(db, entryId, user.id);
+  if (!result.voted) {
+    throw createError({ statusCode: 400, statusMessage: result.error ?? 'Vote failed' });
+  }
+
+  return { voted: true };
+});

package/server/api/contests/[slug]/judge.post.ts

@@ -1,18 +1,16 @@
-import { judgeContestEntry, getContestBySlug } from '@commonpub/server';
+import { judgeContestEntry } from '@commonpub/server';
 import { judgeEntrySchema } from '@commonpub/schema';
 
 export default defineEventHandler(async (event): Promise<{ success: boolean }> => {
   requireFeature('contests');
   const user = requireAuth(event);
   const db = useDB();
-  const { slug } = parseParams(event, { slug: 'string' });
   const input = await parseBody(event, judgeEntrySchema);
 
-  const contest = await getContestBySlug(db, slug);
-  if (!contest) throw createError({ statusCode: 404, message: 'Contest not found' });
-  const judges = (contest.judges ?? []) as string[];
-  if (!judges.includes(user.id)) throw createError({ statusCode: 403, message: 'Not a judge for this contest' });
+  const result = await judgeContestEntry(db, input.entryId, input.score, user.id, input.feedback);
+  if (!result.judged) {
+    throw createError({ statusCode: 403, message: result.error ?? 'Judging failed' });
+  }
 
-  await judgeContestEntry(db, input.entryId, input.score, user.id, input.feedback);
   return { success: true };
 });

package/server/api/contests/[slug]/judges/[userId].delete.ts

@@ -0,0 +1,26 @@
+import { getContestBySlug, removeContestJudge } from '@commonpub/server';
+
+/**
+ * DELETE /api/contests/:slug/judges/:userId
+ * Remove a judge from a contest (contest owner or admin only).
+ */
+export default defineEventHandler(async (event) => {
+  requireFeature('contests');
+  const user = requireAuth(event);
+  const db = useDB();
+  const slug = getRouterParam(event, 'slug');
+  const targetUserId = getRouterParam(event, 'userId');
+  if (!slug || !targetUserId) throw createError({ statusCode: 400, statusMessage: 'Missing parameters' });
+
+  const contest = await getContestBySlug(db, slug);
+  if (!contest) throw createError({ statusCode: 404, statusMessage: 'Contest not found' });
+
+  if (contest.createdById !== user.id && user.role !== 'admin') {
+    throw createError({ statusCode: 403, statusMessage: 'Only contest owner or admin can manage judges' });
+  }
+
+  const removed = await removeContestJudge(db, contest.id, targetUserId);
+  if (!removed) throw createError({ statusCode: 404, statusMessage: 'Judge not found' });
+
+  return { removed: true };
+});

package/server/api/contests/[slug]/judges/accept.post.ts

@@ -0,0 +1,21 @@
+import { getContestBySlug, acceptJudgeInvite } from '@commonpub/server';
+
+/**
+ * POST /api/contests/:slug/judges/accept
+ * Accept a judge invitation (authenticated user).
+ */
+export default defineEventHandler(async (event) => {
+  requireFeature('contests');
+  const user = requireAuth(event);
+  const db = useDB();
+  const slug = getRouterParam(event, 'slug');
+  if (!slug) throw createError({ statusCode: 400, statusMessage: 'Missing slug' });
+
+  const contest = await getContestBySlug(db, slug);
+  if (!contest) throw createError({ statusCode: 404, statusMessage: 'Contest not found' });
+
+  const accepted = await acceptJudgeInvite(db, contest.id, user.id);
+  if (!accepted) throw createError({ statusCode: 400, statusMessage: 'No pending invitation found' });
+
+  return { accepted: true };
+});

package/server/api/contests/[slug]/judges/index.get.ts

@@ -0,0 +1,17 @@
+import { getContestBySlug, listContestJudges } from '@commonpub/server';
+
+/**
+ * GET /api/contests/:slug/judges
+ * List judges for a contest.
+ */
+export default defineEventHandler(async (event) => {
+  requireFeature('contests');
+  const db = useDB();
+  const slug = getRouterParam(event, 'slug');
+  if (!slug) throw createError({ statusCode: 400, statusMessage: 'Missing slug' });
+
+  const contest = await getContestBySlug(db, slug);
+  if (!contest) throw createError({ statusCode: 404, statusMessage: 'Contest not found' });
+
+  return listContestJudges(db, contest.id);
+});

package/server/api/contests/[slug]/judges/index.post.ts

@@ -0,0 +1,36 @@
+import { getContestBySlug, addContestJudge } from '@commonpub/server';
+import type { JudgeRole } from '@commonpub/server';
+import { z } from 'zod';
+
+const addJudgeSchema = z.object({
+  userId: z.string().uuid(),
+  role: z.enum(['lead', 'judge', 'guest']).optional(),
+});
+
+/**
+ * POST /api/contests/:slug/judges
+ * Add a judge to a contest (contest owner or admin only).
+ */
+export default defineEventHandler(async (event) => {
+  requireFeature('contests');
+  const user = requireAuth(event);
+  const db = useDB();
+  const slug = getRouterParam(event, 'slug');
+  if (!slug) throw createError({ statusCode: 400, statusMessage: 'Missing slug' });
+
+  const contest = await getContestBySlug(db, slug);
+  if (!contest) throw createError({ statusCode: 404, statusMessage: 'Contest not found' });
+
+  if (contest.createdById !== user.id && user.role !== 'admin') {
+    throw createError({ statusCode: 403, statusMessage: 'Only contest owner or admin can manage judges' });
+  }
+
+  const body = await parseBody(event, addJudgeSchema);
+  const result = await addContestJudge(db, contest.id, body.userId, (body.role ?? 'judge') as JudgeRole);
+
+  if (!result.added) {
+    throw createError({ statusCode: 400, statusMessage: result.error ?? 'Failed to add judge' });
+  }
+
+  return { added: true };
+});

package/server/api/events/[slug]/attendees.get.ts

@@ -0,0 +1,23 @@
+import { getEventBySlug, listEventAttendees } from '@commonpub/server';
+import type { AttendeeStatus } from '@commonpub/server';
+
+/**
+ * GET /api/events/:slug/attendees
+ * List attendees for an event (public).
+ */
+export default defineEventHandler(async (event) => {
+  requireFeature('events');
+  const db = useDB();
+  const slug = getRouterParam(event, 'slug');
+  if (!slug) throw createError({ statusCode: 400, statusMessage: 'Missing slug' });
+
+  const existing = await getEventBySlug(db, slug);
+  if (!existing) throw createError({ statusCode: 404, statusMessage: 'Event not found' });
+
+  const query = getQuery(event);
+  return listEventAttendees(db, existing.id, {
+    status: (query.status as AttendeeStatus) || undefined,
+    limit: query.limit ? Number(query.limit) : undefined,
+    offset: query.offset ? Number(query.offset) : undefined,
+  });
+});

package/server/api/events/[slug]/rsvp.delete.ts

@@ -0,0 +1,23 @@
+import { getEventBySlug, cancelRsvp } from '@commonpub/server';
+
+/**
+ * DELETE /api/events/:slug/rsvp
+ * Cancel RSVP for an event (authenticated).
+ */
+export default defineEventHandler(async (event) => {
+  requireFeature('events');
+  const user = requireAuth(event);
+  const db = useDB();
+  const slug = getRouterParam(event, 'slug');
+  if (!slug) throw createError({ statusCode: 400, statusMessage: 'Missing slug' });
+
+  const existing = await getEventBySlug(db, slug);
+  if (!existing) throw createError({ statusCode: 404, statusMessage: 'Event not found' });
+
+  const cancelled = await cancelRsvp(db, existing.id, user.id);
+  if (!cancelled) {
+    throw createError({ statusCode: 400, statusMessage: 'No RSVP found' });
+  }
+
+  return { cancelled: true };
+});

package/server/api/events/[slug]/rsvp.post.ts

@@ -0,0 +1,23 @@
+import { getEventBySlug, rsvpEvent } from '@commonpub/server';
+
+/**
+ * POST /api/events/:slug/rsvp
+ * RSVP to an event (authenticated).
+ */
+export default defineEventHandler(async (event) => {
+  requireFeature('events');
+  const user = requireAuth(event);
+  const db = useDB();
+  const slug = getRouterParam(event, 'slug');
+  if (!slug) throw createError({ statusCode: 400, statusMessage: 'Missing slug' });
+
+  const existing = await getEventBySlug(db, slug);
+  if (!existing) throw createError({ statusCode: 404, statusMessage: 'Event not found' });
+
+  const result = await rsvpEvent(db, existing.id, user.id);
+  if (!result.success) {
+    throw createError({ statusCode: 400, statusMessage: result.error ?? 'RSVP failed' });
+  }
+
+  return { status: result.status };
+});

package/server/api/events/[slug].delete.ts

@@ -0,0 +1,22 @@
+import { deleteEvent, getEventBySlug } from '@commonpub/server';
+
+/**
+ * DELETE /api/events/:slug
+ * Delete an event (owner or admin).
+ */
+export default defineEventHandler(async (event) => {
+  requireFeature('events');
+  const user = requireAuth(event);
+  const db = useDB();
+  const slug = getRouterParam(event, 'slug');
+  if (!slug) throw createError({ statusCode: 400, statusMessage: 'Missing slug' });
+
+  const existing = await getEventBySlug(db, slug);
+  if (!existing) throw createError({ statusCode: 404, statusMessage: 'Event not found' });
+
+  const isAdmin = user.role === 'admin';
+  const deleted = await deleteEvent(db, existing.id, user.id, isAdmin);
+  if (!deleted) throw createError({ statusCode: 403, statusMessage: 'Unauthorized' });
+
+  return { deleted: true };
+});

package/server/api/events/[slug].get.ts

@@ -0,0 +1,17 @@
+import { getEventBySlug } from '@commonpub/server';
+
+/**
+ * GET /api/events/:slug
+ * Get event details by slug (public).
+ */
+export default defineEventHandler(async (event) => {
+  requireFeature('events');
+  const db = useDB();
+  const slug = getRouterParam(event, 'slug');
+  if (!slug) throw createError({ statusCode: 400, statusMessage: 'Missing slug' });
+
+  const result = await getEventBySlug(db, slug);
+  if (!result) throw createError({ statusCode: 404, statusMessage: 'Event not found' });
+
+  return result;
+});

package/server/api/events/[slug].put.ts

@@ -0,0 +1,38 @@
+import { updateEvent } from '@commonpub/server';
+import { z } from 'zod';
+
+const updateEventSchema = z.object({
+  title: z.string().min(1).max(255).optional(),
+  description: z.string().max(10000).optional(),
+  coverImage: z.string().max(500).optional(),
+  eventType: z.enum(['in-person', 'online', 'hybrid']).optional(),
+  status: z.enum(['draft', 'published', 'active', 'completed', 'cancelled']).optional(),
+  startDate: z.string().datetime().optional(),
+  endDate: z.string().datetime().optional(),
+  timezone: z.string().max(64).optional(),
+  location: z.string().max(500).optional(),
+  locationUrl: z.string().url().max(500).optional(),
+  onlineUrl: z.string().url().max(500).optional(),
+  capacity: z.number().int().min(1).max(100000).optional(),
+  isFeatured: z.boolean().optional(),
+});
+
+/**
+ * PUT /api/events/:slug
+ * Update an event (owner or admin).
+ */
+export default defineEventHandler(async (event) => {
+  requireFeature('events');
+  const user = requireAuth(event);
+  const db = useDB();
+  const slug = getRouterParam(event, 'slug');
+  if (!slug) throw createError({ statusCode: 400, statusMessage: 'Missing slug' });
+
+  const body = await parseBody(event, updateEventSchema);
+  const isAdmin = user.role === 'admin';
+
+  const result = await updateEvent(db, slug, user.id, body, isAdmin);
+  if (!result) throw createError({ statusCode: 404, statusMessage: 'Event not found or unauthorized' });
+
+  return result;
+});

package/server/api/events/index.get.ts

@@ -0,0 +1,21 @@
+import { listEvents } from '@commonpub/server';
+import type { EventStatus } from '@commonpub/server';
+
+/**
+ * GET /api/events
+ * List published/active events (public).
+ */
+export default defineEventHandler(async (event) => {
+  requireFeature('events');
+  const db = useDB();
+  const query = getQuery(event);
+
+  return listEvents(db, {
+    status: (query.status as EventStatus) || undefined,
+    hubId: (query.hubId as string) || undefined,
+    upcoming: query.upcoming === 'true',
+    featured: query.featured === 'true',
+    limit: query.limit ? Number(query.limit) : undefined,
+    offset: query.offset ? Number(query.offset) : undefined,
+  });
+});

package/server/api/events/index.post.ts

@@ -0,0 +1,40 @@
+import { createEvent } from '@commonpub/server';
+import { generateSlug } from '@commonpub/server';
+import { z } from 'zod';
+
+const createEventSchema = z.object({
+  title: z.string().min(1).max(255),
+  description: z.string().max(10000).optional(),
+  coverImage: z.string().max(500).optional(),
+  eventType: z.enum(['in-person', 'online', 'hybrid']).optional(),
+  startDate: z.string().datetime(),
+  endDate: z.string().datetime(),
+  timezone: z.string().max(64).optional(),
+  location: z.string().max(500).optional(),
+  locationUrl: z.string().url().max(500).optional(),
+  onlineUrl: z.string().url().max(500).optional(),
+  capacity: z.number().int().min(1).max(100000).optional(),
+  hubId: z.string().uuid().optional(),
+}).refine(d => new Date(d.endDate) > new Date(d.startDate), {
+  message: 'End date must be after start date',
+  path: ['endDate'],
+});
+
+/**
+ * POST /api/events
+ * Create a new event (authenticated).
+ */
+export default defineEventHandler(async (event) => {
+  requireFeature('events');
+  const user = requireAuth(event);
+  const db = useDB();
+  const body = await parseBody(event, createEventSchema);
+
+  const slug = generateSlug(body.title);
+
+  return createEvent(db, {
+    ...body,
+    slug,
+    createdBy: user.id,
+  });
+});

package/server/api/hubs/[slug]/posts/[postId]/poll-options.get.ts

@@ -0,0 +1,18 @@
+import { getPollOptions, getUserPollVote } from '@commonpub/server';
+
+/**
+ * GET /api/hubs/:slug/posts/:postId/poll-options
+ * Get poll options and the user's vote (if authenticated).
+ */
+export default defineEventHandler(async (event) => {
+  requireFeature('hubs');
+  const db = useDB();
+  const postId = getRouterParam(event, 'postId');
+  if (!postId) throw createError({ statusCode: 400, statusMessage: 'Missing postId' });
+
+  const options = await getPollOptions(db, postId);
+  const user = getOptionalUser(event);
+  const userVote = user ? await getUserPollVote(db, postId, user.id) : null;
+
+  return { options, userVote };
+});

package/server/api/hubs/[slug]/posts/[postId]/poll-vote.post.ts

@@ -0,0 +1,27 @@
+import { voteOnPoll } from '@commonpub/server';
+import { z } from 'zod';
+
+const pollVoteSchema = z.object({
+  optionId: z.string().uuid(),
+});
+
+/**
+ * POST /api/hubs/:slug/posts/:postId/poll-vote
+ * Vote on a poll option.
+ */
+export default defineEventHandler(async (event) => {
+  requireFeature('hubs');
+  const user = requireAuth(event);
+  const db = useDB();
+  const postId = getRouterParam(event, 'postId');
+  if (!postId) throw createError({ statusCode: 400, statusMessage: 'Missing postId' });
+
+  const body = await parseBody(event, pollVoteSchema);
+  const result = await voteOnPoll(db, postId, body.optionId, user.id);
+
+  if (!result.voted) {
+    throw createError({ statusCode: 400, statusMessage: result.error ?? 'Vote failed' });
+  }
+
+  return { voted: true };
+});

package/server/api/hubs/[slug]/posts/[postId]/vote.post.ts

@@ -0,0 +1,21 @@
+import { voteOnPost } from '@commonpub/server';
+import { z } from 'zod';
+
+const voteSchema = z.object({
+  direction: z.enum(['up', 'down']),
+});
+
+/**
+ * POST /api/hubs/:slug/posts/:postId/vote
+ * Upvote or downvote a hub post. Toggles off if same direction, flips if different.
+ */
+export default defineEventHandler(async (event) => {
+  requireFeature('hubs');
+  const user = requireAuth(event);
+  const db = useDB();
+  const postId = getRouterParam(event, 'postId');
+  if (!postId) throw createError({ statusCode: 400, statusMessage: 'Missing postId' });
+
+  const body = await parseBody(event, voteSchema);
+  return voteOnPost(db, postId, user.id, body.direction);
+});

package/server/api/navigation/items.get.ts

@@ -0,0 +1,10 @@
+import { getNavItems } from '@commonpub/server';
+
+/**
+ * GET /api/navigation/items
+ * Returns the navigation item configuration (public).
+ */
+export default defineEventHandler(async () => {
+  const db = useDB();
+  return getNavItems(db);
+});

package/server/middleware/features.ts

@@ -7,6 +7,7 @@ const ROUTE_FEATURE_MAP: Record<string, string> = {
   '/videos': 'video',
   '/admin': 'admin',
   '/contests': 'contests',
+  '/events': 'events',
   '/explainer': 'explainers',
 };