@crowi/api 2.0.0-alpha.0

package/dist/mcp/tools/page.js

@@ -0,0 +1,256 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.pageTools = void 0;
+/**
+ * RFC-0011 §8 — page tool catalog (read 7 + write 5).
+ *
+ * Each tool is a data-driven `ToolDescriptor`: its `schema` reuses the
+ * `@crowi/api-contract` Zod schema's `.shape` for boundary validation
+ * (RFC-0011 §6), `method` + `path` name the in-process route it
+ * dispatches to (bare path, no `/api/v2`), and `resultMapper` turns the
+ * route's JSON envelope into an MCP tool result (RFC-0011 §9).
+ *
+ * Schema notes (architecturalNotes "ズレ表"):
+ *  - `crowi_get_page_history` dispatches to `/pages/{page_id}/revisions`.
+ *    `ListRevisionsRequestSchema` only carries `{ limit, offset }`, so we
+ *    compose a `page_id` field into the tool schema; the server splices
+ *    it into the path and the rest becomes the query.
+ *  - `crowi_get_revision` dispatches to `/pages/revisions/{id}`. The
+ *    route has no named request schema (only the `id` path param), so the
+ *    tool defines a thin `{ id }` shape locally.
+ *  - `crowi_delete_page` / `crowi_revert_page` reuse the body schemas that
+ *    `contracts/page.ts` keeps local (not exported from `schemas/`). To
+ *    avoid widening the contract surface (which would force an
+ *    api-contract rebuild + OpenAPI regen), the MCP layer defines the same
+ *    shapes here rather than exporting them — they are a thin, stable
+ *    `{ page_id, … }`.
+ *  - `crowi_update_page`: `UpdatePageRequestSchema.revision_id` is
+ *    optional in the contract; the optimistic-lock 409 is enforced by the
+ *    handler. The tool description strongly requires it (fetch → update),
+ *    but the schema is left as-is (not forced required) so the contract is
+ *    the single source of truth and a model that omits it gets the
+ *    handler's 409 rather than a divergent MCP-only validation error.
+ */
+const api_contract_1 = require("@crowi/api-contract");
+const zod_1 = require("zod");
+const result_1 = require("../result");
+// --- local shapes for routes without an exported named request schema ---
+/** `crowi_get_page_history` — `page_id` (path) + list query. */
+const GetPageHistoryShape = {
+    page_id: zod_1.z.string().describe('The page id whose revision history to list.'),
+    ...api_contract_1.ListRevisionsRequestSchema.shape,
+};
+/** `crowi_get_revision` — single revision by id (the route's `{id}` param). */
+const GetRevisionShape = {
+    id: zod_1.z.string().describe('The revision id to fetch (the `revision._id`).'),
+};
+/** `crowi_delete_page` — same shape as `contracts/page.ts` DeletePageRequestSchema. */
+const DeletePageShape = {
+    page_id: zod_1.z.string().describe('The page id to delete.'),
+    revision_id: zod_1.z
+        .string()
+        .optional()
+        .describe('Latest known revision id for optimistic-lock; recommended to avoid deleting a page edited since you last read it.'),
+    completely: zod_1.z.boolean().optional().describe('When true, hard-delete (skip trash). Defaults to a soft delete into /trash.'),
+};
+/** `crowi_revert_page` — restore a soft-deleted page from trash. */
+const RevertPageShape = {
+    page_id: zod_1.z.string().describe('The id of the soft-deleted (trash) page to restore.'),
+};
+/** Pull the revision body + structured meta from a `{ page }` envelope. */
+const mapPageResult = (body) => {
+    const page = body.page ?? {};
+    const revision = page.revision ?? {};
+    const text = typeof revision.body === 'string' ? revision.body : JSON.stringify(page, null, 2);
+    return (0, result_1.okResult)(text, {
+        path: page.path,
+        page_id: page._id,
+        revision_id: revision._id,
+        grant: page.grant,
+        updatedAt: page.updatedAt,
+    });
+};
+/** `{ revision }` single revision body. */
+const mapRevisionResult = (body) => {
+    const revision = body.revision ?? {};
+    const text = typeof revision.body === 'string' ? revision.body : JSON.stringify(revision, null, 2);
+    return (0, result_1.okResult)(text, { revision_id: revision._id, path: revision.path, createdAt: revision.createdAt });
+};
+/**
+ * Build a list result mapper: extract `field` from the envelope, render a
+ * compact `count noun(s):` text summary (one `formatLine` per item, or
+ * `empty` when none), and echo the full array plus any `extra` structured
+ * fields. All the `{ pages } / { children } / { revisions } / …` listings
+ * share this shape (RFC-0011 §9), so each is one config row, not a copy.
+ */
+const listMapper = (opts) => (body) => {
+    const env = body ?? {};
+    const items = env[opts.field] ?? [];
+    const lines = items.map(opts.formatLine);
+    const text = items.length ? `${items.length} ${opts.noun}(s):\n${lines.join('\n')}` : opts.empty;
+    return (0, result_1.okResult)(text, { [opts.field]: items, ...(opts.extra?.(env) ?? {}) });
+};
+/** Compact `path` list + full array for `{ pages }` listings. */
+const mapPageListResult = listMapper({
+    field: 'pages',
+    noun: 'page',
+    empty: 'No pages found.',
+    formatLine: (p) => `- ${String(p.path)}`,
+    extra: (env) => ({ pager: env.pager }),
+});
+/** `{ children }` segment list. */
+const mapChildrenResult = listMapper({
+    field: 'children',
+    noun: 'child segment',
+    empty: 'No child pages.',
+    formatLine: (c) => `- ${String(c.path)}${c.isPage ? '' : ' (directory)'}`,
+});
+/** `{ revisions, pager }` history. */
+const mapRevisionListResult = listMapper({
+    field: 'revisions',
+    noun: 'revision',
+    empty: 'No revisions.',
+    formatLine: (r) => `- ${String(r._id)} @ ${String(r.createdAt)}`,
+    extra: (env) => ({ pager: env.pager }),
+});
+/** `{ backlinks, hasNext }`. */
+const mapBacklinksResult = listMapper({
+    field: 'backlinks',
+    noun: 'backlink',
+    empty: 'No backlinks.',
+    formatLine: (b) => `- ${String(b.fromPage?.path ?? b._id)}`,
+    extra: (env) => ({ hasNext: env.hasNext }),
+});
+/** `{ results }` autocomplete candidates. */
+const mapAutocompleteResult = listMapper({
+    field: 'results',
+    noun: 'suggestion',
+    empty: 'No suggestions.',
+    formatLine: (r) => `- ${String(r.label)}`,
+});
+// --- the table -----------------------------------------------------------
+exports.pageTools = [
+    // ---------------------------------------------------------------- reads
+    {
+        name: 'crowi_get_page',
+        description: 'Read a wiki page (markdown body + metadata) by `path` or `page_id`. Returns the page body as text. Read this before updating a page so you have its current `revision_id`.',
+        method: 'GET',
+        path: '/pages',
+        schema: api_contract_1.GetPageRequestSchema.shape,
+        kind: 'query',
+        scope: 'pages:read',
+        resultMapper: mapPageResult,
+    },
+    {
+        name: 'crowi_list_pages',
+        description: 'List wiki pages under a `path` or created by a `user`, paginated. Returns page paths and metadata, not bodies.',
+        method: 'GET',
+        path: '/pages/list',
+        schema: api_contract_1.ListPagesRequestSchema.shape,
+        kind: 'query',
+        scope: 'pages:read',
+        resultMapper: mapPageListResult,
+    },
+    {
+        name: 'crowi_list_child_pages',
+        description: 'List the immediate child segments directly under a portal `path` (sidebar/tree navigation). Use `/` to list the top-level segments.',
+        method: 'GET',
+        path: '/pages/children',
+        schema: api_contract_1.ListPageChildrenRequestSchema.shape,
+        kind: 'query',
+        scope: 'pages:read',
+        resultMapper: mapChildrenResult,
+    },
+    {
+        name: 'crowi_get_page_history',
+        description: "List a page's revision history (newest first), metadata only. Pass `page_id`; use `crowi_get_revision` to fetch a specific revision's body.",
+        method: 'GET',
+        path: '/pages/{page_id}/revisions',
+        schema: GetPageHistoryShape,
+        kind: 'query',
+        scope: 'pages:read',
+        resultMapper: mapRevisionListResult,
+    },
+    {
+        name: 'crowi_get_revision',
+        description: "Fetch a single revision's full markdown body by revision `id`.",
+        method: 'GET',
+        path: '/pages/revisions/{id}',
+        schema: GetRevisionShape,
+        kind: 'query',
+        scope: 'pages:read',
+        resultMapper: mapRevisionResult,
+    },
+    {
+        name: 'crowi_get_backlinks',
+        description: 'List pages that link to the given page (`page_id`), paginated.',
+        method: 'GET',
+        path: '/backlinks',
+        schema: api_contract_1.GetBacklinksRequestSchema.shape,
+        kind: 'query',
+        scope: 'pages:read',
+        resultMapper: mapBacklinksResult,
+    },
+    {
+        name: 'crowi_autocomplete_pages',
+        description: 'Suggest page paths matching a partial query `q` (path completion). Use to discover exact page paths before reading.',
+        method: 'GET',
+        path: '/pages/autocomplete',
+        schema: api_contract_1.AutocompleteRequestSchema.shape,
+        kind: 'query',
+        scope: 'pages:read',
+        resultMapper: mapAutocompleteResult,
+    },
+    // --------------------------------------------------------------- writes
+    {
+        name: 'crowi_create_page',
+        description: 'Create a new wiki page at `path` with markdown `body` (optional `grant` visibility). Fails if a page already exists at `path`. Paths are slash-separated hierarchies; date-based pages nest by slash, not hyphens — use `/parent/YYYY/MM/DD/title` (e.g. /crowi/qa/2026/06/08/mcp-server), not `/parent/2026-06-08-title`.',
+        method: 'POST',
+        path: '/pages',
+        schema: api_contract_1.CreatePageRequestSchema.shape,
+        kind: 'body',
+        scope: 'pages:write',
+        resultMapper: mapPageResult,
+    },
+    {
+        name: 'crowi_update_page',
+        description: "Update a page (`page_id`) with new markdown `body`. ALWAYS pass `revision_id` (the page's current revision, from `crowi_get_page`) for optimistic locking — a stale `revision_id` returns a 409 conflict and you must re-fetch the page and retry. The returned `revision_id` is the new one for chaining edits.",
+        method: 'PUT',
+        path: '/pages',
+        schema: api_contract_1.UpdatePageRequestSchema.shape,
+        kind: 'body',
+        scope: 'pages:write',
+        resultMapper: mapPageResult,
+    },
+    {
+        name: 'crowi_rename_page',
+        description: 'Rename/move a page (`page_id`) to `new_path`. Optionally pass `revision_id` (optimistic lock) and `create_redirect` to leave a redirect at the old path.',
+        method: 'POST',
+        path: '/pages/rename',
+        schema: api_contract_1.RenamePageRequestSchema.shape,
+        kind: 'body',
+        scope: 'pages:write',
+        resultMapper: mapPageResult,
+    },
+    {
+        name: 'crowi_delete_page',
+        description: 'Delete a page (`page_id`). By default a soft delete into /trash (recoverable via `crowi_revert_page`). Pass `completely: true` to hard-delete.',
+        method: 'DELETE',
+        path: '/pages',
+        schema: DeletePageShape,
+        kind: 'body',
+        scope: 'pages:write',
+        resultMapper: mapPageResult,
+    },
+    {
+        name: 'crowi_revert_page',
+        description: 'Restore a soft-deleted (trash) page back to its original path by `page_id`.',
+        method: 'POST',
+        path: '/pages/revert',
+        schema: RevertPageShape,
+        kind: 'body',
+        scope: 'pages:write',
+        resultMapper: mapPageResult,
+    },
+];
+//# sourceMappingURL=page.js.map

package/dist/mcp/tools/page.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"page.js","sourceRoot":"","sources":["../../../src/mcp/tools/page.ts"],"names":[],"mappings":";;;AAAA;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6BG;AACH,sDAU6B;AAC7B,6BAAwB;AAGxB,sCAAqC;AAErC,2EAA2E;AAE3E,gEAAgE;AAChE,MAAM,mBAAmB,GAAG;IAC1B,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,6CAA6C,CAAC;IAC3E,GAAG,yCAA0B,CAAC,KAAK;CACpC,CAAC;AAEF,+EAA+E;AAC/E,MAAM,gBAAgB,GAAG;IACvB,EAAE,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,gDAAgD,CAAC;CAC1E,CAAC;AAEF,uFAAuF;AACvF,MAAM,eAAe,GAAG;IACtB,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,wBAAwB,CAAC;IACtD,WAAW,EAAE,OAAC;SACX,MAAM,EAAE;SACR,QAAQ,EAAE;SACV,QAAQ,CAAC,mHAAmH,CAAC;IAChI,UAAU,EAAE,OAAC,CAAC,OAAO,EAAE,CAAC,QAAQ,EAAE,CAAC,QAAQ,CAAC,6EAA6E,CAAC;CAC3H,CAAC;AAEF,oEAAoE;AACpE,MAAM,eAAe,GAAG;IACtB,OAAO,EAAE,OAAC,CAAC,MAAM,EAAE,CAAC,QAAQ,CAAC,qDAAqD,CAAC;CACpF,CAAC;AAMF,2EAA2E;AAC3E,MAAM,aAAa,GAAG,CAAC,IAAa,EAAE,EAAE;IACtC,MAAM,IAAI,GAAI,IAAwB,CAAC,IAAI,IAAI,EAAE,CAAC;IAClD,MAAM,QAAQ,GAAI,IAAI,CAAC,QAA6B,IAAI,EAAE,CAAC;IAC3D,MAAM,IAAI,GAAG,OAAO,QAAQ,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IAC/F,OAAO,IAAA,iBAAQ,EAAC,IAAI,EAAE;QACpB,IAAI,EAAE,IAAI,CAAC,IAAI;QACf,OAAO,EAAE,IAAI,CAAC,GAAG;QACjB,WAAW,EAAE,QAAQ,CAAC,GAAG;QACzB,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,SAAS,EAAE,IAAI,CAAC,SAAS;KAC1B,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,2CAA2C;AAC3C,MAAM,iBAAiB,GAAG,CAAC,IAAa,EAAE,EAAE;IAC1C,MAAM,QAAQ,GAAI,IAA4B,CAAC,QAAQ,IAAI,EAAE,CAAC;IAC9D,MAAM,IAAI,GAAG,OAAO,QAAQ,CAAC,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,EAAE,IAAI,EAAE,CAAC,CAAC,CAAC;IACnG,OAAO,IAAA,iBAAQ,EAAC,IAAI,EAAE,EAAE,WAAW,EAAE,QAAQ,CAAC,GAAG,EAAE,IAAI,EAAE,QAAQ,CAAC,IAAI,EAAE,SAAS,EAAE,QAAQ,CAAC,SAAS,EAAE,CAAC,CAAC;AAC3G,CAAC,CAAC;AAEF;;;;;;GAMG;AACH,MAAM,UAAU,GACd,CAAC,IAAqH,EAAE,EAAE,CAAC,CAAC,IAAa,EAAE,EAAE;IAC3I,MAAM,GAAG,GAAI,IAAa,IAAI,EAAE,CAAC;IACjC,MAAM,KAAK,GAAI,GAAG,CAAC,IAAI,CAAC,KAAK,CAA6B,IAAI,EAAE,CAAC;IACjE,MAAM,KAAK,GAAG,KAAK,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACzC,MAAM,IAAI,GAAG,KAAK,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,KAAK,CAAC,MAAM,IAAI,IAAI,CAAC,IAAI,SAAS,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC;IACjG,OAAO,IAAA,iBAAQ,EAAC,IAAI,EAAE,EAAE,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,IAAI,CAAC,KAAK,EAAE,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;AAC/E,CAAC,CAAC;AAEJ,iEAAiE;AACjE,MAAM,iBAAiB,GAAG,UAAU,CAAC;IACnC,KAAK,EAAE,OAAO;IACd,IAAI,EAAE,MAAM;IACZ,KAAK,EAAE,iBAAiB;IACxB,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,EAAE;IACxC,KAAK,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC;CACvC,CAAC,CAAC;AAEH,mCAAmC;AACnC,MAAM,iBAAiB,GAAG,UAAU,CAAC;IACnC,KAAK,EAAE,UAAU;IACjB,IAAI,EAAE,eAAe;IACrB,KAAK,EAAE,iBAAiB;IACxB,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,MAAM,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,cAAc,EAAE;CAC1E,CAAC,CAAC;AAEH,sCAAsC;AACtC,MAAM,qBAAqB,GAAG,UAAU,CAAC;IACvC,KAAK,EAAE,WAAW;IAClB,IAAI,EAAE,UAAU;IAChB,KAAK,EAAE,eAAe;IACtB,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,MAAM,MAAM,CAAC,CAAC,CAAC,SAAS,CAAC,EAAE;IAChE,KAAK,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,KAAK,EAAE,CAAC;CACvC,CAAC,CAAC;AAEH,gCAAgC;AAChC,MAAM,kBAAkB,GAAG,UAAU,CAAC;IACpC,KAAK,EAAE,WAAW;IAClB,IAAI,EAAE,UAAU;IAChB,KAAK,EAAE,eAAe;IACtB,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,MAAM,CAAE,CAAC,CAAC,QAA6B,EAAE,IAAI,IAAI,CAAC,CAAC,GAAG,CAAC,EAAE;IACjF,KAAK,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC,EAAE,OAAO,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC;CAC3C,CAAC,CAAC;AAEH,6CAA6C;AAC7C,MAAM,qBAAqB,GAAG,UAAU,CAAC;IACvC,KAAK,EAAE,SAAS;IAChB,IAAI,EAAE,YAAY;IAClB,KAAK,EAAE,iBAAiB;IACxB,UAAU,EAAE,CAAC,CAAC,EAAE,EAAE,CAAC,KAAK,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,EAAE;CAC1C,CAAC,CAAC;AAEH,4EAA4E;AAE/D,QAAA,SAAS,GAAqB;IACzC,yEAAyE;IACzE;QACE,IAAI,EAAE,gBAAgB;QACtB,WAAW,EACT,4KAA4K;QAC9K,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,QAAQ;QACd,MAAM,EAAE,mCAAoB,CAAC,KAAK;QAClC,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,YAAY;QACnB,YAAY,EAAE,aAAa;KAC5B;IACD;QACE,IAAI,EAAE,kBAAkB;QACxB,WAAW,EAAE,gHAAgH;QAC7H,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,aAAa;QACnB,MAAM,EAAE,qCAAsB,CAAC,KAAK;QACpC,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,YAAY;QACnB,YAAY,EAAE,iBAAiB;KAChC;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,qIAAqI;QAClJ,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,iBAAiB;QACvB,MAAM,EAAE,4CAA6B,CAAC,KAAK;QAC3C,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,YAAY;QACnB,YAAY,EAAE,iBAAiB;KAChC;IACD;QACE,IAAI,EAAE,wBAAwB;QAC9B,WAAW,EAAE,6IAA6I;QAC1J,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,4BAA4B;QAClC,MAAM,EAAE,mBAAmB;QAC3B,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,YAAY;QACnB,YAAY,EAAE,qBAAqB;KACpC;IACD;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EAAE,gEAAgE;QAC7E,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,uBAAuB;QAC7B,MAAM,EAAE,gBAAgB;QACxB,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,YAAY;QACnB,YAAY,EAAE,iBAAiB;KAChC;IACD;QACE,IAAI,EAAE,qBAAqB;QAC3B,WAAW,EAAE,gEAAgE;QAC7E,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,YAAY;QAClB,MAAM,EAAE,wCAAyB,CAAC,KAAK;QACvC,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,YAAY;QACnB,YAAY,EAAE,kBAAkB;KACjC;IACD;QACE,IAAI,EAAE,0BAA0B;QAChC,WAAW,EAAE,qHAAqH;QAClI,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,qBAAqB;QAC3B,MAAM,EAAE,wCAAyB,CAAC,KAAK;QACvC,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,YAAY;QACnB,YAAY,EAAE,qBAAqB;KACpC;IACD,yEAAyE;IACzE;QACE,IAAI,EAAE,mBAAmB;QACzB,WAAW,EACT,4TAA4T;QAC9T,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,QAAQ;QACd,MAAM,EAAE,sCAAuB,CAAC,KAAK;QACrC,IAAI,EAAE,MAAM;QACZ,KAAK,EAAE,aAAa;QACpB,YAAY,EAAE,aAAa;KAC5B;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,WAAW,EACT,kTAAkT;QACpT,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,QAAQ;QACd,MAAM,EAAE,sCAAuB,CAAC,KAAK;QACrC,IAAI,EAAE,MAAM;QACZ,KAAK,EAAE,aAAa;QACpB,YAAY,EAAE,aAAa;KAC5B;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,WAAW,EACT,0JAA0J;QAC5J,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,eAAe;QACrB,MAAM,EAAE,sCAAuB,CAAC,KAAK;QACrC,IAAI,EAAE,MAAM;QACZ,KAAK,EAAE,aAAa;QACpB,YAAY,EAAE,aAAa;KAC5B;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,WAAW,EACT,gJAAgJ;QAClJ,MAAM,EAAE,QAAQ;QAChB,IAAI,EAAE,QAAQ;QACd,MAAM,EAAE,eAAe;QACvB,IAAI,EAAE,MAAM;QACZ,KAAK,EAAE,aAAa;QACpB,YAAY,EAAE,aAAa;KAC5B;IACD;QACE,IAAI,EAAE,mBAAmB;QACzB,WAAW,EAAE,6EAA6E;QAC1F,MAAM,EAAE,MAAM;QACd,IAAI,EAAE,eAAe;QACrB,MAAM,EAAE,eAAe;QACvB,IAAI,EAAE,MAAM;QACZ,KAAK,EAAE,aAAa;QACpB,YAAY,EAAE,aAAa;KAC5B;CACF,CAAC"}

package/dist/mcp/tools/search.d.ts

@@ -0,0 +1,2 @@
+import type { ToolDescriptor } from '../server';
+export declare const searchTools: ToolDescriptor[];

package/dist/mcp/tools/search.js

@@ -0,0 +1,36 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.searchTools = void 0;
+/**
+ * RFC-0011 §8 — search tool catalog.
+ *
+ * `crowi_search_pages` dispatches to `GET /search` and returns a compact
+ * `path — snippet` summary as text plus the full hit array as
+ * `structuredContent` (RFC-0011 §9).
+ */
+const api_contract_1 = require("@crowi/api-contract");
+const result_1 = require("../result");
+const mapSearchResult = (body) => {
+    const env = body;
+    const data = env.data ?? [];
+    const lines = data.map((hit) => {
+        const snippet = typeof hit.snippet === 'string' ? ` — ${hit.snippet.replace(/\s+/g, ' ').trim()}` : '';
+        return `- ${String(hit.path)}${snippet}`;
+    });
+    const total = env.meta?.total ?? data.length;
+    const text = data.length ? `${total} match(es) (showing ${data.length}):\n${lines.join('\n')}` : 'No matching pages.';
+    return (0, result_1.okResult)(text, { data, meta: env.meta });
+};
+exports.searchTools = [
+    {
+        name: 'crowi_search_pages',
+        description: 'Full-text search the wiki for pages matching `q`. Optionally scope with `tree` (path prefix) or `type` (portal/public/user). Returns matching page paths with snippets.',
+        method: 'GET',
+        path: '/search',
+        schema: api_contract_1.SearchPagesRequestSchema.shape,
+        kind: 'query',
+        scope: 'pages:read',
+        resultMapper: mapSearchResult,
+    },
+];
+//# sourceMappingURL=search.js.map

package/dist/mcp/tools/search.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"search.js","sourceRoot":"","sources":["../../../src/mcp/tools/search.ts"],"names":[],"mappings":";;;AAAA;;;;;;GAMG;AACH,sDAA+D;AAG/D,sCAAqC;AAIrC,MAAM,eAAe,GAAG,CAAC,IAAa,EAAE,EAAE;IACxC,MAAM,GAAG,GAAG,IAA2C,CAAC;IACxD,MAAM,IAAI,GAAG,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC;IAC5B,MAAM,KAAK,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE;QAC7B,MAAM,OAAO,GAAG,OAAO,GAAG,CAAC,OAAO,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,GAAG,CAAC,OAAO,CAAC,OAAO,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,CAAC;QACvG,OAAO,KAAK,MAAM,CAAC,GAAG,CAAC,IAAI,CAAC,GAAG,OAAO,EAAE,CAAC;IAC3C,CAAC,CAAC,CAAC;IACH,MAAM,KAAK,GAAI,GAAG,CAAC,IAAuC,EAAE,KAAK,IAAI,IAAI,CAAC,MAAM,CAAC;IACjF,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,CAAC,CAAC,GAAG,KAAK,uBAAuB,IAAI,CAAC,MAAM,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC,CAAC,oBAAoB,CAAC;IACtH,OAAO,IAAA,iBAAQ,EAAC,IAAI,EAAE,EAAE,IAAI,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,CAAC,CAAC;AAClD,CAAC,CAAC;AAEW,QAAA,WAAW,GAAqB;IAC3C;QACE,IAAI,EAAE,oBAAoB;QAC1B,WAAW,EACT,yKAAyK;QAC3K,MAAM,EAAE,KAAK;QACb,IAAI,EAAE,SAAS;QACf,MAAM,EAAE,uCAAwB,CAAC,KAAK;QACtC,IAAI,EAAE,OAAO;QACb,KAAK,EAAE,YAAY;QACnB,YAAY,EAAE,eAAe;KAC9B;CACF,CAAC"}

package/dist/middlewares/accessTokenParser.d.ts

@@ -0,0 +1,4 @@
+import { Express, Request, Response, NextFunction } from 'express';
+import Crowi from '../crowi';
+declare const _default: (crowi: Crowi, app: Express) => (req: Request, res: Response, next: NextFunction) => void;
+export default _default;

package/dist/middlewares/accessTokenParser.js

@@ -0,0 +1,29 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const debug_1 = __importDefault(require("debug"));
+const accessTokenParser_1 = require("../util/accessTokenParser");
+const debug = (0, debug_1.default)('crowi:middlewares:accessTokenParser');
+exports.default = (crowi, app) => {
+    return (req, res, next) => {
+        const accessToken = (0, accessTokenParser_1.parseAccessToken)(req);
+        if (!accessToken) {
+            return next();
+        }
+        const User = crowi.model('User');
+        debug('accessToken is', accessToken);
+        User.findUserByApiToken(accessToken)
+            .then(function (userData) {
+            req.user = userData;
+            req.skipCsrfVerify = true;
+            debug('Access token parsed: skipCsrfVerify');
+            next();
+        })
+            .catch(function (err) {
+            next();
+        });
+    };
+};
+//# sourceMappingURL=accessTokenParser.js.map

package/dist/middlewares/accessTokenParser.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"accessTokenParser.js","sourceRoot":"","sources":["../../src/middlewares/accessTokenParser.ts"],"names":[],"mappings":";;;;;AAEA,kDAA0B;AAC1B,kEAA8D;AAE9D,MAAM,KAAK,GAAG,IAAA,eAAK,EAAC,qCAAqC,CAAC,CAAC;AAE3D,kBAAe,CAAC,KAAY,EAAE,GAAY,EAAE,EAAE;IAC5C,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;QACzD,MAAM,WAAW,GAAG,IAAA,oCAAgB,EAAC,GAAG,CAAC,CAAC;QAC1C,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QAED,MAAM,IAAI,GAAG,KAAK,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAEjC,KAAK,CAAC,gBAAgB,EAAE,WAAW,CAAC,CAAC;QACrC,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC;aACjC,IAAI,CAAC,UAAU,QAAQ;YACtB,GAAG,CAAC,IAAI,GAAG,QAAQ,CAAC;YACpB,GAAG,CAAC,cAAc,GAAG,IAAI,CAAC;YAC1B,KAAK,CAAC,qCAAqC,CAAC,CAAC;YAE7C,IAAI,EAAE,CAAC;QACT,CAAC,CAAC;aACD,KAAK,CAAC,UAAU,GAAG;YAClB,IAAI,EAAE,CAAC;QACT,CAAC,CAAC,CAAC;IACP,CAAC,CAAC;AACJ,CAAC,CAAC"}

package/dist/middlewares/adminRequired.d.ts

@@ -0,0 +1,10 @@
+import { Request, Response } from 'express';
+/**
+ * Express middleware that checks the current request user has admin permission.
+ * Returns JSON error responses (401 / 403) with `redirectTo` field for client compatibility.
+ *
+ * Pair with `LoginRequired` upstream when the legacy app needs full session checks;
+ * this middleware only verifies presence of `req.user` and the admin flag.
+ */
+declare const _default: () => (req: Request, res: Response, next: any) => any;
+export default _default;

package/dist/middlewares/adminRequired.js

@@ -0,0 +1,35 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+/**
+ * Express middleware that checks the current request user has admin permission.
+ * Returns JSON error responses (401 / 403) with `redirectTo` field for client compatibility.
+ *
+ * Pair with `LoginRequired` upstream when the legacy app needs full session checks;
+ * this middleware only verifies presence of `req.user` and the admin flag.
+ */
+exports.default = () => {
+    return (req, res, next) => {
+        if (req.user?.admin) {
+            return next();
+        }
+        if (req.user) {
+            const errorResponse = {
+                error: {
+                    code: 'ADMIN_REQUIRED',
+                    message: 'Admin permission required',
+                    redirectTo: '/',
+                },
+            };
+            return res.status(403).json(errorResponse);
+        }
+        const errorResponse = {
+            error: {
+                code: 'AUTHENTICATION_REQUIRED',
+                message: 'Authentication is required',
+                redirectTo: '/login',
+            },
+        };
+        return res.status(401).json(errorResponse);
+    };
+};
+//# sourceMappingURL=adminRequired.js.map

package/dist/middlewares/adminRequired.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"adminRequired.js","sourceRoot":"","sources":["../../src/middlewares/adminRequired.ts"],"names":[],"mappings":";;AAOA;;;;;;GAMG;AACH,kBAAe,GAAG,EAAE;IAClB,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAI,EAAE,EAAE;QAC3C,IAAI,GAAG,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC;YACpB,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QAED,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC;YACb,MAAM,aAAa,GAAuB;gBACxC,KAAK,EAAE;oBACL,IAAI,EAAE,gBAAgB;oBACtB,OAAO,EAAE,2BAA2B;oBACpC,UAAU,EAAE,GAAG;iBAChB;aACF,CAAC;YACF,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAC7C,CAAC;QAED,MAAM,aAAa,GAAgC;YACjD,KAAK,EAAE;gBACL,IAAI,EAAE,yBAAyB;gBAC/B,OAAO,EAAE,4BAA4B;gBACrC,UAAU,EAAE,QAAQ;aACrB;SACF,CAAC;QACF,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;IAC7C,CAAC,CAAC;AACJ,CAAC,CAAC"}

package/dist/middlewares/applicationInstalled.d.ts

@@ -0,0 +1,3 @@
+import { Request, Response, NextFunction } from 'express';
+declare const _default: () => (req: Request, res: Response, next: NextFunction) => void | Response<any, Record<string, any>>;
+export default _default;

package/dist/middlewares/applicationInstalled.js

@@ -0,0 +1,20 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.default = () => {
+    return (req, res, next) => {
+        const config = req.config;
+        if (Object.keys(config.crowi).length === 1) {
+            // app:url is set by process
+            const errorResponse = {
+                error: {
+                    code: 'APPLICATION_NOT_INSTALLED',
+                    message: 'Application is not installed',
+                    redirectTo: '/installer',
+                },
+            };
+            return res.status(503).json(errorResponse);
+        }
+        return next();
+    };
+};
+//# sourceMappingURL=applicationInstalled.js.map

package/dist/middlewares/applicationInstalled.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"applicationInstalled.js","sourceRoot":"","sources":["../../src/middlewares/applicationInstalled.ts"],"names":[],"mappings":";;AAMA,kBAAe,GAAG,EAAE;IAClB,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAE,EAAE;QACzD,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;QAE1B,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3C,4BAA4B;YAC5B,MAAM,aAAa,GAAiC;gBAClD,KAAK,EAAE;oBACL,IAAI,EAAE,2BAA2B;oBACjC,OAAO,EAAE,8BAA8B;oBACvC,UAAU,EAAE,YAAY;iBACzB;aACF,CAAC;YACF,OAAO,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAC7C,CAAC;QAED,OAAO,IAAI,EAAE,CAAC;IAChB,CAAC,CAAC;AACJ,CAAC,CAAC"}

package/dist/middlewares/applicationNotInstalled.d.ts

@@ -0,0 +1,3 @@
+import { Request, Response } from 'express';
+declare const _default: () => (req: Request, res: Response, next: any) => any;
+export default _default;

package/dist/middlewares/applicationNotInstalled.js

@@ -0,0 +1,13 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.default = () => {
+    return (req, res, next) => {
+        const config = req.config;
+        if (Object.keys(config.crowi).length !== 1) {
+            req.flash('errorMessage', 'Application already installed.');
+            return res.redirect('admin'); // admin以外はadminRequiredで'/'にリダイレクトされる
+        }
+        return next();
+    };
+};
+//# sourceMappingURL=applicationNotInstalled.js.map

package/dist/middlewares/applicationNotInstalled.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"applicationNotInstalled.js","sourceRoot":"","sources":["../../src/middlewares/applicationNotInstalled.ts"],"names":[],"mappings":";;AAEA,kBAAe,GAAG,EAAE;IAClB,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAI,EAAE,EAAE;QAC3C,MAAM,MAAM,GAAG,GAAG,CAAC,MAAM,CAAC;QAE1B,IAAI,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YAC3C,GAAG,CAAC,KAAK,CAAC,cAAc,EAAE,gCAAgC,CAAC,CAAC;YAC5D,OAAO,GAAG,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC,CAAC,sCAAsC;QACtE,CAAC;QAED,OAAO,IAAI,EAAE,CAAC;IAChB,CAAC,CAAC;AACJ,CAAC,CAAC"}

package/dist/middlewares/basicAuth.d.ts

@@ -0,0 +1,4 @@
+import { Express, Request, Response } from 'express';
+import Crowi from '../crowi';
+declare const _default: (crowi: Crowi, app: Express) => (req: Request, res: Response, next: any) => any;
+export default _default;

package/dist/middlewares/basicAuth.js

@@ -0,0 +1,23 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const basic_auth_connect_1 = __importDefault(require("basic-auth-connect"));
+const accessTokenParser_1 = require("../util/accessTokenParser");
+exports.default = (crowi, app) => {
+    return (req, res, next) => {
+        const config = crowi.getConfig();
+        const accessToken = (0, accessTokenParser_1.parseAccessToken)(req);
+        if (accessToken) {
+            return next();
+        }
+        if (config.crowi['security:basicName'] && config.crowi['security:basicSecret']) {
+            return (0, basic_auth_connect_1.default)(config.crowi['security:basicName'], config.crowi['security:basicSecret'])(req, res, next);
+        }
+        else {
+            next();
+        }
+    };
+};
+//# sourceMappingURL=basicAuth.js.map

package/dist/middlewares/basicAuth.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"basicAuth.js","sourceRoot":"","sources":["../../src/middlewares/basicAuth.ts"],"names":[],"mappings":";;;;;AAEA,4EAA2C;AAC3C,kEAA8D;AAE9D,kBAAe,CAAC,KAAY,EAAE,GAAY,EAAE,EAAE;IAC5C,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAI,EAAE,EAAE;QAC3C,MAAM,MAAM,GAAG,KAAK,CAAC,SAAS,EAAE,CAAC;QACjC,MAAM,WAAW,GAAG,IAAA,oCAAgB,EAAC,GAAG,CAAC,CAAC;QAC1C,IAAI,WAAW,EAAE,CAAC;YAChB,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QAED,IAAI,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,IAAI,MAAM,CAAC,KAAK,CAAC,sBAAsB,CAAC,EAAE,CAAC;YAC/E,OAAO,IAAA,4BAAS,EAAC,MAAM,CAAC,KAAK,CAAC,oBAAoB,CAAC,EAAE,MAAM,CAAC,KAAK,CAAC,sBAAsB,CAAC,CAAC,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;QAC7G,CAAC;aAAM,CAAC;YACN,IAAI,EAAE,CAAC;QACT,CAAC;IACH,CAAC,CAAC;AACJ,CAAC,CAAC"}

package/dist/middlewares/csrfVerify.d.ts

@@ -0,0 +1,4 @@
+import Crowi from '../crowi';
+import { Request, Response } from 'express';
+declare const _default: (crowi: Crowi) => (req: Request, res: Response, next: any) => any;
+export default _default;

package/dist/middlewares/csrfVerify.js

@@ -0,0 +1,24 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const debug_1 = __importDefault(require("debug"));
+const debug = (0, debug_1.default)('crowi:middlewares:csrfVerify');
+exports.default = (crowi) => {
+    return (req, res, next) => {
+        const token = req.body._csrf || req.query._csrf || null;
+        const csrfKey = (req.session && req.session.id) || 'anon';
+        debug('req.skipCsrfVerify', req.skipCsrfVerify);
+        if (req.skipCsrfVerify) {
+            debug('csrf verify skipped');
+            return next();
+        }
+        if (crowi.getTokens().verify(csrfKey, token)) {
+            return next();
+        }
+        debug('csrf verification failed. return 403', csrfKey, token);
+        return res.sendStatus(403);
+    };
+};
+//# sourceMappingURL=csrfVerify.js.map

package/dist/middlewares/csrfVerify.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"csrfVerify.js","sourceRoot":"","sources":["../../src/middlewares/csrfVerify.ts"],"names":[],"mappings":";;;;;AACA,kDAA0B;AAG1B,MAAM,KAAK,GAAG,IAAA,eAAK,EAAC,8BAA8B,CAAC,CAAC;AAEpD,kBAAe,CAAC,KAAY,EAAE,EAAE;IAC9B,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAI,EAAE,EAAE;QAC3C,MAAM,KAAK,GAAG,GAAG,CAAC,IAAI,CAAC,KAAK,IAAI,GAAG,CAAC,KAAK,CAAC,KAAK,IAAI,IAAI,CAAC;QACxD,MAAM,OAAO,GAAG,CAAC,GAAG,CAAC,OAAO,IAAI,GAAG,CAAC,OAAO,CAAC,EAAE,CAAC,IAAI,MAAM,CAAC;QAE1D,KAAK,CAAC,oBAAoB,EAAE,GAAG,CAAC,cAAc,CAAC,CAAC;QAChD,IAAI,GAAG,CAAC,cAAc,EAAE,CAAC;YACvB,KAAK,CAAC,qBAAqB,CAAC,CAAC;YAC7B,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QAED,IAAI,KAAK,CAAC,SAAS,EAAE,CAAC,MAAM,CAAC,OAAO,EAAE,KAAK,CAAC,EAAE,CAAC;YAC7C,OAAO,IAAI,EAAE,CAAC;QAChB,CAAC;QAED,KAAK,CAAC,sCAAsC,EAAE,OAAO,EAAE,KAAK,CAAC,CAAC;QAC9D,OAAO,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;IAC7B,CAAC,CAAC;AACJ,CAAC,CAAC"}

package/dist/middlewares/encodeSpace.d.ts

@@ -0,0 +1,3 @@
+import { Request, Response } from 'express';
+declare const _default: () => (req: Request, res: Response, next: any) => any;
+export default _default;

package/dist/middlewares/encodeSpace.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const path_1 = require("../util/path");
+exports.default = () => {
+    return (req, res, next) => {
+        const path = decodeURIComponent(req.originalUrl || '');
+        const encodedPath = (0, path_1.encodeSpace)(path);
+        if (path !== encodedPath) {
+            return res.redirect(encodedPath);
+        }
+        return next();
+    };
+};
+//# sourceMappingURL=encodeSpace.js.map

package/dist/middlewares/encodeSpace.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"encodeSpace.js","sourceRoot":"","sources":["../../src/middlewares/encodeSpace.ts"],"names":[],"mappings":";;AACA,wCAA4C;AAE5C,kBAAe,GAAG,EAAE;IAClB,OAAO,CAAC,GAAY,EAAE,GAAa,EAAE,IAAI,EAAE,EAAE;QAC3C,MAAM,IAAI,GAAG,kBAAkB,CAAC,GAAG,CAAC,WAAW,IAAI,EAAE,CAAC,CAAC;QACvD,MAAM,WAAW,GAAG,IAAA,kBAAW,EAAC,IAAI,CAAC,CAAC;QAEtC,IAAI,IAAI,KAAK,WAAW,EAAE,CAAC;YACzB,OAAO,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;QACnC,CAAC;QAED,OAAO,IAAI,EAAE,CAAC;IAChB,CAAC,CAAC;AACJ,CAAC,CAAC"}

package/dist/middlewares/fileAccessRightOrLoginRequired.d.ts

@@ -0,0 +1,4 @@
+import { Request, Response } from 'express';
+import Crowi from '../crowi';
+declare const _default: (crowi: Crowi) => (req: Request, res: Response, next: any) => Promise<any>;
+export default _default;

package/dist/middlewares/fileAccessRightOrLoginRequired.js

@@ -0,0 +1,29 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.default = (crowi) => {
+    return async function (req, res, next) {
+        try {
+            const Attachment = crowi.model('Attachment');
+            const Share = crowi.model('Share');
+            const attachment = await Attachment.findById(req.params.id);
+            if (!attachment) {
+                return res.sendStatus(404);
+            }
+            const { uuid, secretKeyword } = await Share.findShareByPageId(attachment.page, { status: Share.STATUS_ACTIVE });
+            const { shareIds = [], secretKeywords = {} } = req.session;
+            const isNoExistKeyword = !secretKeyword;
+            const hasCorrectKeyword = secretKeywords[uuid] === secretKeyword;
+            const isAccessedSharedPage = shareIds.includes(uuid);
+            const hasAccessRight = (isNoExistKeyword || hasCorrectKeyword) && isAccessedSharedPage;
+            if (hasAccessRight) {
+                return next();
+            }
+        }
+        catch (err) {
+            // share url not found, but its okay
+            // debug(err)
+        }
+        return crowi.middlewares.LoginRequired(req, res, next);
+    };
+};
+//# sourceMappingURL=fileAccessRightOrLoginRequired.js.map

package/dist/middlewares/fileAccessRightOrLoginRequired.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"fileAccessRightOrLoginRequired.js","sourceRoot":"","sources":["../../src/middlewares/fileAccessRightOrLoginRequired.ts"],"names":[],"mappings":";;AAGA,kBAAe,CAAC,KAAY,EAAE,EAAE;IAC9B,OAAO,KAAK,WAAW,GAAY,EAAE,GAAa,EAAE,IAAI;QACtD,IAAI,CAAC;YACH,MAAM,UAAU,GAAG,KAAK,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;YAC7C,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC;YACnC,MAAM,UAAU,GAAG,MAAM,UAAU,CAAC,QAAQ,CAAC,GAAG,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;YAC5D,IAAI,CAAC,UAAU,EAAE,CAAC;gBAChB,OAAO,GAAG,CAAC,UAAU,CAAC,GAAG,CAAC,CAAC;YAC7B,CAAC;YACD,MAAM,EAAE,IAAI,EAAE,aAAa,EAAE,GAAG,MAAM,KAAK,CAAC,iBAAiB,CAAC,UAAU,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,KAAK,CAAC,aAAa,EAAE,CAAC,CAAC;YAChH,MAAM,EAAE,QAAQ,GAAG,EAAE,EAAE,cAAc,GAAG,EAAE,EAAE,GAAG,GAAG,CAAC,OAAO,CAAC;YAC3D,MAAM,gBAAgB,GAAG,CAAC,aAAa,CAAC;YACxC,MAAM,iBAAiB,GAAG,cAAc,CAAC,IAAI,CAAC,KAAK,aAAa,CAAC;YACjE,MAAM,oBAAoB,GAAG,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;YACrD,MAAM,cAAc,GAAG,CAAC,gBAAgB,IAAI,iBAAiB,CAAC,IAAI,oBAAoB,CAAC;YACvF,IAAI,cAAc,EAAE,CAAC;gBACnB,OAAO,IAAI,EAAE,CAAC;YAChB,CAAC;QACH,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,oCAAoC;YACpC,aAAa;QACf,CAAC;QACD,OAAO,KAAK,CAAC,WAAW,CAAC,aAAa,CAAC,GAAG,EAAE,GAAG,EAAE,IAAI,CAAC,CAAC;IACzD,CAAC,CAAC;AACJ,CAAC,CAAC"}

package/dist/middlewares/index.d.ts

@@ -0,0 +1,16 @@
+import { Express } from 'express';
+import Crowi from '../crowi';
+declare const _default: (crowi: Crowi, app: Express) => {
+    AccessTokenParser: (req: import("express").Request, res: import("express").Response, next: import("express").NextFunction) => void;
+    AdminRequired: (req: import("express").Request, res: import("express").Response, next: any) => any;
+    ApplicationInstalled: (req: import("express").Request, res: import("express").Response, next: import("express").NextFunction) => void | import("express").Response<any, Record<string, any>>;
+    ApplicationNotInstalled: (req: import("express").Request, res: import("express").Response, next: any) => any;
+    BasicAuth: (req: import("express").Request, res: import("express").Response, next: any) => any;
+    CsrfVerify: (req: import("express").Request, res: import("express").Response, next: any) => any;
+    EncodeSpace: (req: import("express").Request, res: import("express").Response, next: any) => any;
+    FileAccessRightOrLoginRequired: (req: import("express").Request, res: import("express").Response, next: any) => Promise<any>;
+    JwtAuth: (req: import("express").Request, res: import("express").Response, next: import("express").NextFunction) => Promise<import("express").Response<any, Record<string, any>> | undefined>;
+    LoginChecker: (req: import("express").Request, res: import("express").Response, next: import("express").NextFunction) => void;
+    LoginRequired: (req: import("express").Request, res: import("express").Response, next: any) => Promise<any>;
+};
+export default _default;