@crowi/api 2.0.0-alpha.1 → 2.0.0-alpha.2

package/dist/hono/handlers/page.d.ts

@@ -172,6 +172,7 @@ export declare const registerPageRoutes: <E extends OpenAPIHono<CrowiHonoBinding
                     include_deleted?: unknown;
                     sort?: "path" | "createdAt" | "updatedAt" | undefined;
                     order?: "asc" | "desc" | undefined;
+                    revision_id?: string | undefined;
                 };
             };
             output: {
@@ -193,6 +194,7 @@ export declare const registerPageRoutes: <E extends OpenAPIHono<CrowiHonoBinding
                     include_deleted?: unknown;
                     sort?: "path" | "createdAt" | "updatedAt" | undefined;
                     order?: "asc" | "desc" | undefined;
+                    revision_id?: string | undefined;
                 };
             };
             output: {
@@ -389,6 +391,100 @@ export declare const registerPageRoutes: <E extends OpenAPIHono<CrowiHonoBinding
                     likerCount?: number | undefined;
                     seenUsersCount?: number | undefined;
                 } | null | undefined;
+                contentPage?: {
+                    _id: string;
+                    path: string;
+                    commentCount: number;
+                    createdAt: string;
+                    revision?: string | {
+                        _id: string;
+                        path: string;
+                        body: string;
+                        format: string;
+                        createdAt: string;
+                        author?: {
+                            _id: string;
+                            username: string;
+                            name: string;
+                            email: string;
+                            createdAt: string;
+                            id?: string | undefined;
+                            image?: string | null | undefined;
+                        } | null | undefined;
+                        meta?: {
+                            toc?: {
+                                level: number;
+                                text: string;
+                                anchorId: string;
+                            }[] | undefined;
+                            wikiLinks?: {
+                                raw: string;
+                                target: string;
+                                displayText?: string | undefined;
+                            }[] | undefined;
+                            mentions?: {
+                                username: string;
+                            }[] | undefined;
+                            codeBlockLanguages?: string[] | undefined;
+                        } | undefined;
+                        renderedAst?: import("hono/utils/types").JSONValue | undefined;
+                        rendererVersion?: string | undefined;
+                        parentRevisionId?: string | null | undefined;
+                        type?: "snapshot" | "incremental" | undefined;
+                        savedBy?: string | {
+                            _id: string;
+                            username: string;
+                            name: string;
+                            email: string;
+                            createdAt: string;
+                            id?: string | undefined;
+                            image?: string | null | undefined;
+                        } | null | undefined;
+                        contributors?: (string | {
+                            _id: string;
+                            username: string;
+                            name: string;
+                            email: string;
+                            createdAt: string;
+                            id?: string | undefined;
+                            image?: string | null | undefined;
+                        })[] | undefined;
+                        message?: string | undefined;
+                        editVia?: "web" | "oauth" | "pat" | undefined;
+                    } | undefined;
+                    redirectTo?: string | null | undefined;
+                    status?: "published" | "wip" | "deleted" | "deprecated" | "draft" | null | undefined;
+                    grant?: number | undefined;
+                    grantedUsers?: string[] | undefined;
+                    creator?: string | {
+                        _id: string;
+                        username: string;
+                        name: string;
+                        email: string;
+                        createdAt: string;
+                        id?: string | undefined;
+                        image?: string | null | undefined;
+                    } | null | undefined;
+                    lastUpdateUser?: string | {
+                        _id: string;
+                        username: string;
+                        name: string;
+                        email: string;
+                        createdAt: string;
+                        id?: string | undefined;
+                        image?: string | null | undefined;
+                    } | null | undefined;
+                    liker?: string[] | undefined;
+                    extended?: {
+                        [x: string]: any;
+                    } | undefined;
+                    updatedAt?: string | undefined;
+                    currentRevision?: string | null | undefined;
+                    yjsCheckpointAt?: string | null | undefined;
+                    latestRevision?: string | undefined;
+                    likerCount?: number | undefined;
+                    seenUsersCount?: number | undefined;
+                } | null | undefined;
             };
             outputFormat: "json";
             status: 200;
@@ -1800,6 +1896,161 @@ export declare const registerPageRoutes: <E extends OpenAPIHono<CrowiHonoBinding
             status: 200;
         };
     };
+} & {
+    "/pages/revert-to-revision": {
+        $post: {
+            input: {
+                json: {
+                    page_id: string;
+                    revision_id: string;
+                };
+            };
+            output: {
+                error: {
+                    code: "PAGE_NOT_FOUND";
+                    message: "Page not found";
+                };
+            };
+            outputFormat: "json";
+            status: 404;
+        } | {
+            input: {
+                json: {
+                    page_id: string;
+                    revision_id: string;
+                };
+            };
+            output: {
+                error: {
+                    code: string;
+                    message: string;
+                };
+            };
+            outputFormat: "json";
+            status: 400;
+        } | {
+            input: {
+                json: {
+                    page_id: string;
+                    revision_id: string;
+                };
+            };
+            output: {
+                error: {
+                    code: "AUTHENTICATION_REQUIRED";
+                    message: "Authentication is required";
+                    redirectTo?: string | undefined;
+                };
+            };
+            outputFormat: "json";
+            status: 401;
+        } | {
+            input: {
+                json: {
+                    page_id: string;
+                    revision_id: string;
+                };
+            };
+            output: {
+                page: {
+                    _id: string;
+                    path: string;
+                    commentCount: number;
+                    createdAt: string;
+                    revision?: string | {
+                        _id: string;
+                        path: string;
+                        body: string;
+                        format: string;
+                        createdAt: string;
+                        author?: {
+                            _id: string;
+                            username: string;
+                            name: string;
+                            email: string;
+                            createdAt: string;
+                            id?: string | undefined;
+                            image?: string | null | undefined;
+                        } | null | undefined;
+                        meta?: {
+                            toc?: {
+                                level: number;
+                                text: string;
+                                anchorId: string;
+                            }[] | undefined;
+                            wikiLinks?: {
+                                raw: string;
+                                target: string;
+                                displayText?: string | undefined;
+                            }[] | undefined;
+                            mentions?: {
+                                username: string;
+                            }[] | undefined;
+                            codeBlockLanguages?: string[] | undefined;
+                        } | undefined;
+                        renderedAst?: import("hono/utils/types").JSONValue | undefined;
+                        rendererVersion?: string | undefined;
+                        parentRevisionId?: string | null | undefined;
+                        type?: "snapshot" | "incremental" | undefined;
+                        savedBy?: string | {
+                            _id: string;
+                            username: string;
+                            name: string;
+                            email: string;
+                            createdAt: string;
+                            id?: string | undefined;
+                            image?: string | null | undefined;
+                        } | null | undefined;
+                        contributors?: (string | {
+                            _id: string;
+                            username: string;
+                            name: string;
+                            email: string;
+                            createdAt: string;
+                            id?: string | undefined;
+                            image?: string | null | undefined;
+                        })[] | undefined;
+                        message?: string | undefined;
+                        editVia?: "web" | "oauth" | "pat" | undefined;
+                    } | undefined;
+                    redirectTo?: string | null | undefined;
+                    status?: "published" | "wip" | "deleted" | "deprecated" | "draft" | null | undefined;
+                    grant?: number | undefined;
+                    grantedUsers?: string[] | undefined;
+                    creator?: string | {
+                        _id: string;
+                        username: string;
+                        name: string;
+                        email: string;
+                        createdAt: string;
+                        id?: string | undefined;
+                        image?: string | null | undefined;
+                    } | null | undefined;
+                    lastUpdateUser?: string | {
+                        _id: string;
+                        username: string;
+                        name: string;
+                        email: string;
+                        createdAt: string;
+                        id?: string | undefined;
+                        image?: string | null | undefined;
+                    } | null | undefined;
+                    liker?: string[] | undefined;
+                    extended?: {
+                        [x: string]: any;
+                    } | undefined;
+                    updatedAt?: string | undefined;
+                    currentRevision?: string | null | undefined;
+                    yjsCheckpointAt?: string | null | undefined;
+                    latestRevision?: string | undefined;
+                    likerCount?: number | undefined;
+                    seenUsersCount?: number | undefined;
+                };
+            };
+            outputFormat: "json";
+            status: 200;
+        };
+    };
 } & {
     "/pages/rename": {
         $post: {

package/dist/hono/handlers/page.js

@@ -28,6 +28,7 @@ exports.registerPageRoutes = void 0;
  */
 const api_contract_1 = require("@crowi/api-contract");
 const debug_1 = __importDefault(require("debug"));
+const mongoose_1 = require("mongoose");
 const page_1 = require("../../models/page");
 const page_response_1 = require("../../util/page-response");
 const ts_rest_helpers_1 = require("../../util/ts-rest-helpers");
@@ -53,6 +54,9 @@ const pageBadRequestBody = (code, message) => ({
 const pageRevisionConflictBody = () => ({
     error: { code: 'PAGE_REVISION_ERROR', message: 'Revision error.' },
 });
+// §6 — shared 400 body for the `/x` ↔ `/x/` twin-creation guard, used by both
+// the create and rename paths so the message stays identical.
+const pageTwinExistsBody = (twinPath) => pageBadRequestBody('PAGE_TWIN_EXISTS', `A page with the opposite trailing slash already exists at ${twinPath}. Portalize it instead.`);
 // Structured 400 body shared by both subtree-rename paths (page_id-based and
 // path-based). `partial: true` marks a mid-execution best-effort failure.
 const renameTreeFailedBody = (message, conflicts, partial) => ({
@@ -64,6 +68,7 @@ const toConflicts = (errorsByPath) => Object.entries(errorsByPath)
     .map(([path, reasons]) => ({ path, reasons }));
 const registerPageRoutes = (app, crowi) => {
     const Page = crowi.model('Page');
+    const Revision = crowi.model('Revision');
     const User = crowi.model('User');
     const Watcher = crowi.model('Watcher');
     // RFC-0010 — per-route scope guards (web sessions hold all scopes, so
@@ -88,6 +93,7 @@ const registerPageRoutes = (app, crowi) => {
     (0, require_scope_1.applyScope)(app, api_contract_1.setWatchStatusRoute, 'pages:write');
     (0, require_scope_1.applyScope)(app, api_contract_1.deletePageRoute, 'pages:write');
     (0, require_scope_1.applyScope)(app, api_contract_1.revertDeletedPageRoute, 'pages:write');
+    (0, require_scope_1.applyScope)(app, api_contract_1.revertToRevisionRoute, 'pages:write');
     (0, require_scope_1.applyScope)(app, api_contract_1.renamePageRoute, 'pages:write');
     (0, require_scope_1.applyScope)(app, api_contract_1.renameSubtreeRoute, 'pages:write');
     /**
@@ -165,7 +171,7 @@ const registerPageRoutes = (app, crowi) => {
         // --------------------------------------------------------------
         .openapi(api_contract_1.listPagesRoute, async (c) => {
         const user = c.get('user');
-        const { path, user: userParam, limit, offset, include_deleted, sort, order } = c.req.valid('query');
+        const { path, user: userParam, limit, offset, include_deleted, sort, order, revision_id } = c.req.valid('query');
         // Mongoose sort direction: 1 ascending, -1 descending.
         const sortDir = order === 'asc' ? 1 : -1;
         // Force-enable include_deleted for /trash and /trash/<sub> requests so
@@ -177,6 +183,12 @@ const registerPageRoutes = (app, crowi) => {
         try {
             let pages = [];
             let portalPage = null;
+            // §4 — when listing a portal path (`/foo/`) that has no portal
+            // document of its own, surface the content page sitting at the
+            // stripped path (`/foo`) so the list view can offer "portalize
+            // this page" instead of "Create Portal". Mutually exclusive with
+            // `portalPage`. Only ever set in the path branch below.
+            let contentPage = null;
             if (userParam) {
                 // List pages by creator.
                 const targetUser = await User.findById(userParam);
@@ -197,13 +209,27 @@ const registerPageRoutes = (app, crowi) => {
                 // List pages by path. /trash subtrees skip findPortalPage to
                 // mirror the legacy deletedPageListShow which always rendered
                 // with page=null.
-                const portalPagePromise = isTrashPath ? Promise.resolve(null) : Page.findPortalPage(path, user);
+                const portalPagePromise = isTrashPath ? Promise.resolve(null) : Page.findPortalPage(path, user, revision_id || null);
                 const listPromise = Page.findListByStartWith(path, user, { limit, offset, includeDeletedPage, sort, desc: sortDir });
                 const [rawPortalPage, rawPages] = await Promise.all([portalPagePromise, listPromise]);
                 [portalPage, pages] = (await Promise.all([
                     rawPortalPage ? Page.populate(rawPortalPage, [{ path: 'creator' }, { path: 'lastUpdateUser' }]) : null,
                     Page.populate(rawPages, [{ path: 'creator' }, { path: 'lastUpdateUser' }]),
                 ]));
+                // §4 — a portal path (`/foo/`) with no portal document but a
+                // content page at the stripped path (`/foo`): resolve that
+                // content page (grant/draft-respecting; not-found → null) so the
+                // client can offer to portalize it. Skipped for /trash and when
+                // a real portal already exists (the two are exclusive).
+                if (!isTrashPath && !portalPage && path.endsWith('/')) {
+                    const strippedPath = path.replace(/\/+$/, '');
+                    if (strippedPath !== '') {
+                        const rawContentPage = await Page.findPortalPage(strippedPath, user, null);
+                        contentPage = rawContentPage
+                            ? (await Page.populate(rawContentPage, [{ path: 'creator' }, { path: 'lastUpdateUser' }]))
+                            : null;
+                    }
+                }
             }
             else {
                 // List all pages the user can access (including path='/').
@@ -238,7 +264,7 @@ const registerPageRoutes = (app, crowi) => {
                 };
                 if (path === '/') {
                     [portalPage, pages] = await Promise.all([
-                        Page.findPortalPage(path, user),
+                        Page.findPortalPage(path, user, revision_id || null),
                         Page.find(conditions)
                             .sort({ [sort]: sortDir })
                             .skip(offset)
@@ -271,6 +297,15 @@ const registerPageRoutes = (app, crowi) => {
                 const portalId = String(portalPage._id);
                 pages = pages.filter((page) => String(page._id) !== portalId);
             }
+            // §4 — the content page surfaced separately as `contentPage` is
+            // also matched by `findListByStartWith` (the un-slashed twin of
+            // the portal path), so drop it from the child rows for the same
+            // reason as `portalPage`: it is rendered as the portalize banner,
+            // not as a child.
+            if (contentPage) {
+                const contentId = String(contentPage._id);
+                pages = pages.filter((page) => String(page._id) !== contentId);
+            }
             const pageResponses = pages.map((page) => (0, page_response_1.pageToResponse)(page));
             // The portal document is rendered as a full page (PageContent)
             // by the web client, so — unlike the list rows — it needs
@@ -285,12 +320,17 @@ const registerPageRoutes = (app, crowi) => {
                 portalPageResponse.revision.meta = meta;
                 portalPageResponse.revision.renderedAst = renderedAst;
             }
+            // §4 — content page emitted lean (no renderedAst): the client uses
+            // it only to drive the portalize banner (id / path / revision id),
+            // never to render the page body.
+            const contentPageResponse = contentPage ? (0, page_response_1.pageToResponse)(contentPage) : null;
             const prev = offset > 0 ? Math.max(0, offset - limit) : null;
             const next = pages.length === limit ? offset + limit : null;
             return c.json({
                 pages: pageResponses,
                 pager: { prev, next, offset },
                 portalPage: portalPageResponse,
+                contentPage: contentPageResponse,
             }, 200);
         }
         catch (err) {
@@ -301,6 +341,7 @@ const registerPageRoutes = (app, crowi) => {
                 pages: [],
                 pager: { prev: null, next: null, offset: 0 },
                 portalPage: null,
+                contentPage: null,
             }, 200);
         }
     })
@@ -337,6 +378,15 @@ const registerPageRoutes = (app, crowi) => {
             if (existing !== null) {
                 return c.json(pageBadRequestBody('PAGE_EXISTS', 'Page exists'), 400);
             }
+            // §6 — block the `/x` ↔ `/x/` double-state: refuse to create a
+            // page whose trailing-slash twin already exists as a real page.
+            // Use `normalizePath` so the twin check sees the same path the
+            // creation will use.
+            const normalizedCreatePath = Page.normalizePath(path);
+            const twin = await Page.findExistingTwin(normalizedCreatePath);
+            if (twin) {
+                return c.json(pageTwinExistsBody(twin.path), 400);
+            }
             // RFC-0010 — record the edit channel (web / oauth / pat) so the
             // history view can flag API-token edits.
             const createOptions = { editVia: c.get('authContext').kind };
@@ -599,6 +649,59 @@ const registerPageRoutes = (app, crowi) => {
             }
             return c.json(pageBadRequestBody('PAGE_REVERT_FAILED', error.message || 'Failed to revert deleted page'), 400);
         }
+    })
+        // --------------------------------------------------------------
+        // POST /pages/revert-to-revision — revertToRevision
+        //
+        // Restore the page's body to one of its PAST revisions by stacking
+        // that body as a NEW revision on top of the current latest. This is
+        // non-destructive: the whole history is preserved, and the revert is
+        // always applied on top of the server-side latest (no optimistic-lock
+        // 409 — if someone else updated the page since the caller opened the
+        // old version, the revert lands on top of that newer revision rather
+        // than conflicting). Page.updatePage handles prepareRevision →
+        // pushRevision → pageEvent.emit('update', …, true), so notify / collab
+        // fan-out comes for free.
+        // --------------------------------------------------------------
+        .openapi(api_contract_1.revertToRevisionRoute, async (c) => {
+        const user = c.get('user');
+        const { page_id, revision_id } = c.req.valid('json');
+        debug('revertToRevision called with:', { page_id, revision_id, userId: user._id });
+        if (!(0, ts_rest_helpers_1.isValidObjectId)(revision_id)) {
+            return c.json(pageBadRequestBody('PAGE_REVERT_TO_REVISION_FAILED', 'Invalid revision id'), 400);
+        }
+        try {
+            // Grant + draft visibility checks (collapse to 404 — same leak-
+            // guard as updatePage so a non-granted caller can't probe page
+            // existence).
+            const pageData = (await Page.findPageByIdAndGrantedUser(page_id, user));
+            if (!pageData) {
+                return c.json(errors_1.PAGE_NOT_FOUND_BODY, 404);
+            }
+            // The revision to revert TO. Must belong to this page (same path)
+            // so a caller cannot graft another page's body onto this one.
+            const oldRevision = await Revision.findRevision(new mongoose_1.Types.ObjectId(revision_id));
+            if (!oldRevision || oldRevision.path !== pageData.path) {
+                return c.json(pageBadRequestBody('PAGE_REVERT_TO_REVISION_FAILED', 'Revision does not belong to this page'), 400);
+            }
+            // Stack the old body as a new revision on top of the latest. The
+            // base is pageData.revision (the server-side latest), set inside
+            // prepareRevision — the client never supplies one. No `grant` option
+            // is passed: updatePage defaults to `pageData.grant`, which keeps
+            // the grant-update branch skipped (visibility is preserved).
+            const updateOptions = { editVia: c.get('authContext').kind };
+            const updated = (await Page.updatePage(pageData, oldRevision.body, user, updateOptions));
+            const populated = await Page.populatePageData(updated, null);
+            return c.json({ page: (0, page_response_1.pageToResponse)(populated) }, 200);
+        }
+        catch (err) {
+            const error = err;
+            debug('Error reverting page to revision:', error.message);
+            if (error.message === 'Page not found' || error.message === 'Page is not granted for the user') {
+                return c.json(errors_1.PAGE_NOT_FOUND_BODY, 404);
+            }
+            return c.json(pageBadRequestBody('PAGE_REVERT_TO_REVISION_FAILED', error.message || 'Failed to revert page to revision'), 400);
+        }
     })
         // --------------------------------------------------------------
         // POST /pages/rename — renamePage
@@ -686,6 +789,14 @@ const registerPageRoutes = (app, crowi) => {
             // ------------------------------------------------------------
             // Single-page rename (default / back-compat).
             // ------------------------------------------------------------
+            // §6 — block the `/x` ↔ `/x/` double-state: refuse to move onto a
+            // path whose trailing-slash twin already exists as a real page.
+            // The source page itself is excluded, so portalizing `/x` → `/x/`
+            // (where the twin `/x` IS the page being moved) is allowed.
+            const twinAtNewPath = await Page.findExistingTwin(newPagePath, { excludeId: pageData._id });
+            if (twinAtNewPath) {
+                return c.json(pageTwinExistsBody(twinAtNewPath.path), 400);
+            }
             // Collision at the destination path — unlink an existing
             // redirect when the caller has permission, otherwise refuse.
             const existingAtNewPath = await Page.findOne({ path: newPagePath });
@@ -703,10 +814,16 @@ const registerPageRoutes = (app, crowi) => {
                     return c.json(pageBadRequestBody('PAGE_EXISTS', `Cannot rename to this page name (${newPagePath}). Page exists.`), 400);
                 }
             }
-            // Legacy controller: portal paths (ending in '/') never get a
-            // redirect page even if requested.
+            // Honour `create_redirect` regardless of the destination's
+            // portal-ness. Portalizing `/x` → `/x/` leaves a redirect at the
+            // old content path so existing links / bookmarks to `/x` keep
+            // resolving (to the new portal) — the same behaviour every other
+            // rename already has (RenameDialog always requests a redirect). The
+            // redirect stub has `redirectTo` set, so `findExistingTwin` (which
+            // filters `redirectTo: null`) does not treat it as a `/x` ↔ `/x/`
+            // twin, and it is hidden from listings (also `redirectTo: null`).
             const options = {
-                createRedirectPage: !newPageIsPortal && Boolean(create_redirect),
+                createRedirectPage: Boolean(create_redirect),
             };
             await Page.rename(pageData, newPagePath, user, options);
             const populated = await Page.populatePageData(pageData, null);