@dyrected/core 2.0.0 → 2.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/app-KApbf4XL.d.cts +362 -0
- package/dist/app-KApbf4XL.d.ts +362 -0
- package/dist/chunk-22JTWD74.js +1784 -0
- package/dist/chunk-7GGHK75W.js +1835 -0
- package/dist/chunk-GZODLJ3C.js +1861 -0
- package/dist/index.cjs +2418 -83
- package/dist/index.d.cts +70 -3
- package/dist/index.d.ts +70 -3
- package/dist/index.js +617 -85
- package/dist/server.cjs +79 -2
- package/dist/server.d.cts +16 -22
- package/dist/server.d.ts +16 -22
- package/dist/server.js +8 -1715
- package/package.json +2 -1
|
@@ -0,0 +1,1861 @@
|
|
|
1
|
+
// src/utils/config.ts
|
|
2
|
+
var AUDIT_COLLECTION_SLUG = "__audit";
|
|
3
|
+
var SYSTEM_FIELDS = [
|
|
4
|
+
{
|
|
5
|
+
name: "createdAt",
|
|
6
|
+
type: "date",
|
|
7
|
+
label: "Created At",
|
|
8
|
+
admin: { readOnly: true, hidden: true }
|
|
9
|
+
},
|
|
10
|
+
{
|
|
11
|
+
name: "updatedAt",
|
|
12
|
+
type: "date",
|
|
13
|
+
label: "Updated At",
|
|
14
|
+
admin: { readOnly: true, hidden: true }
|
|
15
|
+
},
|
|
16
|
+
{
|
|
17
|
+
name: "createdBy",
|
|
18
|
+
type: "text",
|
|
19
|
+
label: "Created By",
|
|
20
|
+
admin: { readOnly: true, hidden: true }
|
|
21
|
+
},
|
|
22
|
+
{
|
|
23
|
+
name: "updatedBy",
|
|
24
|
+
type: "text",
|
|
25
|
+
label: "Updated By",
|
|
26
|
+
admin: { readOnly: true, hidden: true }
|
|
27
|
+
}
|
|
28
|
+
];
|
|
29
|
+
var AUDIT_COLLECTION = {
|
|
30
|
+
slug: AUDIT_COLLECTION_SLUG,
|
|
31
|
+
labels: { singular: "Audit Log", plural: "Audit Logs" },
|
|
32
|
+
fields: [
|
|
33
|
+
{ name: "collection", type: "text", label: "Collection", required: true },
|
|
34
|
+
{ name: "documentId", type: "text", label: "Document ID" },
|
|
35
|
+
{ name: "operation", type: "select", label: "Operation", options: ["create", "update", "delete"], required: true },
|
|
36
|
+
{ name: "user", type: "text", label: "User ID" },
|
|
37
|
+
{ name: "timestamp", type: "date", label: "Timestamp", required: true },
|
|
38
|
+
{ name: "changes", type: "json", label: "Changes" }
|
|
39
|
+
],
|
|
40
|
+
admin: { hidden: true }
|
|
41
|
+
};
|
|
42
|
+
function normalizeConfig(config) {
|
|
43
|
+
const needsAudit = config.collections.some((col) => col.audit);
|
|
44
|
+
const normalizedCollections = config.collections.map((col) => {
|
|
45
|
+
const existingFieldNames = new Set(col.fields.map((f) => f.name));
|
|
46
|
+
const fieldsToInject = SYSTEM_FIELDS.filter((f) => !existingFieldNames.has(f.name));
|
|
47
|
+
return {
|
|
48
|
+
...col,
|
|
49
|
+
fields: [...col.fields, ...fieldsToInject]
|
|
50
|
+
};
|
|
51
|
+
});
|
|
52
|
+
const hasAuditCollection = normalizedCollections.some(
|
|
53
|
+
(col) => col.slug === AUDIT_COLLECTION_SLUG
|
|
54
|
+
);
|
|
55
|
+
return {
|
|
56
|
+
...config,
|
|
57
|
+
collections: [
|
|
58
|
+
...normalizedCollections,
|
|
59
|
+
...needsAudit && !hasAuditCollection ? [AUDIT_COLLECTION] : []
|
|
60
|
+
]
|
|
61
|
+
};
|
|
62
|
+
}
|
|
63
|
+
|
|
64
|
+
// src/services/population.service.ts
|
|
65
|
+
var PopulationService = class {
|
|
66
|
+
db;
|
|
67
|
+
collections;
|
|
68
|
+
constructor(db, collections) {
|
|
69
|
+
this.db = db;
|
|
70
|
+
this.collections = collections;
|
|
71
|
+
}
|
|
72
|
+
/**
|
|
73
|
+
* Recursively populate relationship fields in a document or array of documents.
|
|
74
|
+
*/
|
|
75
|
+
async populate(args) {
|
|
76
|
+
const { data, fields, currentDepth, maxDepth } = args;
|
|
77
|
+
if (currentDepth >= maxDepth || !data) {
|
|
78
|
+
return data;
|
|
79
|
+
}
|
|
80
|
+
if (Array.isArray(data)) {
|
|
81
|
+
return Promise.all(data.map((item) => this.populate({ ...args, data: item })));
|
|
82
|
+
}
|
|
83
|
+
const populatedDoc = { ...data };
|
|
84
|
+
for (const field of fields) {
|
|
85
|
+
const value = populatedDoc[field.name];
|
|
86
|
+
if (field.type === "relationship" && field.relationTo && value) {
|
|
87
|
+
const relatedCollection = this.collections.find((c) => c.slug === field.relationTo);
|
|
88
|
+
if (!relatedCollection) continue;
|
|
89
|
+
if (Array.isArray(value)) {
|
|
90
|
+
populatedDoc[field.name] = await Promise.all(
|
|
91
|
+
value.map(async (id) => {
|
|
92
|
+
if (!id) return id;
|
|
93
|
+
let doc = id;
|
|
94
|
+
if (typeof id === "string") {
|
|
95
|
+
doc = await this.db.findOne({ collection: field.relationTo, id });
|
|
96
|
+
}
|
|
97
|
+
if (!doc || typeof doc !== "object") return id;
|
|
98
|
+
return this.populate({
|
|
99
|
+
data: doc,
|
|
100
|
+
fields: relatedCollection.fields,
|
|
101
|
+
currentDepth: currentDepth + 1,
|
|
102
|
+
maxDepth
|
|
103
|
+
});
|
|
104
|
+
})
|
|
105
|
+
);
|
|
106
|
+
} else if (value) {
|
|
107
|
+
let doc = value;
|
|
108
|
+
if (typeof value === "string") {
|
|
109
|
+
doc = await this.db.findOne({ collection: field.relationTo, id: value });
|
|
110
|
+
}
|
|
111
|
+
if (doc && typeof doc === "object") {
|
|
112
|
+
populatedDoc[field.name] = await this.populate({
|
|
113
|
+
data: doc,
|
|
114
|
+
fields: relatedCollection.fields,
|
|
115
|
+
currentDepth: currentDepth + 1,
|
|
116
|
+
maxDepth
|
|
117
|
+
});
|
|
118
|
+
}
|
|
119
|
+
}
|
|
120
|
+
}
|
|
121
|
+
if ((field.type === "array" || field.type === "object") && field.fields && value) {
|
|
122
|
+
populatedDoc[field.name] = await this.populate({
|
|
123
|
+
data: value,
|
|
124
|
+
fields: field.fields,
|
|
125
|
+
currentDepth,
|
|
126
|
+
// Nested fields don't consume depth, only relationships do
|
|
127
|
+
maxDepth
|
|
128
|
+
});
|
|
129
|
+
}
|
|
130
|
+
if (field.type === "blocks" && field.blocks && Array.isArray(value)) {
|
|
131
|
+
populatedDoc[field.name] = await Promise.all(
|
|
132
|
+
value.map(async (blockData) => {
|
|
133
|
+
const blockConfig = field.blocks.find((b) => b.slug === blockData.blockType);
|
|
134
|
+
if (!blockConfig) return blockData;
|
|
135
|
+
return this.populate({
|
|
136
|
+
data: blockData,
|
|
137
|
+
fields: blockConfig.fields,
|
|
138
|
+
currentDepth,
|
|
139
|
+
maxDepth
|
|
140
|
+
});
|
|
141
|
+
})
|
|
142
|
+
);
|
|
143
|
+
}
|
|
144
|
+
}
|
|
145
|
+
return populatedDoc;
|
|
146
|
+
}
|
|
147
|
+
/**
|
|
148
|
+
* Helper to populate a PaginatedResult
|
|
149
|
+
*/
|
|
150
|
+
async populateResult(result, fields, maxDepth) {
|
|
151
|
+
if (maxDepth <= 0) return result;
|
|
152
|
+
const populatedDocs = await this.populate({
|
|
153
|
+
data: result.docs,
|
|
154
|
+
fields,
|
|
155
|
+
currentDepth: 0,
|
|
156
|
+
maxDepth
|
|
157
|
+
});
|
|
158
|
+
return {
|
|
159
|
+
...result,
|
|
160
|
+
docs: populatedDocs
|
|
161
|
+
};
|
|
162
|
+
}
|
|
163
|
+
};
|
|
164
|
+
|
|
165
|
+
// src/services/defaults.service.ts
|
|
166
|
+
var DefaultsService = class {
|
|
167
|
+
/**
|
|
168
|
+
* Recursively apply default values to a data object based on field definitions.
|
|
169
|
+
*/
|
|
170
|
+
static apply(fields, data = {}) {
|
|
171
|
+
const result = { ...data || {} };
|
|
172
|
+
fields.forEach((field) => {
|
|
173
|
+
let value = result[field.name];
|
|
174
|
+
if ((value === void 0 || value === null) && field.renameTo) {
|
|
175
|
+
const legacyValue = result[field.renameTo];
|
|
176
|
+
if (legacyValue !== void 0 && legacyValue !== null) {
|
|
177
|
+
value = legacyValue;
|
|
178
|
+
result[field.name] = legacyValue;
|
|
179
|
+
}
|
|
180
|
+
}
|
|
181
|
+
if (value === void 0 || value === null) {
|
|
182
|
+
if (field.defaultValue !== void 0) {
|
|
183
|
+
result[field.name] = field.defaultValue;
|
|
184
|
+
} else {
|
|
185
|
+
if (field.type === "boolean") result[field.name] = false;
|
|
186
|
+
else if (field.type === "array") result[field.name] = [];
|
|
187
|
+
else if (field.type === "multiSelect") result[field.name] = [];
|
|
188
|
+
else if (field.type === "object") {
|
|
189
|
+
result[field.name] = this.apply(field.fields || [], {});
|
|
190
|
+
}
|
|
191
|
+
}
|
|
192
|
+
} else if (field.type === "object" && field.fields) {
|
|
193
|
+
result[field.name] = this.apply(field.fields, value);
|
|
194
|
+
} else if (field.type === "array" && field.fields && Array.isArray(value)) {
|
|
195
|
+
result[field.name] = value.map((item) => this.apply(field.fields, item));
|
|
196
|
+
}
|
|
197
|
+
});
|
|
198
|
+
return result;
|
|
199
|
+
}
|
|
200
|
+
};
|
|
201
|
+
|
|
202
|
+
// src/services/audit.service.ts
|
|
203
|
+
var AuditService = class {
|
|
204
|
+
/**
|
|
205
|
+
* Writes a single entry to the __audit collection.
|
|
206
|
+
* Called without await — runs asynchronously and never blocks the primary operation.
|
|
207
|
+
*/
|
|
208
|
+
static async log(db, args) {
|
|
209
|
+
try {
|
|
210
|
+
await db.create({
|
|
211
|
+
collection: "__audit",
|
|
212
|
+
data: {
|
|
213
|
+
collection: args.collection,
|
|
214
|
+
documentId: args.documentId ?? null,
|
|
215
|
+
operation: args.operation,
|
|
216
|
+
user: args.user?.id ?? null,
|
|
217
|
+
timestamp: (/* @__PURE__ */ new Date()).toISOString(),
|
|
218
|
+
changes: JSON.stringify({
|
|
219
|
+
before: args.before ?? null,
|
|
220
|
+
after: args.after ?? null
|
|
221
|
+
})
|
|
222
|
+
}
|
|
223
|
+
});
|
|
224
|
+
} catch (err) {
|
|
225
|
+
console.error("[dyrected/audit] Failed to write audit log:", err);
|
|
226
|
+
}
|
|
227
|
+
}
|
|
228
|
+
};
|
|
229
|
+
|
|
230
|
+
// src/controllers/collection.controller.ts
|
|
231
|
+
var CollectionController = class {
|
|
232
|
+
collection;
|
|
233
|
+
constructor(collection) {
|
|
234
|
+
this.collection = collection;
|
|
235
|
+
}
|
|
236
|
+
async find(c) {
|
|
237
|
+
const config = c.get("config");
|
|
238
|
+
const db = config.db;
|
|
239
|
+
if (!db) return c.json({ message: "Database not configured" }, 500);
|
|
240
|
+
const limit = Number(c.req.query("limit")) || 10;
|
|
241
|
+
const page = Number(c.req.query("page")) || 1;
|
|
242
|
+
const depth = c.req.query("depth") !== void 0 ? Number(c.req.query("depth")) : 1;
|
|
243
|
+
const sort = c.req.query("sort") || void 0;
|
|
244
|
+
let where = void 0;
|
|
245
|
+
const whereRaw = c.req.query("where");
|
|
246
|
+
if (whereRaw) {
|
|
247
|
+
try {
|
|
248
|
+
where = JSON.parse(decodeURIComponent(whereRaw));
|
|
249
|
+
} catch {
|
|
250
|
+
}
|
|
251
|
+
}
|
|
252
|
+
let result = await db.find({
|
|
253
|
+
collection: this.collection.slug,
|
|
254
|
+
limit,
|
|
255
|
+
page,
|
|
256
|
+
sort,
|
|
257
|
+
where
|
|
258
|
+
});
|
|
259
|
+
if (result.total === 0 && this.collection.initialData && !where && page === 1) {
|
|
260
|
+
console.log(`[dyrected/core] Auto-seeding collection "${this.collection.slug}" from config.initialData`);
|
|
261
|
+
for (const data of this.collection.initialData) {
|
|
262
|
+
await db.create({ collection: this.collection.slug, data });
|
|
263
|
+
}
|
|
264
|
+
result = await db.find({
|
|
265
|
+
collection: this.collection.slug,
|
|
266
|
+
limit,
|
|
267
|
+
page,
|
|
268
|
+
sort,
|
|
269
|
+
where
|
|
270
|
+
});
|
|
271
|
+
}
|
|
272
|
+
result.docs = result.docs.map((doc) => DefaultsService.apply(this.collection.fields, doc));
|
|
273
|
+
if (depth > 0) {
|
|
274
|
+
const populationService = new PopulationService(db, config.collections);
|
|
275
|
+
result = await populationService.populateResult(result, this.collection.fields, depth);
|
|
276
|
+
}
|
|
277
|
+
return c.json(result);
|
|
278
|
+
}
|
|
279
|
+
async findOne(c) {
|
|
280
|
+
const config = c.get("config");
|
|
281
|
+
const db = config.db;
|
|
282
|
+
if (!db) return c.json({ message: "Database not configured" }, 500);
|
|
283
|
+
const id = c.req.param("id");
|
|
284
|
+
const depth = c.req.query("depth") !== void 0 ? Number(c.req.query("depth")) : 1;
|
|
285
|
+
if (!id) return c.json({ message: "Missing ID" }, 400);
|
|
286
|
+
const doc = await db.findOne({ collection: this.collection.slug, id });
|
|
287
|
+
if (!doc) return c.json({ message: "Not Found" }, 404);
|
|
288
|
+
const docWithDefaults = DefaultsService.apply(this.collection.fields, doc);
|
|
289
|
+
if (depth > 0 && docWithDefaults) {
|
|
290
|
+
const populationService = new PopulationService(db, config.collections);
|
|
291
|
+
const populatedDoc = await populationService.populate({
|
|
292
|
+
data: docWithDefaults,
|
|
293
|
+
fields: this.collection.fields,
|
|
294
|
+
currentDepth: 0,
|
|
295
|
+
maxDepth: depth
|
|
296
|
+
});
|
|
297
|
+
return c.json(populatedDoc);
|
|
298
|
+
}
|
|
299
|
+
return c.json(docWithDefaults);
|
|
300
|
+
}
|
|
301
|
+
async create(c) {
|
|
302
|
+
const config = c.get("config");
|
|
303
|
+
const db = config.db;
|
|
304
|
+
if (!db) return c.json({ message: "Database not configured" }, 500);
|
|
305
|
+
const contentType = c.req.header("Content-Type") || "";
|
|
306
|
+
if (contentType.toLowerCase().includes("multipart/form-data")) {
|
|
307
|
+
return this.upload(c);
|
|
308
|
+
}
|
|
309
|
+
const body = await c.req.json();
|
|
310
|
+
const user = c.get("user");
|
|
311
|
+
const now = (/* @__PURE__ */ new Date()).toISOString();
|
|
312
|
+
const data = {
|
|
313
|
+
...body,
|
|
314
|
+
createdAt: now,
|
|
315
|
+
updatedAt: now,
|
|
316
|
+
createdBy: user?.sub ?? null,
|
|
317
|
+
updatedBy: user?.sub ?? null
|
|
318
|
+
};
|
|
319
|
+
const doc = await db.create({ collection: this.collection.slug, data });
|
|
320
|
+
if (this.collection.audit && db) {
|
|
321
|
+
AuditService.log(db, {
|
|
322
|
+
operation: "create",
|
|
323
|
+
collection: this.collection.slug,
|
|
324
|
+
documentId: doc.id,
|
|
325
|
+
user: user ? { id: user.sub, collection: user.collection, email: user.email } : void 0,
|
|
326
|
+
before: null,
|
|
327
|
+
after: doc
|
|
328
|
+
});
|
|
329
|
+
}
|
|
330
|
+
return c.json(doc, 201);
|
|
331
|
+
}
|
|
332
|
+
async upload(c) {
|
|
333
|
+
const config = c.get("config");
|
|
334
|
+
const storage = config.storage;
|
|
335
|
+
if (!storage) return c.json({ message: "Storage not configured" }, 500);
|
|
336
|
+
const formData = await c.req.formData();
|
|
337
|
+
const file = formData.get("file");
|
|
338
|
+
if (!file) return c.json({ message: "No file uploaded" }, 400);
|
|
339
|
+
const buffer = new Uint8Array(await file.arrayBuffer());
|
|
340
|
+
const siteId = c.get("siteId");
|
|
341
|
+
const workspaceId = c.get("workspaceId");
|
|
342
|
+
const prefix = workspaceId ? `${workspaceId}/${siteId}` : siteId;
|
|
343
|
+
const fileData = await storage.upload({
|
|
344
|
+
filename: file.name,
|
|
345
|
+
buffer,
|
|
346
|
+
mimeType: file.type,
|
|
347
|
+
prefix
|
|
348
|
+
});
|
|
349
|
+
const otherData = {};
|
|
350
|
+
formData.forEach((value, key) => {
|
|
351
|
+
if (key !== "file" && typeof value === "string") {
|
|
352
|
+
otherData[key] = value;
|
|
353
|
+
}
|
|
354
|
+
});
|
|
355
|
+
const user = c.get("user");
|
|
356
|
+
const now = (/* @__PURE__ */ new Date()).toISOString();
|
|
357
|
+
const doc = await config.db.create({
|
|
358
|
+
collection: this.collection.slug,
|
|
359
|
+
data: {
|
|
360
|
+
...otherData,
|
|
361
|
+
...fileData,
|
|
362
|
+
createdAt: now,
|
|
363
|
+
updatedAt: now,
|
|
364
|
+
createdBy: user?.sub ?? null,
|
|
365
|
+
updatedBy: user?.sub ?? null
|
|
366
|
+
}
|
|
367
|
+
});
|
|
368
|
+
return c.json(doc, 201);
|
|
369
|
+
}
|
|
370
|
+
async update(c) {
|
|
371
|
+
const config = c.get("config");
|
|
372
|
+
const db = config.db;
|
|
373
|
+
if (!db) return c.json({ message: "Database not configured" }, 500);
|
|
374
|
+
const id = c.req.param("id");
|
|
375
|
+
if (!id) return c.json({ message: "Missing ID" }, 400);
|
|
376
|
+
const body = await c.req.json();
|
|
377
|
+
const user = c.get("user");
|
|
378
|
+
const data = {
|
|
379
|
+
...body,
|
|
380
|
+
updatedAt: (/* @__PURE__ */ new Date()).toISOString(),
|
|
381
|
+
updatedBy: user?.sub ?? null
|
|
382
|
+
};
|
|
383
|
+
let before = null;
|
|
384
|
+
if (this.collection.audit) {
|
|
385
|
+
before = await db.findOne({ collection: this.collection.slug, id });
|
|
386
|
+
}
|
|
387
|
+
const doc = await db.update({ collection: this.collection.slug, id, data });
|
|
388
|
+
if (this.collection.audit && db) {
|
|
389
|
+
AuditService.log(db, {
|
|
390
|
+
operation: "update",
|
|
391
|
+
collection: this.collection.slug,
|
|
392
|
+
documentId: id,
|
|
393
|
+
user: user ? { id: user.sub, collection: user.collection, email: user.email } : void 0,
|
|
394
|
+
before,
|
|
395
|
+
after: doc
|
|
396
|
+
});
|
|
397
|
+
}
|
|
398
|
+
return c.json(doc);
|
|
399
|
+
}
|
|
400
|
+
async delete(c) {
|
|
401
|
+
const config = c.get("config");
|
|
402
|
+
const db = config.db;
|
|
403
|
+
if (!db) return c.json({ message: "Database not configured" }, 500);
|
|
404
|
+
const id = c.req.param("id");
|
|
405
|
+
if (!id) return c.json({ message: "Missing ID" }, 400);
|
|
406
|
+
const user = c.get("user");
|
|
407
|
+
let before = null;
|
|
408
|
+
if (this.collection.audit) {
|
|
409
|
+
before = await db.findOne({ collection: this.collection.slug, id });
|
|
410
|
+
}
|
|
411
|
+
await db.delete({ collection: this.collection.slug, id });
|
|
412
|
+
if (this.collection.audit && db) {
|
|
413
|
+
AuditService.log(db, {
|
|
414
|
+
operation: "delete",
|
|
415
|
+
collection: this.collection.slug,
|
|
416
|
+
documentId: id,
|
|
417
|
+
user: user ? { id: user.sub, collection: user.collection, email: user.email } : void 0,
|
|
418
|
+
before,
|
|
419
|
+
after: null
|
|
420
|
+
});
|
|
421
|
+
}
|
|
422
|
+
return c.json({ message: "Deleted" });
|
|
423
|
+
}
|
|
424
|
+
async deleteMany(c) {
|
|
425
|
+
const config = c.get("config");
|
|
426
|
+
const db = config.db;
|
|
427
|
+
if (!db) return c.json({ message: "Database not configured" }, 500);
|
|
428
|
+
const user = c.get("user");
|
|
429
|
+
let ids = [];
|
|
430
|
+
try {
|
|
431
|
+
const body = await c.req.json().catch(() => null);
|
|
432
|
+
if (body?.ids && Array.isArray(body.ids)) {
|
|
433
|
+
ids = body.ids;
|
|
434
|
+
}
|
|
435
|
+
} catch {
|
|
436
|
+
}
|
|
437
|
+
if (!ids.length) {
|
|
438
|
+
const raw = c.req.queries("ids") ?? c.req.queries("ids[]") ?? [];
|
|
439
|
+
ids = raw.filter(Boolean);
|
|
440
|
+
}
|
|
441
|
+
if (!ids.length) return c.json({ message: "No IDs provided" }, 400);
|
|
442
|
+
const deleted = [];
|
|
443
|
+
const failed = [];
|
|
444
|
+
for (const id of ids) {
|
|
445
|
+
try {
|
|
446
|
+
let before = null;
|
|
447
|
+
if (this.collection.audit) {
|
|
448
|
+
before = await db.findOne({ collection: this.collection.slug, id });
|
|
449
|
+
}
|
|
450
|
+
await db.delete({ collection: this.collection.slug, id });
|
|
451
|
+
deleted.push(id);
|
|
452
|
+
if (this.collection.audit) {
|
|
453
|
+
AuditService.log(db, {
|
|
454
|
+
operation: "delete",
|
|
455
|
+
collection: this.collection.slug,
|
|
456
|
+
documentId: id,
|
|
457
|
+
user: user ? { id: user.sub, collection: user.collection, email: user.email } : void 0,
|
|
458
|
+
before,
|
|
459
|
+
after: null
|
|
460
|
+
});
|
|
461
|
+
}
|
|
462
|
+
} catch (err) {
|
|
463
|
+
failed.push({ id, error: err?.message ?? "Unknown error" });
|
|
464
|
+
}
|
|
465
|
+
}
|
|
466
|
+
return c.json({
|
|
467
|
+
message: `Deleted ${deleted.length} document(s)`,
|
|
468
|
+
deleted,
|
|
469
|
+
...failed.length ? { failed } : {}
|
|
470
|
+
});
|
|
471
|
+
}
|
|
472
|
+
async seed(c) {
|
|
473
|
+
const config = c.get("config");
|
|
474
|
+
const db = config.db;
|
|
475
|
+
if (!db) return c.json({ message: "Database not configured" }, 500);
|
|
476
|
+
const body = await c.req.json();
|
|
477
|
+
const initialData = body.data;
|
|
478
|
+
if (!initialData || !Array.isArray(initialData)) {
|
|
479
|
+
return c.json({ message: "Invalid initial data" }, 400);
|
|
480
|
+
}
|
|
481
|
+
const result = await db.find({ collection: this.collection.slug, limit: 1 });
|
|
482
|
+
if (result.total > 0) {
|
|
483
|
+
return c.json({ message: "Collection is not empty, skipping seed" });
|
|
484
|
+
}
|
|
485
|
+
console.log(`[dyrected/core] Auto-seeding collection: ${this.collection.slug}`);
|
|
486
|
+
const createdDocs = [];
|
|
487
|
+
for (const data of initialData) {
|
|
488
|
+
const doc = await db.create({ collection: this.collection.slug, data });
|
|
489
|
+
createdDocs.push(doc);
|
|
490
|
+
}
|
|
491
|
+
return c.json({ message: "Seed successful", count: createdDocs.length }, 201);
|
|
492
|
+
}
|
|
493
|
+
};
|
|
494
|
+
|
|
495
|
+
// src/controllers/global.controller.ts
|
|
496
|
+
var GlobalController = class {
|
|
497
|
+
global;
|
|
498
|
+
constructor(global) {
|
|
499
|
+
this.global = global;
|
|
500
|
+
}
|
|
501
|
+
async get(c) {
|
|
502
|
+
const config = c.get("config");
|
|
503
|
+
const db = config.db;
|
|
504
|
+
if (!db) return c.json({ message: "Database not configured" }, 500);
|
|
505
|
+
const depth = c.req.query("depth") !== void 0 ? Number(c.req.query("depth")) : 1;
|
|
506
|
+
let data = await db.getGlobal({ slug: this.global.slug });
|
|
507
|
+
const isEmpty = !data || Object.keys(data).length === 0;
|
|
508
|
+
if (isEmpty && this.global.initialData) {
|
|
509
|
+
console.log(`[dyrected/core] Auto-seeding global "${this.global.slug}" from config.initialData`);
|
|
510
|
+
await db.updateGlobal({ slug: this.global.slug, data: this.global.initialData });
|
|
511
|
+
data = this.global.initialData;
|
|
512
|
+
}
|
|
513
|
+
const dataWithDefaults = DefaultsService.apply(this.global.fields, data);
|
|
514
|
+
if (depth > 0 && dataWithDefaults) {
|
|
515
|
+
const populationService = new PopulationService(db, config.collections);
|
|
516
|
+
const populatedData = await populationService.populate({
|
|
517
|
+
data: dataWithDefaults,
|
|
518
|
+
fields: this.global.fields,
|
|
519
|
+
currentDepth: 1,
|
|
520
|
+
maxDepth: depth
|
|
521
|
+
});
|
|
522
|
+
return c.json(populatedData);
|
|
523
|
+
}
|
|
524
|
+
return c.json(dataWithDefaults);
|
|
525
|
+
}
|
|
526
|
+
async update(c) {
|
|
527
|
+
const db = c.get("config").db;
|
|
528
|
+
if (!db) return c.json({ message: "Database not configured" }, 500);
|
|
529
|
+
const body = await c.req.json();
|
|
530
|
+
const data = await db.updateGlobal({ slug: this.global.slug, data: body });
|
|
531
|
+
return c.json(data);
|
|
532
|
+
}
|
|
533
|
+
async seed(c) {
|
|
534
|
+
const config = c.get("config");
|
|
535
|
+
const db = config.db;
|
|
536
|
+
if (!db) return c.json({ message: "Database not configured" }, 500);
|
|
537
|
+
const body = await c.req.json();
|
|
538
|
+
const initialData = body.data;
|
|
539
|
+
if (!initialData) {
|
|
540
|
+
return c.json({ message: "Invalid initial data" }, 400);
|
|
541
|
+
}
|
|
542
|
+
const existing = await db.getGlobal({ slug: this.global.slug });
|
|
543
|
+
if (existing && Object.keys(existing).length > 0) {
|
|
544
|
+
return c.json({ message: "Global is not empty, skipping seed" });
|
|
545
|
+
}
|
|
546
|
+
console.log(`[dyrected/core] Auto-seeding global: ${this.global.slug}`);
|
|
547
|
+
await db.updateGlobal({ slug: this.global.slug, data: initialData });
|
|
548
|
+
return c.json({ message: "Seed successful", data: initialData }, 201);
|
|
549
|
+
}
|
|
550
|
+
};
|
|
551
|
+
|
|
552
|
+
// src/controllers/media.controller.ts
|
|
553
|
+
var MediaController = class {
|
|
554
|
+
collection;
|
|
555
|
+
constructor(collection = "media") {
|
|
556
|
+
this.collection = collection;
|
|
557
|
+
}
|
|
558
|
+
async upload(c) {
|
|
559
|
+
const config = c.get("config");
|
|
560
|
+
const storage = config.storage;
|
|
561
|
+
const imageService = config.image;
|
|
562
|
+
if (!storage) {
|
|
563
|
+
return c.json({ message: "Storage not configured" }, 500);
|
|
564
|
+
}
|
|
565
|
+
const body = await c.req.parseBody();
|
|
566
|
+
const file = body["file"];
|
|
567
|
+
const focalPointStr = body["focalPoint"];
|
|
568
|
+
const focalPoint = focalPointStr ? JSON.parse(focalPointStr) : void 0;
|
|
569
|
+
if (!file) {
|
|
570
|
+
return c.json({ message: "No file uploaded" }, 400);
|
|
571
|
+
}
|
|
572
|
+
const buffer = new Uint8Array(await file.arrayBuffer());
|
|
573
|
+
const siteId = c.get("siteId");
|
|
574
|
+
const workspaceId = c.get("workspaceId");
|
|
575
|
+
const prefix = workspaceId ? `${workspaceId}/${siteId}` : siteId || "default";
|
|
576
|
+
let imageMetadata = {};
|
|
577
|
+
let imageSizes = {};
|
|
578
|
+
if (imageService && file.type.startsWith("image/")) {
|
|
579
|
+
let colConfig = config.collections.find((col) => col.slug === this.collection);
|
|
580
|
+
if (!colConfig && config.onSchemaFetch && siteId) {
|
|
581
|
+
const dynamic = await config.onSchemaFetch(siteId);
|
|
582
|
+
colConfig = dynamic.collections?.find((col) => col.slug === this.collection);
|
|
583
|
+
}
|
|
584
|
+
try {
|
|
585
|
+
const processed = await imageService.process({
|
|
586
|
+
buffer,
|
|
587
|
+
mimeType: file.type,
|
|
588
|
+
config: colConfig?.upload,
|
|
589
|
+
focalPoint
|
|
590
|
+
});
|
|
591
|
+
imageMetadata = processed.metadata;
|
|
592
|
+
imageSizes = processed.sizes;
|
|
593
|
+
} catch (err) {
|
|
594
|
+
console.error("[MediaController] Image processing failed:", err);
|
|
595
|
+
}
|
|
596
|
+
}
|
|
597
|
+
const fileData = await storage.upload({
|
|
598
|
+
filename: file.name,
|
|
599
|
+
buffer,
|
|
600
|
+
mimeType: file.type,
|
|
601
|
+
prefix
|
|
602
|
+
});
|
|
603
|
+
const finalFileData = {
|
|
604
|
+
...fileData,
|
|
605
|
+
...imageMetadata,
|
|
606
|
+
focalPoint,
|
|
607
|
+
sizes: {}
|
|
608
|
+
};
|
|
609
|
+
if (imageSizes) {
|
|
610
|
+
for (const [sizeName, sizeData] of Object.entries(imageSizes)) {
|
|
611
|
+
const ext = file.name.split(".").pop();
|
|
612
|
+
const baseName = file.name.substring(0, file.name.lastIndexOf("."));
|
|
613
|
+
const sizeFilename = `${baseName}-${sizeName}.${ext}`;
|
|
614
|
+
try {
|
|
615
|
+
const sizeFileData = await storage.upload({
|
|
616
|
+
filename: sizeFilename,
|
|
617
|
+
buffer: sizeData.buffer,
|
|
618
|
+
mimeType: file.type,
|
|
619
|
+
prefix
|
|
620
|
+
});
|
|
621
|
+
finalFileData.sizes[sizeName] = {
|
|
622
|
+
...sizeFileData,
|
|
623
|
+
width: sizeData.width,
|
|
624
|
+
height: sizeData.height
|
|
625
|
+
};
|
|
626
|
+
} catch (err) {
|
|
627
|
+
console.error(`[MediaController] Failed to upload size ${sizeName}:`, err);
|
|
628
|
+
}
|
|
629
|
+
}
|
|
630
|
+
}
|
|
631
|
+
const db = config.db;
|
|
632
|
+
if (!db) return c.json({ message: "Database not configured" }, 500);
|
|
633
|
+
const doc = await db.create({
|
|
634
|
+
collection: this.collection,
|
|
635
|
+
data: finalFileData
|
|
636
|
+
});
|
|
637
|
+
return c.json(doc, 201);
|
|
638
|
+
}
|
|
639
|
+
async find(c) {
|
|
640
|
+
const db = c.get("config").db;
|
|
641
|
+
if (!db) return c.json({ message: "Database not configured" }, 500);
|
|
642
|
+
const limit = Number(c.req.query("limit")) || 10;
|
|
643
|
+
const page = Number(c.req.query("page")) || 1;
|
|
644
|
+
const result = await db.find({
|
|
645
|
+
collection: this.collection,
|
|
646
|
+
limit,
|
|
647
|
+
page
|
|
648
|
+
});
|
|
649
|
+
return c.json(result);
|
|
650
|
+
}
|
|
651
|
+
async delete(c) {
|
|
652
|
+
const config = c.get("config");
|
|
653
|
+
const storage = config.storage;
|
|
654
|
+
const db = config.db;
|
|
655
|
+
if (!db) return c.json({ message: "Database not configured" }, 500);
|
|
656
|
+
const id = c.req.param("id");
|
|
657
|
+
if (!id) return c.json({ message: "Missing ID" }, 400);
|
|
658
|
+
const doc = await db.findOne({ collection: this.collection, id });
|
|
659
|
+
if (!doc) return c.json({ message: "Not Found" }, 404);
|
|
660
|
+
if (storage) {
|
|
661
|
+
await storage.delete({ filename: doc.filename });
|
|
662
|
+
if (doc.sizes) {
|
|
663
|
+
for (const size of Object.values(doc.sizes)) {
|
|
664
|
+
if (size.filename) {
|
|
665
|
+
await storage.delete({ filename: size.filename });
|
|
666
|
+
}
|
|
667
|
+
}
|
|
668
|
+
}
|
|
669
|
+
}
|
|
670
|
+
await db.delete({ collection: this.collection, id });
|
|
671
|
+
return c.json({ message: "Deleted" });
|
|
672
|
+
}
|
|
673
|
+
async serve(c) {
|
|
674
|
+
const config = c.get("config");
|
|
675
|
+
const storage = config.storage;
|
|
676
|
+
if (!storage || !storage.resolve) {
|
|
677
|
+
return c.json({ message: "Storage not configured for serving" }, 404);
|
|
678
|
+
}
|
|
679
|
+
const filename = c.req.param("filename");
|
|
680
|
+
if (!filename) return c.json({ message: "Missing filename" }, 400);
|
|
681
|
+
let res = await storage.resolve({ filename });
|
|
682
|
+
if (!res && !filename.includes("/")) {
|
|
683
|
+
res = await storage.resolve({ filename: `default/${filename}` });
|
|
684
|
+
}
|
|
685
|
+
if (!res) return c.json({ message: "Not Found" }, 404);
|
|
686
|
+
c.header("Content-Type", res.mimeType);
|
|
687
|
+
return c.body(res.buffer);
|
|
688
|
+
}
|
|
689
|
+
};
|
|
690
|
+
|
|
691
|
+
// src/auth/password.ts
|
|
692
|
+
import { promisify } from "util";
|
|
693
|
+
import { scrypt, randomBytes, timingSafeEqual } from "crypto";
|
|
694
|
+
var scryptAsync = promisify(scrypt);
|
|
695
|
+
var SALT_LEN = 16;
|
|
696
|
+
var KEY_LEN = 64;
|
|
697
|
+
async function hashPassword(plain) {
|
|
698
|
+
const salt = randomBytes(SALT_LEN).toString("hex");
|
|
699
|
+
const derivedKey = await scryptAsync(plain, salt, KEY_LEN);
|
|
700
|
+
return `${salt}:${derivedKey.toString("hex")}`;
|
|
701
|
+
}
|
|
702
|
+
async function verifyPassword(plain, stored) {
|
|
703
|
+
const [salt, storedHash] = stored.split(":");
|
|
704
|
+
if (!salt || !storedHash) return false;
|
|
705
|
+
const derivedKey = await scryptAsync(plain, salt, KEY_LEN);
|
|
706
|
+
const storedBuffer = Buffer.from(storedHash, "hex");
|
|
707
|
+
if (derivedKey.length !== storedBuffer.length) return false;
|
|
708
|
+
return timingSafeEqual(derivedKey, storedBuffer);
|
|
709
|
+
}
|
|
710
|
+
|
|
711
|
+
// src/auth/token.ts
|
|
712
|
+
import { SignJWT, jwtVerify, decodeJwt } from "jose";
|
|
713
|
+
import { TextEncoder } from "util";
|
|
714
|
+
function getSecret() {
|
|
715
|
+
const secret = process.env.DYRECTED_JWT_SECRET || process.env.JWT_SECRET;
|
|
716
|
+
if (!secret) {
|
|
717
|
+
throw new Error(
|
|
718
|
+
"[dyrected/core] DYRECTED_JWT_SECRET is not set. Add it to your environment variables to enable auth collections."
|
|
719
|
+
);
|
|
720
|
+
}
|
|
721
|
+
return new TextEncoder().encode(secret);
|
|
722
|
+
}
|
|
723
|
+
var DEFAULT_EXPIRY = "7d";
|
|
724
|
+
async function signCollectionToken(payload, expiresIn = DEFAULT_EXPIRY) {
|
|
725
|
+
return new SignJWT({ ...payload }).setProtectedHeader({ alg: "HS256" }).setIssuedAt().setExpirationTime(expiresIn).sign(getSecret());
|
|
726
|
+
}
|
|
727
|
+
async function verifyCollectionToken(token) {
|
|
728
|
+
const { payload } = await jwtVerify(token, getSecret());
|
|
729
|
+
return payload;
|
|
730
|
+
}
|
|
731
|
+
|
|
732
|
+
// src/services/email.service.ts
|
|
733
|
+
var _devSend = null;
|
|
734
|
+
var _devSendPromise = null;
|
|
735
|
+
async function getDevSend() {
|
|
736
|
+
if (_devSend) return _devSend;
|
|
737
|
+
if (_devSendPromise) return _devSendPromise;
|
|
738
|
+
_devSendPromise = (async () => {
|
|
739
|
+
try {
|
|
740
|
+
const nodemailer = await import("nodemailer");
|
|
741
|
+
const account = await nodemailer.default.createTestAccount();
|
|
742
|
+
const transport = nodemailer.default.createTransport({
|
|
743
|
+
host: "smtp.ethereal.email",
|
|
744
|
+
port: 587,
|
|
745
|
+
auth: { user: account.user, pass: account.pass }
|
|
746
|
+
});
|
|
747
|
+
console.log("[dyrected/core] No email config \u2014 using Ethereal for dev email preview.");
|
|
748
|
+
console.log(`[dyrected/core] Ethereal login: https://ethereal.email user: ${account.user} pass: ${account.pass}`);
|
|
749
|
+
_devSend = async ({ to, subject, html }) => {
|
|
750
|
+
const info = await transport.sendMail({ from: '"Dyrected Dev" <dev@dyrected.local>', to, subject, html });
|
|
751
|
+
console.log(`[dyrected/core] Email preview URL: ${nodemailer.default.getTestMessageUrl(info)}`);
|
|
752
|
+
};
|
|
753
|
+
return _devSend;
|
|
754
|
+
} catch {
|
|
755
|
+
console.warn("[dyrected/core] nodemailer not available \u2014 emails will not be sent in dev.");
|
|
756
|
+
return null;
|
|
757
|
+
}
|
|
758
|
+
})();
|
|
759
|
+
return _devSendPromise;
|
|
760
|
+
}
|
|
761
|
+
async function sendEmail(config, payload) {
|
|
762
|
+
if (config.email) {
|
|
763
|
+
await config.email.send(payload);
|
|
764
|
+
return;
|
|
765
|
+
}
|
|
766
|
+
if (process.env.NODE_ENV !== "production") {
|
|
767
|
+
const devSend = await getDevSend();
|
|
768
|
+
await devSend?.(payload);
|
|
769
|
+
}
|
|
770
|
+
}
|
|
771
|
+
function buildWelcomeEmail(config, args) {
|
|
772
|
+
const custom = config.email?.templates?.welcome?.(args);
|
|
773
|
+
return {
|
|
774
|
+
subject: custom?.subject ?? "Welcome \u2014 your account is ready",
|
|
775
|
+
html: custom?.html ?? `
|
|
776
|
+
<div style="font-family:sans-serif;max-width:600px;margin:0 auto">
|
|
777
|
+
<h2>Welcome!</h2>
|
|
778
|
+
<p>Your account has been created. You can now log in with:</p>
|
|
779
|
+
<p><strong>${args.email}</strong></p>
|
|
780
|
+
</div>`
|
|
781
|
+
};
|
|
782
|
+
}
|
|
783
|
+
function buildInviteEmail(config, args) {
|
|
784
|
+
const custom = config.email?.templates?.invite?.(args);
|
|
785
|
+
return {
|
|
786
|
+
subject: custom?.subject ?? "You've been invited",
|
|
787
|
+
html: custom?.html ?? `
|
|
788
|
+
<div style="font-family:sans-serif;max-width:600px;margin:0 auto">
|
|
789
|
+
<h2>You've been invited</h2>
|
|
790
|
+
${args.invitedByEmail ? `<p>Invited by <strong>${args.invitedByEmail}</strong>.</p>` : ""}
|
|
791
|
+
<p>Use the token below to accept your invitation. It expires in 7 days.</p>
|
|
792
|
+
<pre style="background:#f4f4f4;padding:12px;border-radius:4px;word-break:break-all">${args.token}</pre>
|
|
793
|
+
</div>`
|
|
794
|
+
};
|
|
795
|
+
}
|
|
796
|
+
function buildResetPasswordEmail(config, args) {
|
|
797
|
+
const custom = config.email?.templates?.resetPassword?.(args);
|
|
798
|
+
return {
|
|
799
|
+
subject: custom?.subject ?? "Reset your password",
|
|
800
|
+
html: custom?.html ?? `
|
|
801
|
+
<div style="font-family:sans-serif;max-width:600px;margin:0 auto">
|
|
802
|
+
<h2>Reset your password</h2>
|
|
803
|
+
<p>Use the token below to reset your password. It expires in 1 hour.</p>
|
|
804
|
+
<pre style="background:#f4f4f4;padding:12px;border-radius:4px;word-break:break-all">${args.token}</pre>
|
|
805
|
+
</div>`
|
|
806
|
+
};
|
|
807
|
+
}
|
|
808
|
+
function buildPasswordChangedEmail(config, args) {
|
|
809
|
+
const custom = config.email?.templates?.passwordChanged?.(args);
|
|
810
|
+
return {
|
|
811
|
+
subject: custom?.subject ?? "Your password has been changed",
|
|
812
|
+
html: custom?.html ?? `
|
|
813
|
+
<div style="font-family:sans-serif;max-width:600px;margin:0 auto">
|
|
814
|
+
<h2>Password changed</h2>
|
|
815
|
+
<p>The password for <strong>${args.email}</strong> was just changed.</p>
|
|
816
|
+
<p>If you did not make this change, please contact support immediately.</p>
|
|
817
|
+
</div>`
|
|
818
|
+
};
|
|
819
|
+
}
|
|
820
|
+
|
|
821
|
+
// src/controllers/auth.controller.ts
|
|
822
|
+
var AuthController = class {
|
|
823
|
+
collection;
|
|
824
|
+
constructor(collection) {
|
|
825
|
+
this.collection = collection;
|
|
826
|
+
}
|
|
827
|
+
// ---------------------------------------------------------------------------
|
|
828
|
+
// GET /init
|
|
829
|
+
// Checks if the first user needs to be created.
|
|
830
|
+
// ---------------------------------------------------------------------------
|
|
831
|
+
async init(c) {
|
|
832
|
+
const db = c.get("config").db;
|
|
833
|
+
if (!db) return c.json({ message: "Database not configured" }, 500);
|
|
834
|
+
const result = await db.find({
|
|
835
|
+
collection: this.collection.slug,
|
|
836
|
+
limit: 1
|
|
837
|
+
});
|
|
838
|
+
return c.json({
|
|
839
|
+
initialized: result.total > 0
|
|
840
|
+
});
|
|
841
|
+
}
|
|
842
|
+
// ---------------------------------------------------------------------------
|
|
843
|
+
// POST /first-user
|
|
844
|
+
// Creates the first user if none exist.
|
|
845
|
+
// ---------------------------------------------------------------------------
|
|
846
|
+
async registerFirstUser(c) {
|
|
847
|
+
const config = c.get("config");
|
|
848
|
+
const db = config.db;
|
|
849
|
+
if (!db) return c.json({ message: "Database not configured" }, 500);
|
|
850
|
+
const check = await db.find({
|
|
851
|
+
collection: this.collection.slug,
|
|
852
|
+
limit: 1
|
|
853
|
+
});
|
|
854
|
+
if (check.total > 0) {
|
|
855
|
+
return c.json({ error: true, message: "Initial user already exists." }, 403);
|
|
856
|
+
}
|
|
857
|
+
const body = await c.req.json().catch(() => null);
|
|
858
|
+
if (!body?.email || !body?.password) {
|
|
859
|
+
return c.json({ error: true, message: "email and password are required." }, 400);
|
|
860
|
+
}
|
|
861
|
+
const hashedPassword = await hashPassword(body.password);
|
|
862
|
+
const user = await db.create({
|
|
863
|
+
collection: this.collection.slug,
|
|
864
|
+
data: {
|
|
865
|
+
...body,
|
|
866
|
+
password: hashedPassword,
|
|
867
|
+
roles: ["admin"]
|
|
868
|
+
// Default first user to admin
|
|
869
|
+
}
|
|
870
|
+
});
|
|
871
|
+
const token = await signCollectionToken({
|
|
872
|
+
sub: user.id,
|
|
873
|
+
email: user.email,
|
|
874
|
+
collection: this.collection.slug
|
|
875
|
+
});
|
|
876
|
+
const { subject, html } = buildWelcomeEmail(config, { email: body.email });
|
|
877
|
+
sendEmail(config, { to: body.email, subject, html }).catch(
|
|
878
|
+
(err) => console.error("[dyrected/core] Failed to send welcome email:", err)
|
|
879
|
+
);
|
|
880
|
+
const { password: _, ...safeUser } = user;
|
|
881
|
+
return c.json({ token, user: safeUser });
|
|
882
|
+
}
|
|
883
|
+
// ---------------------------------------------------------------------------
|
|
884
|
+
// POST /login
|
|
885
|
+
// ---------------------------------------------------------------------------
|
|
886
|
+
async login(c) {
|
|
887
|
+
const db = c.get("config").db;
|
|
888
|
+
if (!db) return c.json({ message: "Database not configured" }, 500);
|
|
889
|
+
const body = await c.req.json().catch(() => null);
|
|
890
|
+
if (!body?.email || !body?.password) {
|
|
891
|
+
return c.json({ error: true, message: "email and password are required." }, 400);
|
|
892
|
+
}
|
|
893
|
+
const result = await db.find({
|
|
894
|
+
collection: this.collection.slug,
|
|
895
|
+
where: { email: body.email },
|
|
896
|
+
limit: 1
|
|
897
|
+
});
|
|
898
|
+
const user = result.docs[0];
|
|
899
|
+
if (!user) {
|
|
900
|
+
return c.json({ error: true, message: "Invalid email or password." }, 401);
|
|
901
|
+
}
|
|
902
|
+
const valid = await verifyPassword(body.password, user.password);
|
|
903
|
+
if (!valid) {
|
|
904
|
+
return c.json({ error: true, message: "Invalid email or password." }, 401);
|
|
905
|
+
}
|
|
906
|
+
const token = await signCollectionToken({
|
|
907
|
+
sub: user.id,
|
|
908
|
+
email: user.email,
|
|
909
|
+
collection: this.collection.slug
|
|
910
|
+
});
|
|
911
|
+
const { password: _, ...safeUser } = user;
|
|
912
|
+
return c.json({ token, user: safeUser });
|
|
913
|
+
}
|
|
914
|
+
// ---------------------------------------------------------------------------
|
|
915
|
+
// POST /logout
|
|
916
|
+
// Auth collections use stateless JWTs — logout is handled client-side.
|
|
917
|
+
// This endpoint exists so clients have a consistent API surface.
|
|
918
|
+
// ---------------------------------------------------------------------------
|
|
919
|
+
async logout(c) {
|
|
920
|
+
return c.json({ success: true, message: "Logged out. Discard your token." });
|
|
921
|
+
}
|
|
922
|
+
// ---------------------------------------------------------------------------
|
|
923
|
+
// GET /me
|
|
924
|
+
// ---------------------------------------------------------------------------
|
|
925
|
+
async me(c) {
|
|
926
|
+
const db = c.get("config").db;
|
|
927
|
+
if (!db) return c.json({ message: "Database not configured" }, 500);
|
|
928
|
+
const requestUser = c.get("user");
|
|
929
|
+
if (!requestUser) {
|
|
930
|
+
return c.json({ error: true, message: "Authentication required." }, 401);
|
|
931
|
+
}
|
|
932
|
+
const user = await db.findOne({ collection: this.collection.slug, id: requestUser.sub });
|
|
933
|
+
if (!user) {
|
|
934
|
+
return c.json({ error: true, message: "User not found." }, 404);
|
|
935
|
+
}
|
|
936
|
+
const { password: _, ...safeUser } = user;
|
|
937
|
+
return c.json(safeUser);
|
|
938
|
+
}
|
|
939
|
+
// ---------------------------------------------------------------------------
|
|
940
|
+
// POST /refresh-token
|
|
941
|
+
// ---------------------------------------------------------------------------
|
|
942
|
+
async refreshToken(c) {
|
|
943
|
+
const requestUser = c.get("user");
|
|
944
|
+
if (!requestUser) {
|
|
945
|
+
return c.json({ error: true, message: "Authentication required." }, 401);
|
|
946
|
+
}
|
|
947
|
+
const token = await signCollectionToken({
|
|
948
|
+
sub: requestUser.sub,
|
|
949
|
+
email: requestUser.email,
|
|
950
|
+
collection: this.collection.slug
|
|
951
|
+
});
|
|
952
|
+
return c.json({ token });
|
|
953
|
+
}
|
|
954
|
+
// ---------------------------------------------------------------------------
|
|
955
|
+
// POST /forgot-password
|
|
956
|
+
// Requires config.email to be set. Silently succeeds if email not found
|
|
957
|
+
// to prevent email enumeration.
|
|
958
|
+
// ---------------------------------------------------------------------------
|
|
959
|
+
async forgotPassword(c) {
|
|
960
|
+
const config = c.get("config");
|
|
961
|
+
const db = config.db;
|
|
962
|
+
if (!db) return c.json({ message: "Database not configured" }, 500);
|
|
963
|
+
const body = await c.req.json().catch(() => null);
|
|
964
|
+
if (!body?.email) {
|
|
965
|
+
return c.json({ error: true, message: "email is required." }, 400);
|
|
966
|
+
}
|
|
967
|
+
const result = await db.find({
|
|
968
|
+
collection: this.collection.slug,
|
|
969
|
+
where: { email: body.email },
|
|
970
|
+
limit: 1
|
|
971
|
+
});
|
|
972
|
+
const user = result.docs[0];
|
|
973
|
+
if (user) {
|
|
974
|
+
const resetToken = await signCollectionToken(
|
|
975
|
+
{ sub: user.id, email: user.email, collection: this.collection.slug, purpose: "reset" },
|
|
976
|
+
"1h"
|
|
977
|
+
);
|
|
978
|
+
try {
|
|
979
|
+
const { subject, html } = buildResetPasswordEmail(config, { token: resetToken });
|
|
980
|
+
await sendEmail(config, { to: user.email, subject, html });
|
|
981
|
+
} catch (err) {
|
|
982
|
+
console.error("[dyrected/core] Failed to send password reset email:", err);
|
|
983
|
+
}
|
|
984
|
+
}
|
|
985
|
+
return c.json({
|
|
986
|
+
success: true,
|
|
987
|
+
message: "If an account with that email exists, a reset link has been sent."
|
|
988
|
+
});
|
|
989
|
+
}
|
|
990
|
+
// ---------------------------------------------------------------------------
|
|
991
|
+
// POST /reset-password
|
|
992
|
+
// Expects { token: string, password: string } in body.
|
|
993
|
+
// The token is the reset JWT issued by /forgot-password.
|
|
994
|
+
// ---------------------------------------------------------------------------
|
|
995
|
+
async resetPassword(c) {
|
|
996
|
+
const config = c.get("config");
|
|
997
|
+
const db = config.db;
|
|
998
|
+
if (!db) return c.json({ message: "Database not configured" }, 500);
|
|
999
|
+
const body = await c.req.json().catch(() => null);
|
|
1000
|
+
if (!body?.token || !body?.password) {
|
|
1001
|
+
return c.json({ error: true, message: "token and password are required." }, 400);
|
|
1002
|
+
}
|
|
1003
|
+
let payload;
|
|
1004
|
+
try {
|
|
1005
|
+
payload = await verifyCollectionToken(body.token);
|
|
1006
|
+
} catch {
|
|
1007
|
+
return c.json({ error: true, message: "Reset token is invalid or has expired." }, 400);
|
|
1008
|
+
}
|
|
1009
|
+
if (payload.collection !== this.collection.slug || payload.purpose !== "reset") {
|
|
1010
|
+
return c.json({ error: true, message: "Reset token is invalid or has expired." }, 400);
|
|
1011
|
+
}
|
|
1012
|
+
const hashedPassword = await hashPassword(body.password);
|
|
1013
|
+
await db.update({
|
|
1014
|
+
collection: this.collection.slug,
|
|
1015
|
+
id: payload.sub,
|
|
1016
|
+
data: { password: hashedPassword }
|
|
1017
|
+
});
|
|
1018
|
+
const { subject, html } = buildPasswordChangedEmail(config, { email: payload.email });
|
|
1019
|
+
sendEmail(config, { to: payload.email, subject, html }).catch(
|
|
1020
|
+
(err) => console.error("[dyrected/core] Failed to send password-changed email:", err)
|
|
1021
|
+
);
|
|
1022
|
+
return c.json({ success: true, message: "Password has been reset. You can now log in." });
|
|
1023
|
+
}
|
|
1024
|
+
// ---------------------------------------------------------------------------
|
|
1025
|
+
// POST /invite
|
|
1026
|
+
// Requires auth. Issues a signed invite token and emails it to the invitee.
|
|
1027
|
+
// ---------------------------------------------------------------------------
|
|
1028
|
+
async invite(c) {
|
|
1029
|
+
const config = c.get("config");
|
|
1030
|
+
const db = config.db;
|
|
1031
|
+
if (!db) return c.json({ message: "Database not configured" }, 500);
|
|
1032
|
+
const requestUser = c.get("user");
|
|
1033
|
+
if (!requestUser) {
|
|
1034
|
+
return c.json({ error: true, message: "Authentication required." }, 401);
|
|
1035
|
+
}
|
|
1036
|
+
const body = await c.req.json().catch(() => null);
|
|
1037
|
+
if (!body?.email) {
|
|
1038
|
+
return c.json({ error: true, message: "email is required." }, 400);
|
|
1039
|
+
}
|
|
1040
|
+
const existing = await db.find({
|
|
1041
|
+
collection: this.collection.slug,
|
|
1042
|
+
where: { email: body.email },
|
|
1043
|
+
limit: 1
|
|
1044
|
+
});
|
|
1045
|
+
if (existing.total > 0) {
|
|
1046
|
+
return c.json({ error: true, message: "An account with that email already exists." }, 409);
|
|
1047
|
+
}
|
|
1048
|
+
const inviteToken = await signCollectionToken(
|
|
1049
|
+
{ sub: body.email, email: body.email, collection: this.collection.slug, purpose: "invite" },
|
|
1050
|
+
"7d"
|
|
1051
|
+
);
|
|
1052
|
+
try {
|
|
1053
|
+
const { subject, html } = buildInviteEmail(config, {
|
|
1054
|
+
token: inviteToken,
|
|
1055
|
+
invitedByEmail: requestUser.email
|
|
1056
|
+
});
|
|
1057
|
+
await sendEmail(config, { to: body.email, subject, html });
|
|
1058
|
+
} catch (err) {
|
|
1059
|
+
console.error("[dyrected/core] Failed to send invite email:", err);
|
|
1060
|
+
}
|
|
1061
|
+
return c.json({ success: true, message: `Invite sent to ${body.email}.` });
|
|
1062
|
+
}
|
|
1063
|
+
// ---------------------------------------------------------------------------
|
|
1064
|
+
// POST /accept-invite
|
|
1065
|
+
// Public. Validates the invite token and creates the user account.
|
|
1066
|
+
// Body: { token, password, ...extraFields }
|
|
1067
|
+
// ---------------------------------------------------------------------------
|
|
1068
|
+
async acceptInvite(c) {
|
|
1069
|
+
const config = c.get("config");
|
|
1070
|
+
const db = config.db;
|
|
1071
|
+
if (!db) return c.json({ message: "Database not configured" }, 500);
|
|
1072
|
+
const body = await c.req.json().catch(() => null);
|
|
1073
|
+
if (!body?.token || !body?.password) {
|
|
1074
|
+
return c.json({ error: true, message: "token and password are required." }, 400);
|
|
1075
|
+
}
|
|
1076
|
+
let payload;
|
|
1077
|
+
try {
|
|
1078
|
+
payload = await verifyCollectionToken(body.token);
|
|
1079
|
+
} catch {
|
|
1080
|
+
return c.json({ error: true, message: "Invite token is invalid or has expired." }, 400);
|
|
1081
|
+
}
|
|
1082
|
+
if (payload.collection !== this.collection.slug || payload.purpose !== "invite") {
|
|
1083
|
+
return c.json({ error: true, message: "Invite token is invalid or has expired." }, 400);
|
|
1084
|
+
}
|
|
1085
|
+
const inviteeEmail = payload.sub;
|
|
1086
|
+
const existing = await db.find({
|
|
1087
|
+
collection: this.collection.slug,
|
|
1088
|
+
where: { email: inviteeEmail },
|
|
1089
|
+
limit: 1
|
|
1090
|
+
});
|
|
1091
|
+
if (existing.total > 0) {
|
|
1092
|
+
return c.json({ error: true, message: "An account with that email already exists." }, 409);
|
|
1093
|
+
}
|
|
1094
|
+
const { token: _t, password: _p, ...extraFields } = body;
|
|
1095
|
+
const hashedPassword = await hashPassword(body.password);
|
|
1096
|
+
const user = await db.create({
|
|
1097
|
+
collection: this.collection.slug,
|
|
1098
|
+
data: { ...extraFields, email: inviteeEmail, password: hashedPassword }
|
|
1099
|
+
});
|
|
1100
|
+
const sessionToken = await signCollectionToken({
|
|
1101
|
+
sub: user.id,
|
|
1102
|
+
email: inviteeEmail,
|
|
1103
|
+
collection: this.collection.slug
|
|
1104
|
+
});
|
|
1105
|
+
const { subject, html } = buildWelcomeEmail(config, { email: inviteeEmail });
|
|
1106
|
+
sendEmail(config, { to: inviteeEmail, subject, html }).catch(
|
|
1107
|
+
(err) => console.error("[dyrected/core] Failed to send welcome email:", err)
|
|
1108
|
+
);
|
|
1109
|
+
const { password: _, ...safeUser } = user;
|
|
1110
|
+
return c.json({ token: sessionToken, user: safeUser }, 201);
|
|
1111
|
+
}
|
|
1112
|
+
};
|
|
1113
|
+
|
|
1114
|
+
// src/controllers/preview.controller.ts
|
|
1115
|
+
import { SignJWT as SignJWT2, jwtVerify as jwtVerify2 } from "jose";
|
|
1116
|
+
import { TextEncoder as TextEncoder2 } from "util";
|
|
1117
|
+
var PreviewController = class {
|
|
1118
|
+
getSecret() {
|
|
1119
|
+
const secret = process.env.DYRECTED_JWT_SECRET || process.env.JWT_SECRET || "dyrected-preview-secret-change-me";
|
|
1120
|
+
return new TextEncoder2().encode(secret);
|
|
1121
|
+
}
|
|
1122
|
+
/**
|
|
1123
|
+
* POST /api/preview-token
|
|
1124
|
+
* Generates a short-lived token for previewing unsaved data.
|
|
1125
|
+
*/
|
|
1126
|
+
async createToken(c) {
|
|
1127
|
+
const body = await c.req.json().catch(() => null);
|
|
1128
|
+
if (!body?.collectionSlug || !body?.data) {
|
|
1129
|
+
return c.json({ error: true, message: "collectionSlug and data are required." }, 400);
|
|
1130
|
+
}
|
|
1131
|
+
const token = await new SignJWT2({
|
|
1132
|
+
collectionSlug: body.collectionSlug,
|
|
1133
|
+
documentId: body.documentId,
|
|
1134
|
+
data: body.data
|
|
1135
|
+
}).setProtectedHeader({ alg: "HS256" }).setIssuedAt().setExpirationTime("15m").sign(this.getSecret());
|
|
1136
|
+
const expiresAt = new Date(Date.now() + 15 * 60 * 1e3).toISOString();
|
|
1137
|
+
return c.json({ token, expiresAt });
|
|
1138
|
+
}
|
|
1139
|
+
/**
|
|
1140
|
+
* GET /api/preview-data?token=<jwt>
|
|
1141
|
+
* Returns the data stored in the preview token.
|
|
1142
|
+
*/
|
|
1143
|
+
async getData(c) {
|
|
1144
|
+
const token = c.req.query("token");
|
|
1145
|
+
if (!token) {
|
|
1146
|
+
return c.json({ error: true, message: "token query parameter is required." }, 400);
|
|
1147
|
+
}
|
|
1148
|
+
try {
|
|
1149
|
+
const { payload } = await jwtVerify2(token, this.getSecret());
|
|
1150
|
+
return c.json(payload);
|
|
1151
|
+
} catch (err) {
|
|
1152
|
+
return c.json({ error: true, message: "Invalid or expired preview token." }, 401);
|
|
1153
|
+
}
|
|
1154
|
+
}
|
|
1155
|
+
};
|
|
1156
|
+
|
|
1157
|
+
// src/middleware/auth.ts
|
|
1158
|
+
function requireAuth() {
|
|
1159
|
+
return async (c, next) => {
|
|
1160
|
+
const authHeader = c.req.header("Authorization");
|
|
1161
|
+
const token = authHeader?.replace(/^Bearer\s+/i, "");
|
|
1162
|
+
if (!token) {
|
|
1163
|
+
return c.json({ error: true, message: "Authentication required." }, 401);
|
|
1164
|
+
}
|
|
1165
|
+
try {
|
|
1166
|
+
const user = await verifyCollectionToken(token);
|
|
1167
|
+
c.set("user", user);
|
|
1168
|
+
await next();
|
|
1169
|
+
} catch {
|
|
1170
|
+
return c.json({ error: true, message: "Invalid or expired token." }, 401);
|
|
1171
|
+
}
|
|
1172
|
+
};
|
|
1173
|
+
}
|
|
1174
|
+
function optionalAuth() {
|
|
1175
|
+
return async (c, next) => {
|
|
1176
|
+
const authHeader = c.req.header("Authorization");
|
|
1177
|
+
const token = authHeader?.replace(/^Bearer\s+/i, "");
|
|
1178
|
+
if (token) {
|
|
1179
|
+
try {
|
|
1180
|
+
const user = await verifyCollectionToken(token);
|
|
1181
|
+
c.set("user", user);
|
|
1182
|
+
} catch {
|
|
1183
|
+
}
|
|
1184
|
+
}
|
|
1185
|
+
await next();
|
|
1186
|
+
};
|
|
1187
|
+
}
|
|
1188
|
+
|
|
1189
|
+
// src/utils/openapi.ts
|
|
1190
|
+
function generateOpenApi(config) {
|
|
1191
|
+
const spec = {
|
|
1192
|
+
openapi: "3.0.0",
|
|
1193
|
+
info: {
|
|
1194
|
+
title: "Dyrected API",
|
|
1195
|
+
version: "1.0.0",
|
|
1196
|
+
description: "Automatically generated OpenAPI specification for the Dyrected project."
|
|
1197
|
+
},
|
|
1198
|
+
components: {
|
|
1199
|
+
schemas: {},
|
|
1200
|
+
securitySchemes: {
|
|
1201
|
+
ApiKeyAuth: {
|
|
1202
|
+
type: "apiKey",
|
|
1203
|
+
in: "header",
|
|
1204
|
+
name: "x-api-key"
|
|
1205
|
+
}
|
|
1206
|
+
}
|
|
1207
|
+
},
|
|
1208
|
+
paths: {},
|
|
1209
|
+
security: [{ ApiKeyAuth: [] }]
|
|
1210
|
+
};
|
|
1211
|
+
for (const collection of config.collections) {
|
|
1212
|
+
spec.components.schemas[collection.slug] = collectionToSchema(collection);
|
|
1213
|
+
}
|
|
1214
|
+
for (const global of config.globals) {
|
|
1215
|
+
spec.components.schemas[global.slug] = globalToSchema(global);
|
|
1216
|
+
}
|
|
1217
|
+
for (const collection of config.collections) {
|
|
1218
|
+
const slug = collection.slug;
|
|
1219
|
+
const path = `/api/collections/${slug}`;
|
|
1220
|
+
const labels = collection.labels || { singular: slug, plural: `${slug}s` };
|
|
1221
|
+
spec.paths[path] = {
|
|
1222
|
+
get: {
|
|
1223
|
+
tags: ["Collections"],
|
|
1224
|
+
summary: `Find ${labels.plural}`,
|
|
1225
|
+
parameters: [
|
|
1226
|
+
{ name: "limit", in: "query", schema: { type: "integer", default: 10 } },
|
|
1227
|
+
{ name: "page", in: "query", schema: { type: "integer", default: 1 } },
|
|
1228
|
+
{ name: "where", in: "query", schema: { type: "string" }, description: "JSON filter" },
|
|
1229
|
+
{ name: "sort", in: "query", schema: { type: "string" }, description: "Sort field (e.g. -createdAt)" }
|
|
1230
|
+
],
|
|
1231
|
+
responses: {
|
|
1232
|
+
200: {
|
|
1233
|
+
description: "Success",
|
|
1234
|
+
content: {
|
|
1235
|
+
"application/json": {
|
|
1236
|
+
schema: {
|
|
1237
|
+
type: "object",
|
|
1238
|
+
properties: {
|
|
1239
|
+
docs: { type: "array", items: { $ref: `#/components/schemas/${slug}` } },
|
|
1240
|
+
total: { type: "integer" },
|
|
1241
|
+
limit: { type: "integer" },
|
|
1242
|
+
page: { type: "integer" }
|
|
1243
|
+
}
|
|
1244
|
+
}
|
|
1245
|
+
}
|
|
1246
|
+
}
|
|
1247
|
+
}
|
|
1248
|
+
}
|
|
1249
|
+
},
|
|
1250
|
+
post: {
|
|
1251
|
+
tags: ["Collections"],
|
|
1252
|
+
summary: `Create ${labels.singular}`,
|
|
1253
|
+
requestBody: {
|
|
1254
|
+
required: true,
|
|
1255
|
+
content: {
|
|
1256
|
+
"application/json": {
|
|
1257
|
+
schema: { $ref: `#/components/schemas/${slug}` }
|
|
1258
|
+
}
|
|
1259
|
+
}
|
|
1260
|
+
},
|
|
1261
|
+
responses: {
|
|
1262
|
+
201: {
|
|
1263
|
+
description: "Created",
|
|
1264
|
+
content: {
|
|
1265
|
+
"application/json": {
|
|
1266
|
+
schema: { $ref: `#/components/schemas/${slug}` }
|
|
1267
|
+
}
|
|
1268
|
+
}
|
|
1269
|
+
}
|
|
1270
|
+
}
|
|
1271
|
+
}
|
|
1272
|
+
};
|
|
1273
|
+
spec.paths[`${path}/{id}`] = {
|
|
1274
|
+
get: {
|
|
1275
|
+
tags: ["Collections"],
|
|
1276
|
+
summary: `Get a single ${labels.singular}`,
|
|
1277
|
+
parameters: [{ name: "id", in: "path", required: true, schema: { type: "string" } }],
|
|
1278
|
+
responses: {
|
|
1279
|
+
200: {
|
|
1280
|
+
description: "Success",
|
|
1281
|
+
content: {
|
|
1282
|
+
"application/json": {
|
|
1283
|
+
schema: { $ref: `#/components/schemas/${slug}` }
|
|
1284
|
+
}
|
|
1285
|
+
}
|
|
1286
|
+
}
|
|
1287
|
+
}
|
|
1288
|
+
},
|
|
1289
|
+
patch: {
|
|
1290
|
+
tags: ["Collections"],
|
|
1291
|
+
summary: `Update ${labels.singular}`,
|
|
1292
|
+
parameters: [{ name: "id", in: "path", required: true, schema: { type: "string" } }],
|
|
1293
|
+
requestBody: {
|
|
1294
|
+
required: true,
|
|
1295
|
+
content: {
|
|
1296
|
+
"application/json": {
|
|
1297
|
+
schema: { $ref: `#/components/schemas/${slug}` }
|
|
1298
|
+
}
|
|
1299
|
+
}
|
|
1300
|
+
},
|
|
1301
|
+
responses: {
|
|
1302
|
+
200: {
|
|
1303
|
+
description: "Updated",
|
|
1304
|
+
content: {
|
|
1305
|
+
"application/json": {
|
|
1306
|
+
schema: { $ref: `#/components/schemas/${slug}` }
|
|
1307
|
+
}
|
|
1308
|
+
}
|
|
1309
|
+
}
|
|
1310
|
+
}
|
|
1311
|
+
},
|
|
1312
|
+
delete: {
|
|
1313
|
+
tags: ["Collections"],
|
|
1314
|
+
summary: `Delete ${labels.singular}`,
|
|
1315
|
+
parameters: [{ name: "id", in: "path", required: true, schema: { type: "string" } }],
|
|
1316
|
+
responses: {
|
|
1317
|
+
204: { description: "Deleted" }
|
|
1318
|
+
}
|
|
1319
|
+
}
|
|
1320
|
+
};
|
|
1321
|
+
}
|
|
1322
|
+
for (const global of config.globals) {
|
|
1323
|
+
const slug = global.slug;
|
|
1324
|
+
const path = `/api/globals/${slug}`;
|
|
1325
|
+
spec.paths[path] = {
|
|
1326
|
+
get: {
|
|
1327
|
+
tags: ["Globals"],
|
|
1328
|
+
summary: `Get ${global.label || slug}`,
|
|
1329
|
+
responses: {
|
|
1330
|
+
200: {
|
|
1331
|
+
description: "Success",
|
|
1332
|
+
content: {
|
|
1333
|
+
"application/json": {
|
|
1334
|
+
schema: { $ref: `#/components/schemas/${slug}` }
|
|
1335
|
+
}
|
|
1336
|
+
}
|
|
1337
|
+
}
|
|
1338
|
+
}
|
|
1339
|
+
},
|
|
1340
|
+
patch: {
|
|
1341
|
+
tags: ["Globals"],
|
|
1342
|
+
summary: `Update ${global.label || slug}`,
|
|
1343
|
+
requestBody: {
|
|
1344
|
+
required: true,
|
|
1345
|
+
content: {
|
|
1346
|
+
"application/json": {
|
|
1347
|
+
schema: { $ref: `#/components/schemas/${slug}` }
|
|
1348
|
+
}
|
|
1349
|
+
}
|
|
1350
|
+
},
|
|
1351
|
+
responses: {
|
|
1352
|
+
200: {
|
|
1353
|
+
description: "Updated",
|
|
1354
|
+
content: {
|
|
1355
|
+
"application/json": {
|
|
1356
|
+
schema: { $ref: `#/components/schemas/${slug}` }
|
|
1357
|
+
}
|
|
1358
|
+
}
|
|
1359
|
+
}
|
|
1360
|
+
}
|
|
1361
|
+
}
|
|
1362
|
+
};
|
|
1363
|
+
}
|
|
1364
|
+
if (config.storage) {
|
|
1365
|
+
spec.paths["/api/media"] = {
|
|
1366
|
+
get: {
|
|
1367
|
+
tags: ["Media"],
|
|
1368
|
+
summary: "List Media",
|
|
1369
|
+
responses: {
|
|
1370
|
+
200: {
|
|
1371
|
+
description: "Success",
|
|
1372
|
+
content: {
|
|
1373
|
+
"application/json": {
|
|
1374
|
+
schema: {
|
|
1375
|
+
type: "object",
|
|
1376
|
+
properties: {
|
|
1377
|
+
docs: { type: "array", items: { type: "object", additionalProperties: true } }
|
|
1378
|
+
}
|
|
1379
|
+
}
|
|
1380
|
+
}
|
|
1381
|
+
}
|
|
1382
|
+
}
|
|
1383
|
+
}
|
|
1384
|
+
},
|
|
1385
|
+
post: {
|
|
1386
|
+
tags: ["Media"],
|
|
1387
|
+
summary: "Upload Media",
|
|
1388
|
+
requestBody: {
|
|
1389
|
+
content: {
|
|
1390
|
+
"multipart/form-data": {
|
|
1391
|
+
schema: {
|
|
1392
|
+
type: "object",
|
|
1393
|
+
properties: {
|
|
1394
|
+
file: { type: "string", format: "binary" }
|
|
1395
|
+
}
|
|
1396
|
+
}
|
|
1397
|
+
}
|
|
1398
|
+
}
|
|
1399
|
+
},
|
|
1400
|
+
responses: {
|
|
1401
|
+
201: { description: "Uploaded" }
|
|
1402
|
+
}
|
|
1403
|
+
}
|
|
1404
|
+
};
|
|
1405
|
+
}
|
|
1406
|
+
return spec;
|
|
1407
|
+
}
|
|
1408
|
+
function collectionToSchema(collection) {
|
|
1409
|
+
const { properties, required } = fieldsToProperties(collection.fields);
|
|
1410
|
+
return {
|
|
1411
|
+
type: "object",
|
|
1412
|
+
properties: {
|
|
1413
|
+
id: { type: "string" },
|
|
1414
|
+
createdAt: { type: "string", format: "date-time" },
|
|
1415
|
+
updatedAt: { type: "string", format: "date-time" },
|
|
1416
|
+
...properties
|
|
1417
|
+
},
|
|
1418
|
+
required: ["id", ...required]
|
|
1419
|
+
};
|
|
1420
|
+
}
|
|
1421
|
+
function globalToSchema(global) {
|
|
1422
|
+
const { properties, required } = fieldsToProperties(global.fields);
|
|
1423
|
+
return {
|
|
1424
|
+
type: "object",
|
|
1425
|
+
properties,
|
|
1426
|
+
required
|
|
1427
|
+
};
|
|
1428
|
+
}
|
|
1429
|
+
function fieldsToProperties(fields) {
|
|
1430
|
+
const props = {};
|
|
1431
|
+
const required = [];
|
|
1432
|
+
for (const field of fields) {
|
|
1433
|
+
props[field.name] = fieldToSchema(field);
|
|
1434
|
+
if (field.required) {
|
|
1435
|
+
required.push(field.name);
|
|
1436
|
+
}
|
|
1437
|
+
}
|
|
1438
|
+
return { properties: props, required };
|
|
1439
|
+
}
|
|
1440
|
+
function fieldToSchema(field) {
|
|
1441
|
+
let schema = {};
|
|
1442
|
+
switch (field.type) {
|
|
1443
|
+
case "text":
|
|
1444
|
+
case "textarea":
|
|
1445
|
+
case "email":
|
|
1446
|
+
case "url":
|
|
1447
|
+
schema = { type: "string" };
|
|
1448
|
+
break;
|
|
1449
|
+
case "number":
|
|
1450
|
+
schema = { type: "number" };
|
|
1451
|
+
break;
|
|
1452
|
+
case "boolean":
|
|
1453
|
+
schema = { type: "boolean" };
|
|
1454
|
+
break;
|
|
1455
|
+
case "date":
|
|
1456
|
+
schema = { type: "string", format: "date-time" };
|
|
1457
|
+
break;
|
|
1458
|
+
case "select":
|
|
1459
|
+
schema = { type: "string", enum: field.options?.map((o) => typeof o === "string" ? o : o.value) };
|
|
1460
|
+
break;
|
|
1461
|
+
case "multiSelect":
|
|
1462
|
+
schema = {
|
|
1463
|
+
type: "array",
|
|
1464
|
+
items: { type: "string", enum: field.options?.map((o) => typeof o === "string" ? o : o.value) }
|
|
1465
|
+
};
|
|
1466
|
+
break;
|
|
1467
|
+
case "relationship":
|
|
1468
|
+
schema = { type: "string", description: `ID of a ${field.relationTo} record` };
|
|
1469
|
+
break;
|
|
1470
|
+
case "object": {
|
|
1471
|
+
const { properties, required } = fieldsToProperties(field.fields || []);
|
|
1472
|
+
schema = { type: "object", properties, required };
|
|
1473
|
+
break;
|
|
1474
|
+
}
|
|
1475
|
+
case "array": {
|
|
1476
|
+
const { properties, required } = fieldsToProperties(field.fields || []);
|
|
1477
|
+
schema = { type: "array", items: { type: "object", properties, required } };
|
|
1478
|
+
break;
|
|
1479
|
+
}
|
|
1480
|
+
case "json":
|
|
1481
|
+
case "richText":
|
|
1482
|
+
schema = { type: "object", additionalProperties: true };
|
|
1483
|
+
break;
|
|
1484
|
+
case "blocks":
|
|
1485
|
+
schema = {
|
|
1486
|
+
type: "array",
|
|
1487
|
+
items: {
|
|
1488
|
+
oneOf: field.blocks?.map((block) => {
|
|
1489
|
+
const { properties, required } = fieldsToProperties(block.fields);
|
|
1490
|
+
return {
|
|
1491
|
+
type: "object",
|
|
1492
|
+
properties: {
|
|
1493
|
+
blockType: { type: "string", enum: [block.slug] },
|
|
1494
|
+
...properties
|
|
1495
|
+
},
|
|
1496
|
+
required: ["blockType", ...required]
|
|
1497
|
+
};
|
|
1498
|
+
})
|
|
1499
|
+
}
|
|
1500
|
+
};
|
|
1501
|
+
break;
|
|
1502
|
+
default:
|
|
1503
|
+
schema = { type: "string" };
|
|
1504
|
+
}
|
|
1505
|
+
if (field.label) schema.description = field.label;
|
|
1506
|
+
return schema;
|
|
1507
|
+
}
|
|
1508
|
+
|
|
1509
|
+
// src/utils/swagger.ts
|
|
1510
|
+
function getSwaggerHtml(specUrl = "/api/openapi.json") {
|
|
1511
|
+
return `
|
|
1512
|
+
<!DOCTYPE html>
|
|
1513
|
+
<html lang="en">
|
|
1514
|
+
<head>
|
|
1515
|
+
<meta charset="utf-8" />
|
|
1516
|
+
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
|
1517
|
+
<meta name="description" content="SwaggerUI" />
|
|
1518
|
+
<title>Dyrected API Documentation</title>
|
|
1519
|
+
<link rel="stylesheet" href="https://unpkg.com/swagger-ui-dist@5.11.0/swagger-ui.css" />
|
|
1520
|
+
</head>
|
|
1521
|
+
<body>
|
|
1522
|
+
<div id="swagger-ui"></div>
|
|
1523
|
+
<script src="https://unpkg.com/swagger-ui-dist@5.11.0/swagger-ui-bundle.js" charset="UTF-8"></script>
|
|
1524
|
+
<script src="https://unpkg.com/swagger-ui-dist@5.11.0/swagger-ui-standalone-preset.js" charset="UTF-8"></script>
|
|
1525
|
+
<script>
|
|
1526
|
+
window.onload = () => {
|
|
1527
|
+
// Forward the apikey query param when loading the spec and making API calls
|
|
1528
|
+
const params = new URLSearchParams(window.location.search);
|
|
1529
|
+
const apiKey = params.get('apikey');
|
|
1530
|
+
const specUrlWithKey = apiKey ? '${specUrl}?apikey=' + encodeURIComponent(apiKey) : '${specUrl}';
|
|
1531
|
+
|
|
1532
|
+
window.ui = SwaggerUIBundle({
|
|
1533
|
+
url: specUrlWithKey,
|
|
1534
|
+
dom_id: '#swagger-ui',
|
|
1535
|
+
presets: [
|
|
1536
|
+
SwaggerUIBundle.presets.apis,
|
|
1537
|
+
SwaggerUIStandalonePreset
|
|
1538
|
+
],
|
|
1539
|
+
layout: "BaseLayout",
|
|
1540
|
+
deepLinking: true,
|
|
1541
|
+
showExtensions: true,
|
|
1542
|
+
showCommonExtensions: true,
|
|
1543
|
+
// Inject x-api-key header on every request made from the Swagger UI
|
|
1544
|
+
requestInterceptor: (request) => {
|
|
1545
|
+
if (apiKey) {
|
|
1546
|
+
request.headers['x-api-key'] = apiKey;
|
|
1547
|
+
}
|
|
1548
|
+
return request;
|
|
1549
|
+
}
|
|
1550
|
+
});
|
|
1551
|
+
};
|
|
1552
|
+
</script>
|
|
1553
|
+
</body>
|
|
1554
|
+
</html>
|
|
1555
|
+
`;
|
|
1556
|
+
}
|
|
1557
|
+
|
|
1558
|
+
// src/auth/jexl.ts
|
|
1559
|
+
import jexl from "jexl";
|
|
1560
|
+
async function evaluateAccess(expression, context) {
|
|
1561
|
+
if (expression === void 0 || expression === null) return false;
|
|
1562
|
+
if (typeof expression === "boolean") return expression;
|
|
1563
|
+
try {
|
|
1564
|
+
const result = await jexl.eval(expression, context);
|
|
1565
|
+
return !!result;
|
|
1566
|
+
} catch (err) {
|
|
1567
|
+
console.error("[dyrected/core] Jexl evaluation failed:", err);
|
|
1568
|
+
return false;
|
|
1569
|
+
}
|
|
1570
|
+
}
|
|
1571
|
+
|
|
1572
|
+
// src/router.ts
|
|
1573
|
+
function accessGate(target, action) {
|
|
1574
|
+
return async (c, next) => {
|
|
1575
|
+
const user = c.get("user");
|
|
1576
|
+
const accessExpr = target.access?.[action];
|
|
1577
|
+
if (accessExpr === void 0 || accessExpr === null) {
|
|
1578
|
+
return await next();
|
|
1579
|
+
}
|
|
1580
|
+
const accessArgs = { user, req: c.req, doc: null };
|
|
1581
|
+
const allowed = await evaluateAccess(accessExpr, accessArgs);
|
|
1582
|
+
if (!allowed) {
|
|
1583
|
+
return c.json({ error: true, message: `Access denied: ${action} on ${target.slug}` }, 403);
|
|
1584
|
+
}
|
|
1585
|
+
await next();
|
|
1586
|
+
};
|
|
1587
|
+
}
|
|
1588
|
+
function registerRoutes(app, config) {
|
|
1589
|
+
app.get("/api/schemas", optionalAuth(), async (c) => {
|
|
1590
|
+
const siteId = c.req.header("X-Site-Id");
|
|
1591
|
+
let collections = [...config.collections];
|
|
1592
|
+
let globals = [...config.globals];
|
|
1593
|
+
if (siteId && config.onSchemaFetch) {
|
|
1594
|
+
const dynamic = await config.onSchemaFetch(siteId);
|
|
1595
|
+
if (dynamic.collections) collections = [...collections, ...dynamic.collections];
|
|
1596
|
+
if (dynamic.globals) globals = [...globals, ...dynamic.globals];
|
|
1597
|
+
if (dynamic.admin) {
|
|
1598
|
+
config.admin = { ...config.admin, ...dynamic.admin };
|
|
1599
|
+
}
|
|
1600
|
+
}
|
|
1601
|
+
const user = c.get("user");
|
|
1602
|
+
const accessArgs = { user, req: c.req, doc: null };
|
|
1603
|
+
const resolveAccess = async (access) => {
|
|
1604
|
+
if (access === void 0 || access === null) return true;
|
|
1605
|
+
if (typeof access === "function") {
|
|
1606
|
+
try {
|
|
1607
|
+
const result = await access(accessArgs);
|
|
1608
|
+
return typeof result === "boolean" ? result : !!result;
|
|
1609
|
+
} catch (err) {
|
|
1610
|
+
console.error("[dyrected/core] Functional access check failed:", err);
|
|
1611
|
+
return false;
|
|
1612
|
+
}
|
|
1613
|
+
}
|
|
1614
|
+
if (typeof access === "string" || typeof access === "boolean") {
|
|
1615
|
+
return evaluateAccess(access, accessArgs);
|
|
1616
|
+
}
|
|
1617
|
+
return true;
|
|
1618
|
+
};
|
|
1619
|
+
const filteredCollections = await Promise.all(collections.filter((col) => !siteId || col.shared || !col.siteId || col.siteId === siteId).map(async (col) => ({
|
|
1620
|
+
slug: col.slug,
|
|
1621
|
+
labels: col.labels,
|
|
1622
|
+
access: {
|
|
1623
|
+
read: await resolveAccess(col.access?.read),
|
|
1624
|
+
create: await resolveAccess(col.access?.create),
|
|
1625
|
+
update: await resolveAccess(col.access?.update),
|
|
1626
|
+
delete: await resolveAccess(col.access?.delete)
|
|
1627
|
+
},
|
|
1628
|
+
fields: await Promise.all(col.fields.map(async (f) => ({
|
|
1629
|
+
name: f.name,
|
|
1630
|
+
type: f.type,
|
|
1631
|
+
label: f.label,
|
|
1632
|
+
required: f.required,
|
|
1633
|
+
defaultValue: f.defaultValue,
|
|
1634
|
+
options: f.options,
|
|
1635
|
+
relationTo: f.relationTo,
|
|
1636
|
+
hasMany: f.hasMany,
|
|
1637
|
+
fields: f.fields,
|
|
1638
|
+
blocks: f.blocks,
|
|
1639
|
+
admin: f.admin,
|
|
1640
|
+
access: {
|
|
1641
|
+
read: await resolveAccess(f.access?.read),
|
|
1642
|
+
update: await resolveAccess(f.access?.update)
|
|
1643
|
+
}
|
|
1644
|
+
}))),
|
|
1645
|
+
upload: !!col.upload,
|
|
1646
|
+
auth: !!col.auth,
|
|
1647
|
+
admin: col.admin
|
|
1648
|
+
})));
|
|
1649
|
+
const filteredGlobals = await Promise.all(globals.filter((glb) => !siteId || glb.shared || !glb.siteId || glb.siteId === siteId).map(async (glb) => ({
|
|
1650
|
+
slug: glb.slug,
|
|
1651
|
+
label: glb.label,
|
|
1652
|
+
access: {
|
|
1653
|
+
read: await resolveAccess(glb.access?.read),
|
|
1654
|
+
update: await resolveAccess(glb.access?.update)
|
|
1655
|
+
},
|
|
1656
|
+
fields: await Promise.all(glb.fields.map(async (f) => ({
|
|
1657
|
+
name: f.name,
|
|
1658
|
+
type: f.type,
|
|
1659
|
+
label: f.label,
|
|
1660
|
+
required: f.required,
|
|
1661
|
+
defaultValue: f.defaultValue,
|
|
1662
|
+
options: f.options,
|
|
1663
|
+
relationTo: f.relationTo,
|
|
1664
|
+
hasMany: f.hasMany,
|
|
1665
|
+
fields: f.fields,
|
|
1666
|
+
blocks: f.blocks,
|
|
1667
|
+
admin: f.admin,
|
|
1668
|
+
access: {
|
|
1669
|
+
read: await resolveAccess(f.access?.read),
|
|
1670
|
+
update: await resolveAccess(f.access?.update)
|
|
1671
|
+
}
|
|
1672
|
+
}))),
|
|
1673
|
+
admin: glb.admin
|
|
1674
|
+
})));
|
|
1675
|
+
return c.json({
|
|
1676
|
+
collections: filteredCollections,
|
|
1677
|
+
globals: filteredGlobals,
|
|
1678
|
+
admin: config.admin || {}
|
|
1679
|
+
});
|
|
1680
|
+
});
|
|
1681
|
+
app.get("/api/openapi.json", (c) => {
|
|
1682
|
+
return c.json(generateOpenApi(config));
|
|
1683
|
+
});
|
|
1684
|
+
app.get("/api/docs", (c) => {
|
|
1685
|
+
return c.html(getSwaggerHtml());
|
|
1686
|
+
});
|
|
1687
|
+
app.get("/api/media/:filename{.+$}", async (c) => {
|
|
1688
|
+
const mediaController = new MediaController("media");
|
|
1689
|
+
return mediaController.serve(c);
|
|
1690
|
+
});
|
|
1691
|
+
app.get("/media/:filename{.+$}", async (c) => {
|
|
1692
|
+
const mediaController = new MediaController("media");
|
|
1693
|
+
return mediaController.serve(c);
|
|
1694
|
+
});
|
|
1695
|
+
if (config.storage) {
|
|
1696
|
+
const uploadCollections = config.collections.filter((c) => c.upload);
|
|
1697
|
+
for (const col of uploadCollections) {
|
|
1698
|
+
const mediaController = new MediaController(col.slug);
|
|
1699
|
+
const prefix = `/api/collections/${col.slug}`;
|
|
1700
|
+
app.get(`${prefix}/media`, accessGate(col, "read"), (c) => mediaController.find(c));
|
|
1701
|
+
app.get(`${prefix}/media/:filename{.+$}`, (c) => mediaController.serve(c));
|
|
1702
|
+
app.post(`${prefix}/media`, accessGate(col, "create"), (c) => mediaController.upload(c));
|
|
1703
|
+
app.delete(`${prefix}/media/:id`, accessGate(col, "delete"), (c) => mediaController.delete(c));
|
|
1704
|
+
}
|
|
1705
|
+
}
|
|
1706
|
+
for (const collection of config.collections) {
|
|
1707
|
+
if (!collection.auth) continue;
|
|
1708
|
+
const path = `/api/collections/${collection.slug}`;
|
|
1709
|
+
const authController = new AuthController(collection);
|
|
1710
|
+
app.post(`${path}/login`, (c) => authController.login(c));
|
|
1711
|
+
app.post(`${path}/logout`, (c) => authController.logout(c));
|
|
1712
|
+
app.get(`${path}/init`, (c) => authController.init(c));
|
|
1713
|
+
app.post(`${path}/first-user`, (c) => authController.registerFirstUser(c));
|
|
1714
|
+
app.get(`${path}/me`, requireAuth(), (c) => authController.me(c));
|
|
1715
|
+
app.post(`${path}/refresh-token`, requireAuth(), (c) => authController.refreshToken(c));
|
|
1716
|
+
app.post(`${path}/forgot-password`, (c) => authController.forgotPassword(c));
|
|
1717
|
+
app.post(`${path}/reset-password`, (c) => authController.resetPassword(c));
|
|
1718
|
+
app.post(`${path}/invite`, requireAuth(), (c) => authController.invite(c));
|
|
1719
|
+
app.post(`${path}/accept-invite`, (c) => authController.acceptInvite(c));
|
|
1720
|
+
}
|
|
1721
|
+
for (const collection of config.collections) {
|
|
1722
|
+
const path = `/api/collections/${collection.slug}`;
|
|
1723
|
+
const controller = new CollectionController(collection);
|
|
1724
|
+
app.get(path, accessGate(collection, "read"), (c) => controller.find(c));
|
|
1725
|
+
app.post(path, accessGate(collection, "create"), (c) => controller.create(c));
|
|
1726
|
+
app.post(`${path}/media`, accessGate(collection, "create"), (c) => controller.create(c));
|
|
1727
|
+
app.delete(`${path}/delete-many`, accessGate(collection, "delete"), (c) => controller.deleteMany(c));
|
|
1728
|
+
app.get(`${path}/:id`, accessGate(collection, "read"), (c) => controller.findOne(c));
|
|
1729
|
+
app.patch(`${path}/:id`, accessGate(collection, "update"), (c) => controller.update(c));
|
|
1730
|
+
app.delete(`${path}/:id`, accessGate(collection, "delete"), (c) => controller.delete(c));
|
|
1731
|
+
app.post(`${path}/seed`, (c) => controller.seed(c));
|
|
1732
|
+
}
|
|
1733
|
+
for (const global of config.globals) {
|
|
1734
|
+
const path = `/api/globals/${global.slug}`;
|
|
1735
|
+
const controller = new GlobalController(global);
|
|
1736
|
+
app.get(path, accessGate(global, "read"), (c) => controller.get(c));
|
|
1737
|
+
app.patch(path, accessGate(global, "update"), (c) => controller.update(c));
|
|
1738
|
+
app.post(`${path}/seed`, (c) => controller.seed(c));
|
|
1739
|
+
}
|
|
1740
|
+
const previewController = new PreviewController();
|
|
1741
|
+
app.post("/api/preview-token", requireAuth(), (c) => previewController.createToken(c));
|
|
1742
|
+
app.get("/api/preview-data", (c) => previewController.getData(c));
|
|
1743
|
+
app.all("/api/collections/:slug/:id?", async (c) => {
|
|
1744
|
+
const slug = c.req.param("slug");
|
|
1745
|
+
const id = c.req.param("id");
|
|
1746
|
+
const siteId = c.req.header("X-Site-Id") || c.get("siteId");
|
|
1747
|
+
const config2 = c.get("config");
|
|
1748
|
+
if (config2.collections.some((col) => col.slug === slug)) {
|
|
1749
|
+
return c.json({ message: "Method Not Allowed" }, 405);
|
|
1750
|
+
}
|
|
1751
|
+
if (config2.onSchemaFetch && siteId) {
|
|
1752
|
+
const dynamic = await config2.onSchemaFetch(siteId);
|
|
1753
|
+
let collection = dynamic.collections?.find((col) => col.slug === slug);
|
|
1754
|
+
if (!collection && slug === "media") {
|
|
1755
|
+
collection = {
|
|
1756
|
+
slug: "media",
|
|
1757
|
+
labels: { singular: "Media", plural: "Media" },
|
|
1758
|
+
upload: true,
|
|
1759
|
+
fields: []
|
|
1760
|
+
};
|
|
1761
|
+
}
|
|
1762
|
+
if (collection) {
|
|
1763
|
+
if (collection.auth && id) {
|
|
1764
|
+
const authController = new AuthController(collection);
|
|
1765
|
+
const method2 = c.req.method;
|
|
1766
|
+
if (method2 === "POST" && id === "login") return authController.login(c);
|
|
1767
|
+
if (method2 === "POST" && id === "logout") return authController.logout(c);
|
|
1768
|
+
if (method2 === "GET" && id === "me") return authController.me(c);
|
|
1769
|
+
if (method2 === "POST" && id === "refresh-token") return authController.refreshToken(c);
|
|
1770
|
+
if (method2 === "POST" && id === "forgot-password") return authController.forgotPassword(c);
|
|
1771
|
+
if (method2 === "POST" && id === "reset-password") return authController.resetPassword(c);
|
|
1772
|
+
}
|
|
1773
|
+
const controller = new CollectionController(collection);
|
|
1774
|
+
const method = c.req.method;
|
|
1775
|
+
if (id) {
|
|
1776
|
+
if (method === "GET") return controller.findOne(c);
|
|
1777
|
+
if (method === "PATCH") return controller.update(c);
|
|
1778
|
+
if (method === "DELETE" && id === "delete-many") return controller.deleteMany(c);
|
|
1779
|
+
if (method === "DELETE") return controller.delete(c);
|
|
1780
|
+
if (method === "POST" && id === "media") return controller.create(c);
|
|
1781
|
+
if (method === "POST" && id === "seed") return controller.seed(c);
|
|
1782
|
+
} else {
|
|
1783
|
+
if (method === "GET") return controller.find(c);
|
|
1784
|
+
if (method === "POST") return controller.create(c);
|
|
1785
|
+
}
|
|
1786
|
+
}
|
|
1787
|
+
}
|
|
1788
|
+
return c.json({ message: `Collection "${slug}" not found` }, 404);
|
|
1789
|
+
});
|
|
1790
|
+
app.all("/api/globals/:slug", async (c) => {
|
|
1791
|
+
const slug = c.req.param("slug");
|
|
1792
|
+
const siteId = c.req.header("X-Site-Id") || c.get("siteId");
|
|
1793
|
+
const config2 = c.get("config");
|
|
1794
|
+
if (config2.globals.some((glb) => glb.slug === slug)) {
|
|
1795
|
+
return c.json({ message: "Method Not Allowed" }, 405);
|
|
1796
|
+
}
|
|
1797
|
+
if (config2.onSchemaFetch && siteId) {
|
|
1798
|
+
const dynamic = await config2.onSchemaFetch(siteId);
|
|
1799
|
+
const global = dynamic.globals?.find((glb) => glb.slug === slug);
|
|
1800
|
+
if (global) {
|
|
1801
|
+
const controller = new GlobalController(global);
|
|
1802
|
+
if (c.req.method === "GET") return controller.get(c);
|
|
1803
|
+
if (c.req.method === "PATCH") return controller.update(c);
|
|
1804
|
+
}
|
|
1805
|
+
}
|
|
1806
|
+
return c.json({ message: `Global "${slug}" not found` }, 404);
|
|
1807
|
+
});
|
|
1808
|
+
}
|
|
1809
|
+
|
|
1810
|
+
// src/app.ts
|
|
1811
|
+
import { Hono } from "hono";
|
|
1812
|
+
import { cors } from "hono/cors";
|
|
1813
|
+
import { requestId } from "hono/request-id";
|
|
1814
|
+
async function createDyrectedApp(rawConfig) {
|
|
1815
|
+
const config = normalizeConfig(rawConfig);
|
|
1816
|
+
const app = new Hono();
|
|
1817
|
+
if (config.db?.sync) {
|
|
1818
|
+
await config.db.sync(config.collections, config.globals);
|
|
1819
|
+
}
|
|
1820
|
+
app.use("*", requestId());
|
|
1821
|
+
app.use("*", optionalAuth());
|
|
1822
|
+
app.use("*", async (c, next) => {
|
|
1823
|
+
const start = Date.now();
|
|
1824
|
+
await next();
|
|
1825
|
+
const ms = Date.now() - start;
|
|
1826
|
+
console.log(`[dyrected/api] ${c.req.method} ${c.req.path} ${c.res.status} - ${ms}ms`);
|
|
1827
|
+
});
|
|
1828
|
+
app.use("*", cors());
|
|
1829
|
+
app.use("*", async (c, next) => {
|
|
1830
|
+
c.set("config", config);
|
|
1831
|
+
if (!c.get("siteId")) {
|
|
1832
|
+
c.set("siteId", "default");
|
|
1833
|
+
}
|
|
1834
|
+
await next();
|
|
1835
|
+
});
|
|
1836
|
+
app.get("/health", (c) => c.json({ status: "ok", version: "0.0.1" }));
|
|
1837
|
+
app.get("/routes", (c) => {
|
|
1838
|
+
const routes = app.routes.map((r) => ({ method: r.method, path: r.path }));
|
|
1839
|
+
return c.json({ routes });
|
|
1840
|
+
});
|
|
1841
|
+
app.onError((err, c) => {
|
|
1842
|
+
console.error(`[dyrected/core] Uncaught Error:`, err);
|
|
1843
|
+
return c.json({
|
|
1844
|
+
message: err.message || "Internal Server Error",
|
|
1845
|
+
stack: process.env.NODE_ENV === "development" ? err.stack : void 0
|
|
1846
|
+
}, 500);
|
|
1847
|
+
});
|
|
1848
|
+
registerRoutes(app, config);
|
|
1849
|
+
return app;
|
|
1850
|
+
}
|
|
1851
|
+
|
|
1852
|
+
export {
|
|
1853
|
+
normalizeConfig,
|
|
1854
|
+
CollectionController,
|
|
1855
|
+
GlobalController,
|
|
1856
|
+
MediaController,
|
|
1857
|
+
AuthController,
|
|
1858
|
+
PreviewController,
|
|
1859
|
+
registerRoutes,
|
|
1860
|
+
createDyrectedApp
|
|
1861
|
+
};
|