npm - @dyrected/core - Versions diffs - 2.5.25 → 2.5.27 - Mend

@dyrected/core 2.5.25 → 2.5.27

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (162) hide show

package/dist/__tests__/app.test.d.ts +2 -0
package/dist/__tests__/app.test.d.ts.map +1 -0
package/dist/__tests__/app.test.js +27 -0
package/dist/__tests__/app.test.js.map +1 -0
package/dist/__tests__/config.test.d.ts +2 -0
package/dist/__tests__/config.test.d.ts.map +1 -0
package/dist/__tests__/config.test.js +34 -0
package/dist/__tests__/config.test.js.map +1 -0
package/dist/__tests__/deleteMany.test.d.ts +2 -0
package/dist/__tests__/deleteMany.test.d.ts.map +1 -0
package/dist/__tests__/deleteMany.test.js +75 -0
package/dist/__tests__/deleteMany.test.js.map +1 -0
package/dist/__tests__/depth.test.d.ts +2 -0
package/dist/__tests__/depth.test.d.ts.map +1 -0
package/dist/__tests__/depth.test.js +81 -0
package/dist/__tests__/depth.test.js.map +1 -0
package/dist/__tests__/dynamic-options.test.d.ts +2 -0
package/dist/__tests__/dynamic-options.test.d.ts.map +1 -0
package/dist/__tests__/dynamic-options.test.js +132 -0
package/dist/__tests__/dynamic-options.test.js.map +1 -0
package/dist/__tests__/field-inference.test-types.d.ts +24 -0
package/dist/__tests__/field-inference.test-types.d.ts.map +1 -0
package/dist/__tests__/field-inference.test-types.js +87 -0
package/dist/__tests__/field-inference.test-types.js.map +1 -0
package/dist/__tests__/hooks.test.d.ts +2 -0
package/dist/__tests__/hooks.test.d.ts.map +1 -0
package/dist/__tests__/hooks.test.js +320 -0
package/dist/__tests__/hooks.test.js.map +1 -0
package/dist/__tests__/mocks.d.ts +68 -0
package/dist/__tests__/mocks.d.ts.map +1 -0
package/dist/__tests__/mocks.js +151 -0
package/dist/__tests__/mocks.js.map +1 -0
package/dist/__tests__/router.test.d.ts +2 -0
package/dist/__tests__/router.test.d.ts.map +1 -0
package/dist/__tests__/router.test.js +48 -0
package/dist/__tests__/router.test.js.map +1 -0
package/dist/__tests__/where.test.d.ts +2 -0
package/dist/__tests__/where.test.d.ts.map +1 -0
package/dist/__tests__/where.test.js +97 -0
package/dist/__tests__/where.test.js.map +1 -0
package/dist/app-BOrsS7Tz.d.cts +1771 -0
package/dist/app-BOrsS7Tz.d.ts +1771 -0
package/dist/app.d.ts +21 -0
package/dist/app.d.ts.map +1 -0
package/dist/app.js +56 -0
package/dist/app.js.map +1 -0
package/dist/auth/jexl.d.ts +10 -0
package/dist/auth/jexl.d.ts.map +1 -0
package/dist/auth/jexl.js +22 -0
package/dist/auth/jexl.js.map +1 -0
package/dist/auth/password.d.ts +10 -0
package/dist/auth/password.d.ts.map +1 -0
package/dist/auth/password.js +28 -0
package/dist/auth/password.js.map +1 -0
package/dist/auth/token.d.ts +20 -0
package/dist/auth/token.d.ts.map +1 -0
package/dist/auth/token.js +40 -0
package/dist/auth/token.js.map +1 -0
package/dist/chunk-SUGK7UYL.js +311 -0
package/dist/chunk-ZFAOBRHT.js +2709 -0
package/dist/controllers/auth.controller.d.ts +125 -0
package/dist/controllers/auth.controller.d.ts.map +1 -0
package/dist/controllers/auth.controller.js +323 -0
package/dist/controllers/auth.controller.js.map +1 -0
package/dist/controllers/collection.controller.d.ts +88 -0
package/dist/controllers/collection.controller.d.ts.map +1 -0
package/dist/controllers/collection.controller.js +554 -0
package/dist/controllers/collection.controller.js.map +1 -0
package/dist/controllers/global.controller.d.ts +17 -0
package/dist/controllers/global.controller.d.ts.map +1 -0
package/dist/controllers/global.controller.js +116 -0
package/dist/controllers/global.controller.js.map +1 -0
package/dist/controllers/media.controller.d.ts +36 -0
package/dist/controllers/media.controller.d.ts.map +1 -0
package/dist/controllers/media.controller.js +155 -0
package/dist/controllers/media.controller.js.map +1 -0
package/dist/controllers/preview.controller.d.ts +37 -0
package/dist/controllers/preview.controller.d.ts.map +1 -0
package/dist/controllers/preview.controller.js +48 -0
package/dist/controllers/preview.controller.js.map +1 -0
package/dist/index-Bp7PDOYG.d.cts +1750 -0
package/dist/index-Bp7PDOYG.d.ts +1750 -0
package/dist/index-DfAmTZXk.d.cts +1749 -0
package/dist/index-DfAmTZXk.d.ts +1749 -0
package/dist/index.cjs +2 -2396
package/dist/index.d.cts +2 -4
package/dist/index.d.ts +2 -4
package/dist/index.d.ts.map +1 -0
package/dist/index.js +3 -5
package/dist/index.js.map +1 -0
package/dist/middleware/auth.d.ts +18 -0
package/dist/middleware/auth.d.ts.map +1 -0
package/dist/middleware/auth.js +45 -0
package/dist/middleware/auth.js.map +1 -0
package/dist/router.d.ts +8 -0
package/dist/router.d.ts.map +1 -0
package/dist/router.js +463 -0
package/dist/router.js.map +1 -0
package/dist/server.cjs +103 -0
package/dist/server.d.cts +22 -4
package/dist/server.d.ts +22 -4
package/dist/server.d.ts.map +1 -0
package/dist/server.js +2429 -8
package/dist/server.js.map +1 -0
package/dist/services/audit.service.d.ts +23 -0
package/dist/services/audit.service.d.ts.map +1 -0
package/dist/services/audit.service.js +28 -0
package/dist/services/audit.service.js.map +1 -0
package/dist/services/defaults.service.d.ts +8 -0
package/dist/services/defaults.service.d.ts.map +1 -0
package/dist/services/defaults.service.js +55 -0
package/dist/services/defaults.service.js.map +1 -0
package/dist/services/email.service.d.ts +33 -0
package/dist/services/email.service.d.ts.map +1 -0
package/dist/services/email.service.js +219 -0
package/dist/services/email.service.js.map +1 -0
package/dist/services/media.service.d.ts +20 -0
package/dist/services/media.service.d.ts.map +1 -0
package/dist/services/media.service.js +49 -0
package/dist/services/media.service.js.map +1 -0
package/dist/services/population.service.d.ts +20 -0
package/dist/services/population.service.d.ts.map +1 -0
package/dist/services/population.service.js +168 -0
package/dist/services/population.service.js.map +1 -0
package/dist/types/index.d.ts +1749 -0
package/dist/types/index.d.ts.map +1 -0
package/dist/types/index.js +3 -0
package/dist/types/index.js.map +1 -0
package/dist/utils/config.d.ts +8 -0
package/dist/utils/config.d.ts.map +1 -0
package/dist/utils/config.js +153 -0
package/dist/utils/config.js.map +1 -0
package/dist/utils/hooks.d.ts +41 -0
package/dist/utils/hooks.d.ts.map +1 -0
package/dist/utils/hooks.js +169 -0
package/dist/utils/hooks.js.map +1 -0
package/dist/utils/openapi.d.ts +6 -0
package/dist/utils/openapi.d.ts.map +1 -0
package/dist/utils/openapi.js +331 -0
package/dist/utils/openapi.js.map +1 -0
package/dist/utils/parse-where.d.ts +63 -0
package/dist/utils/parse-where.d.ts.map +1 -0
package/dist/utils/parse-where.js +196 -0
package/dist/utils/parse-where.js.map +1 -0
package/dist/utils/readonly-db.d.ts +9 -0
package/dist/utils/readonly-db.d.ts.map +1 -0
package/dist/utils/readonly-db.js +21 -0
package/dist/utils/readonly-db.js.map +1 -0
package/dist/utils/setup-prompt.d.ts +11 -0
package/dist/utils/setup-prompt.d.ts.map +1 -0
package/dist/utils/setup-prompt.js +863 -0
package/dist/utils/setup-prompt.js.map +1 -0
package/dist/utils/swagger.d.ts +5 -0
package/dist/utils/swagger.d.ts.map +1 -0
package/dist/utils/swagger.js +51 -0
package/dist/utils/swagger.js.map +1 -0
package/dist/utils/where-sanitizer.d.ts +10 -0
package/dist/utils/where-sanitizer.d.ts.map +1 -0
package/dist/utils/where-sanitizer.js +63 -0
package/dist/utils/where-sanitizer.js.map +1 -0
package/dist/where-sanitizer-DQIWTQZW.js +50 -0
package/package.json +1 -1

package/dist/index.d.cts CHANGED Viewed

@@ -1,7 +1,5 @@
-import { D as DyrectedConfig, F as Field, C as CollectionConfig, P as Prettify, I as InferDocShape, S as SystemDocFields, A as AuthDocFields, U as UploadDocFields, G as GlobalConfig } from './app-BibuoHQG.cjs';
-export { a as AccessFunction, b as AdminConfig, c as AuthenticatedUser, B as BaseDocument, d as Block, e as CollectionAfterChangeHook, f as CollectionAfterDeleteHook, g as CollectionAfterReadHook, h as CollectionBeforeChangeHook, i as CollectionBeforeDeleteHook, j as CollectionBeforeReadHook, k as DatabaseAdapter, l as DynamicOptionItem, m as DynamicOptionsConfig, n as DynamicOptionsResolver, o as DynamicOptionsResolverArgs, p as DyrectedContext, q as FieldAfterReadHook, r as FieldBeforeChangeHook, s as FieldHook, t as FieldType, u as FileData, v as GlobalAfterChangeHook, w as GlobalAfterReadHook, x as GlobalBeforeChangeHook, y as GlobalBeforeReadHook, H as HookFunction, z as HookRequestContext, E as ImageService, J as PaginatedResult, R as ReadonlyDatabaseAdapter, K as StorageAdapter, L as UploadConfig, M as createDyrectedApp } from './app-BibuoHQG.cjs';
-import 'hono/types';
-import 'hono';
+import { D as DyrectedConfig, F as Field, C as CollectionConfig, P as Prettify, I as InferDocShape, S as SystemDocFields, A as AuthDocFields, U as UploadDocFields, G as GlobalConfig } from './index-Bp7PDOYG.cjs';
+export { a as AccessFunction, b as AdminConfig, c as AuthenticatedUser, B as BaseDocument, d as Block, e as CollectionAfterChangeHook, f as CollectionAfterDeleteHook, g as CollectionAfterReadHook, h as CollectionBeforeChangeHook, i as CollectionBeforeDeleteHook, j as CollectionBeforeReadHook, k as DatabaseAdapter, l as DynamicOptionItem, m as DynamicOptionsConfig, n as DynamicOptionsResolver, o as DynamicOptionsResolverArgs, p as FieldAfterReadHook, q as FieldBeforeChangeHook, r as FieldHook, s as FieldType, t as FileData, u as GlobalAfterChangeHook, v as GlobalAfterReadHook, w as GlobalBeforeChangeHook, x as GlobalBeforeReadHook, H as HookFunction, y as HookRequestContext, z as ImageService, E as PaginatedResult, R as ReadonlyDatabaseAdapter, J as StorageAdapter, K as UploadConfig } from './index-Bp7PDOYG.cjs';
 interface SetupPromptConfig {
     siteName?: string;

package/dist/index.d.ts CHANGED Viewed

@@ -1,7 +1,5 @@
-import { D as DyrectedConfig, F as Field, C as CollectionConfig, P as Prettify, I as InferDocShape, S as SystemDocFields, A as AuthDocFields, U as UploadDocFields, G as GlobalConfig } from './app-BibuoHQG.js';
-export { a as AccessFunction, b as AdminConfig, c as AuthenticatedUser, B as BaseDocument, d as Block, e as CollectionAfterChangeHook, f as CollectionAfterDeleteHook, g as CollectionAfterReadHook, h as CollectionBeforeChangeHook, i as CollectionBeforeDeleteHook, j as CollectionBeforeReadHook, k as DatabaseAdapter, l as DynamicOptionItem, m as DynamicOptionsConfig, n as DynamicOptionsResolver, o as DynamicOptionsResolverArgs, p as DyrectedContext, q as FieldAfterReadHook, r as FieldBeforeChangeHook, s as FieldHook, t as FieldType, u as FileData, v as GlobalAfterChangeHook, w as GlobalAfterReadHook, x as GlobalBeforeChangeHook, y as GlobalBeforeReadHook, H as HookFunction, z as HookRequestContext, E as ImageService, J as PaginatedResult, R as ReadonlyDatabaseAdapter, K as StorageAdapter, L as UploadConfig, M as createDyrectedApp } from './app-BibuoHQG.js';
-import 'hono/types';
-import 'hono';
+import { D as DyrectedConfig, F as Field, C as CollectionConfig, P as Prettify, I as InferDocShape, S as SystemDocFields, A as AuthDocFields, U as UploadDocFields, G as GlobalConfig } from './index-Bp7PDOYG.js';
+export { a as AccessFunction, b as AdminConfig, c as AuthenticatedUser, B as BaseDocument, d as Block, e as CollectionAfterChangeHook, f as CollectionAfterDeleteHook, g as CollectionAfterReadHook, h as CollectionBeforeChangeHook, i as CollectionBeforeDeleteHook, j as CollectionBeforeReadHook, k as DatabaseAdapter, l as DynamicOptionItem, m as DynamicOptionsConfig, n as DynamicOptionsResolver, o as DynamicOptionsResolverArgs, p as FieldAfterReadHook, q as FieldBeforeChangeHook, r as FieldHook, s as FieldType, t as FileData, u as GlobalAfterChangeHook, v as GlobalAfterReadHook, w as GlobalBeforeChangeHook, x as GlobalBeforeReadHook, H as HookFunction, y as HookRequestContext, z as ImageService, E as PaginatedResult, R as ReadonlyDatabaseAdapter, J as StorageAdapter, K as UploadConfig } from './index-Bp7PDOYG.js';
 interface SetupPromptConfig {
     siteName?: string;

package/dist/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,gBAAgB,EAAE,cAAc,EAAE,KAAK,EAAE,YAAY,EAAE,aAAa,EAAE,QAAQ,EAAE,eAAe,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,kBAAkB,CAAC;AAExK;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4BG;AAEH,wBAAgB,gBAAgB,CAAC,KAAK,CAAC,OAAO,SAAS,KAAK,EAAE,EAC5D,MAAM,EAAE,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC;IAAE,EAAE,EAAE,MAAM,CAAA;CAAE,GAAG,aAAa,CAAC,OAAO,CAAC,GAAG,eAAe,GAAG,aAAa,CAAC,CAAC,EAAE,QAAQ,GAAG,MAAM,CAAC,GAAG;IAAE,MAAM,EAAE,OAAO,CAAC;IAAC,IAAI,EAAE,IAAI,CAAA;CAAE,GACvK,gBAAgB,CAAC,QAAQ,CAAC;IAAE,EAAE,EAAE,MAAM,CAAA;CAAE,GAAG,aAAa,CAAC,OAAO,CAAC,GAAG,eAAe,GAAG,aAAa,CAAC,CAAC,CAAC;AAEzG,wBAAgB,gBAAgB,CAAC,KAAK,CAAC,OAAO,SAAS,KAAK,EAAE,EAC5D,MAAM,EAAE,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC;IAAE,EAAE,EAAE,MAAM,CAAA;CAAE,GAAG,aAAa,CAAC,OAAO,CAAC,GAAG,eAAe,GAAG,eAAe,CAAC,CAAC,EAAE,QAAQ,GAAG,QAAQ,CAAC,GAAG;IAAE,MAAM,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,IAAI,CAAA;CAAE,GAC7K,gBAAgB,CAAC,QAAQ,CAAC;IAAE,EAAE,EAAE,MAAM,CAAA;CAAE,GAAG,aAAa,CAAC,OAAO,CAAC,GAAG,eAAe,GAAG,eAAe,CAAC,CAAC,CAAC;AAE3G,wBAAgB,gBAAgB,CAAC,KAAK,CAAC,OAAO,SAAS,KAAK,EAAE,EAC5D,MAAM,EAAE,IAAI,CAAC,gBAAgB,CAAC,QAAQ,CAAC;IAAE,EAAE,EAAE,MAAM,CAAA;CAAE,GAAG,aAAa,CAAC,OAAO,CAAC,GAAG,eAAe,CAAC,CAAC,EAAE,QAAQ,CAAC,GAAG;IAAE,MAAM,EAAE,OAAO,CAAA;CAAE,GAClI,gBAAgB,CAAC,QAAQ,CAAC;IAAE,EAAE,EAAE,MAAM,CAAA;CAAE,GAAG,aAAa,CAAC,OAAO,CAAC,GAAG,eAAe,CAAC,CAAC,CAAC;AAEzF,wBAAgB,gBAAgB,CAAC,IAAI,SAAS,MAAM,EAClD,MAAM,EAAE,gBAAgB,CAAC,IAAI,CAAC,GAC7B,gBAAgB,CAAC,IAAI,CAAC,CAAC;AAM1B;;;;;;;;;;;;;;;;;;;;;;;;GAwBG;AAEH,wBAAgB,YAAY,CAAC,KAAK,CAAC,OAAO,SAAS,KAAK,EAAE,EACxD,MAAM,EAAE,IAAI,CAAC,YAAY,CAAC,QAAQ,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,EAAE,QAAQ,CAAC,GAAG;IAAE,MAAM,EAAE,OAAO,CAAA;CAAE,GAC3F,YAAY,CAAC,QAAQ,CAAC,aAAa,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC;AAElD,wBAAgB,YAAY,CAAC,IAAI,SAAS,MAAM,EAC9C,MAAM,EAAE,YAAY,CAAC,IAAI,CAAC,GACzB,YAAY,CAAC,IAAI,CAAC,CAAC;AAMtB;;;;;;GAMG;AACH,wBAAgB,YAAY,CAAC,MAAM,EAAE,cAAc,GAAG,cAAc,CAEnE;AAED,cAAc,kBAAkB,CAAC;AACjC,cAAc,yBAAyB,CAAC;AACxC,cAAc,mBAAmB,CAAC;AAClC,cAAc,wBAAwB,CAAC;AACvC,cAAc,kBAAkB,CAAC"}

package/dist/index.js CHANGED Viewed

@@ -1,10 +1,9 @@
 import {
-  createDyrectedApp,
   executeFieldAfterRead,
   executeFieldBeforeChange,
   normalizeConfig,
   runCollectionHooks
-} from "./chunk-FDQYPPG3.js";
+} from "./chunk-SUGK7UYL.js";
 // src/utils/setup-prompt.ts
 function buildEnvironmentSection(frameworkLabel, isSelfHosted, config) {
@@ -855,10 +854,10 @@ function parseSqlWhere(where, getJsonField, placeholder = "?") {
   function buildSingleOp(c, op, operand) {
     switch (op) {
       case "equals":
-        params.push(operand);
+        params.push(typeof operand === "boolean" ? String(operand) : operand);
         return `${c} = ${next()}`;
       case "not_equals":
-        params.push(operand);
+        params.push(typeof operand === "boolean" ? String(operand) : operand);
         return `${c} != ${next()}`;
       case "in": {
         const vals = Array.isArray(operand) ? operand : [operand];
@@ -995,7 +994,6 @@ function defineConfig(config) {
   return config;
 }
 export {
-  createDyrectedApp,
   defineCollection,
   defineConfig,
   defineGlobal,

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AA+CA,iBAAiB;AACjB,MAAM,UAAU,gBAAgB,CAAC,MAAe;IAC9C,OAAO,MAAM,CAAC;AAChB,CAAC;AAmCD,iBAAiB;AACjB,MAAM,UAAU,YAAY,CAAC,MAAe;IAC1C,OAAO,MAAM,CAAC;AAChB,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,YAAY,CAAC,MAAsB;IACjD,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,cAAc,kBAAkB,CAAC;AACjC,cAAc,yBAAyB,CAAC;AACxC,cAAc,mBAAmB,CAAC;AAClC,cAAc,wBAAwB,CAAC;AACvC,cAAc,kBAAkB,CAAC"}

package/dist/middleware/auth.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+import type { Context, Next } from 'hono';
+import type { DyrectedContext } from '../app.js';
+/**
+ * Middleware that requires a valid Bearer JWT.
+ * On success: sets `c.get('user')` to the decoded token payload.
+ * On failure: returns 401.
+ */
+export declare function requireAuth(): (c: Context<DyrectedContext>, next: Next) => Promise<(Response & import("hono").TypedResponse<{
+    error: true;
+    message: string;
+}, 401, "json">) | undefined>;
+/**
+ * Middleware that optionally decodes a Bearer JWT.
+ * Does NOT block the request if the token is missing or invalid — it just won't set `user`.
+ * Use this for routes that behave differently when authenticated.
+ */
+export declare function optionalAuth(): (c: Context<DyrectedContext>, next: Next) => Promise<void>;
+//# sourceMappingURL=auth.d.ts.map

package/dist/middleware/auth.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../src/middleware/auth.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC1C,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,WAAW,CAAC;AAGjD;;;;GAIG;AACH,wBAAgB,WAAW,KACX,GAAG,OAAO,CAAC,eAAe,CAAC,EAAE,MAAM,IAAI;;;8BAgBtD;AAED;;;;GAIG;AACH,wBAAgB,YAAY,KACZ,GAAG,OAAO,CAAC,eAAe,CAAC,EAAE,MAAM,IAAI,mBAetD"}

package/dist/middleware/auth.js ADDED Viewed

@@ -0,0 +1,45 @@
+import { verifyCollectionToken } from '../auth/token.js';
+/**
+ * Middleware that requires a valid Bearer JWT.
+ * On success: sets `c.get('user')` to the decoded token payload.
+ * On failure: returns 401.
+ */
+export function requireAuth() {
+    return async (c, next) => {
+        const authHeader = c.req.header('Authorization');
+        const token = authHeader?.replace(/^Bearer\s+/i, '');
+        if (!token) {
+            return c.json({ error: true, message: 'Authentication required.' }, 401);
+        }
+        try {
+            const user = await verifyCollectionToken(token);
+            c.set('user', user);
+            await next();
+        }
+        catch {
+            return c.json({ error: true, message: 'Invalid or expired token.' }, 401);
+        }
+    };
+}
+/**
+ * Middleware that optionally decodes a Bearer JWT.
+ * Does NOT block the request if the token is missing or invalid — it just won't set `user`.
+ * Use this for routes that behave differently when authenticated.
+ */
+export function optionalAuth() {
+    return async (c, next) => {
+        const authHeader = c.req.header('Authorization');
+        const token = authHeader?.replace(/^Bearer\s+/i, '');
+        if (token) {
+            try {
+                const user = await verifyCollectionToken(token);
+                c.set('user', user);
+            }
+            catch {
+                // Invalid token — proceed without user
+            }
+        }
+        await next();
+    };
+}
+//# sourceMappingURL=auth.js.map

package/dist/middleware/auth.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"auth.js","sourceRoot":"","sources":["../../src/middleware/auth.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,qBAAqB,EAAE,MAAM,kBAAkB,CAAC;AAEzD;;;;GAIG;AACH,MAAM,UAAU,WAAW;IACzB,OAAO,KAAK,EAAE,CAA2B,EAAE,IAAU,EAAE,EAAE;QACvD,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QACjD,MAAM,KAAK,GAAG,UAAU,EAAE,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QAErD,IAAI,CAAC,KAAK,EAAE,CAAC;YACX,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,0BAA0B,EAAE,EAAE,GAAG,CAAC,CAAC;QAC3E,CAAC;QAED,IAAI,CAAC;YACH,MAAM,IAAI,GAAG,MAAM,qBAAqB,CAAC,KAAK,CAAC,CAAC;YAChD,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;YACpB,MAAM,IAAI,EAAE,CAAC;QACf,CAAC;QAAC,MAAM,CAAC;YACP,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,2BAA2B,EAAE,EAAE,GAAG,CAAC,CAAC;QAC5E,CAAC;IACH,CAAC,CAAC;AACJ,CAAC;AAED;;;;GAIG;AACH,MAAM,UAAU,YAAY;IAC1B,OAAO,KAAK,EAAE,CAA2B,EAAE,IAAU,EAAE,EAAE;QACvD,MAAM,UAAU,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,eAAe,CAAC,CAAC;QACjD,MAAM,KAAK,GAAG,UAAU,EAAE,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC;QAErD,IAAI,KAAK,EAAE,CAAC;YACV,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,MAAM,qBAAqB,CAAC,KAAK,CAAC,CAAC;gBAChD,CAAC,CAAC,GAAG,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;YACtB,CAAC;YAAC,MAAM,CAAC;gBACP,uCAAuC;YACzC,CAAC;QACH,CAAC;QAED,MAAM,IAAI,EAAE,CAAC;IACf,CAAC,CAAC;AACJ,CAAC"}

package/dist/router.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import { Hono } from "hono";
+import type { DyrectedContext } from "./app.js";
+import type { DyrectedConfig } from "./types/index.js";
+/**
+ * Register dynamic routes based on the provided configuration.
+ */
+export declare function registerRoutes(app: Hono<DyrectedContext>, config: DyrectedConfig): void;
+//# sourceMappingURL=router.d.ts.map

package/dist/router.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"router.d.ts","sourceRoot":"","sources":["../src/router.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,UAAU,CAAC;AAChD,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,kBAAkB,CAAC;AAiFvD;;GAEG;AACH,wBAAgB,cAAc,CAAC,GAAG,EAAE,IAAI,CAAC,eAAe,CAAC,EAAE,MAAM,EAAE,cAAc,QAsZhF"}

package/dist/router.js ADDED Viewed

@@ -0,0 +1,463 @@
+import { CollectionController } from "./controllers/collection.controller.js";
+import { GlobalController } from "./controllers/global.controller.js";
+import { MediaController } from "./controllers/media.controller.js";
+import { AuthController } from "./controllers/auth.controller.js";
+import { PreviewController } from "./controllers/preview.controller.js";
+import { requireAuth, optionalAuth } from "./middleware/auth.js";
+import { generateOpenApi } from "./utils/openapi.js";
+import { getSwaggerHtml } from "./utils/swagger.js";
+import { evaluateAccess } from "./auth/jexl.js";
+/**
+ * Access gate middleware for granular permissions using Jexl.
+ */
+function accessGate(target, action) {
+    return async (c, next) => {
+        const user = c.get('user');
+        const accessExpr = target.access?.[action];
+        // If no access expression, default to public (true) for now to maintain parity with old behavior.
+        // However, if we want to be secure by default, we could change this to false.
+        if (accessExpr === undefined || accessExpr === null) {
+            return await next();
+        }
+        const accessArgs = { user, req: c.req, doc: null };
+        const allowed = await evaluateAccess(accessExpr, accessArgs);
+        if (!allowed) {
+            return c.json({ error: true, message: `Access denied: ${action} on ${target.slug}` }, 403);
+        }
+        await next();
+    };
+}
+async function checkAccess(access, accessArgs) {
+    if (access === undefined || access === null)
+        return true;
+    if (typeof access === 'function') {
+        try {
+            const result = await access(accessArgs);
+            return typeof result === 'boolean' ? result : !!result;
+        }
+        catch (err) {
+            console.error('[dyrected/core] Functional access check failed:', err);
+            return false;
+        }
+    }
+    if (typeof access === 'string' || typeof access === 'boolean') {
+        return evaluateAccess(access, accessArgs);
+    }
+    return true;
+}
+function serializeFieldForApi(f) {
+    if (!f)
+        return f;
+    const serialized = { ...f };
+    if (serialized.admin?.hooks) {
+        const hooks = { ...serialized.admin.hooks };
+        if (typeof hooks.onChange === "function") {
+            hooks.onChange = hooks.onChange.toString();
+        }
+        if (typeof hooks.options === "function") {
+            hooks.options = hooks.options.toString();
+        }
+        serialized.admin = { ...serialized.admin, hooks };
+    }
+    if (typeof serialized.options === "function" || (serialized.options && typeof serialized.options === "object" && "resolve" in serialized.options)) {
+        serialized.options = { _dynamic: true };
+    }
+    if (serialized.fields) {
+        serialized.fields = serialized.fields.map(serializeFieldForApi);
+    }
+    if (serialized.blocks) {
+        serialized.blocks = serialized.blocks.map((b) => ({
+            ...b,
+            fields: b.fields?.map(serializeFieldForApi),
+        }));
+    }
+    return serialized;
+}
+/**
+ * Register dynamic routes based on the provided configuration.
+ */
+export function registerRoutes(app, config) {
+    // 1. Schema Endpoints
+    // Used by the SDK and Admin to understand the content structure
+    app.get("/api/schemas", optionalAuth(), async (c) => {
+        const siteId = c.req.header("X-Site-Id");
+        let collections = [...config.collections];
+        let globals = [...config.globals];
+        if (siteId && config.onSchemaFetch) {
+            const dynamic = await config.onSchemaFetch(siteId);
+            if (dynamic.collections)
+                collections = [...collections, ...dynamic.collections];
+            if (dynamic.globals)
+                globals = [...globals, ...dynamic.globals];
+            // Merge dynamic admin config if provided
+            if (dynamic.admin) {
+                config.admin = { ...config.admin, ...dynamic.admin };
+            }
+        }
+        const user = c.get('user');
+        const accessArgs = { user, req: c.req, doc: null };
+        const serializeAccess = async (access) => {
+            if (typeof access === 'string')
+                return access;
+            if (typeof access === 'boolean')
+                return access;
+            return checkAccess(access, accessArgs);
+        };
+        const filteredCollections = await Promise.all(collections
+            .filter((col) => !siteId || col.shared || !col.siteId || col.siteId === siteId)
+            .map(async (col) => ({
+            slug: col.slug,
+            labels: col.labels,
+            access: {
+                read: await serializeAccess(col.access?.read),
+                create: await serializeAccess(col.access?.create),
+                update: await serializeAccess(col.access?.update),
+                delete: await serializeAccess(col.access?.delete),
+            },
+            fields: await Promise.all(col.fields.map(serializeFieldForApi).map(async (f) => ({
+                name: f.name,
+                type: f.type,
+                label: f.label,
+                required: f.required,
+                defaultValue: f.defaultValue,
+                options: f.options,
+                relationTo: f.relationTo,
+                hasMany: f.hasMany,
+                fields: f.fields,
+                blocks: f.blocks,
+                collection: f.collection,
+                on: f.on,
+                limit: f.limit,
+                admin: f.admin,
+                access: {
+                    read: await serializeAccess(f.access?.read),
+                    update: await serializeAccess(f.access?.update),
+                },
+            }))),
+            upload: !!col.upload,
+            auth: !!col.auth,
+            admin: col.admin,
+        })));
+        const filteredGlobals = await Promise.all(globals
+            .filter((glb) => !siteId || glb.shared || !glb.siteId || glb.siteId === siteId)
+            .map(async (glb) => ({
+            slug: glb.slug,
+            label: glb.label,
+            access: {
+                read: await serializeAccess(glb.access?.read),
+                update: await serializeAccess(glb.access?.update),
+            },
+            fields: await Promise.all(glb.fields.map(serializeFieldForApi).map(async (f) => ({
+                name: f.name,
+                type: f.type,
+                label: f.label,
+                required: f.required,
+                defaultValue: f.defaultValue,
+                options: f.options,
+                relationTo: f.relationTo,
+                hasMany: f.hasMany,
+                fields: f.fields,
+                blocks: f.blocks,
+                collection: f.collection,
+                on: f.on,
+                limit: f.limit,
+                admin: f.admin,
+                access: {
+                    read: await serializeAccess(f.access?.read),
+                    update: await serializeAccess(f.access?.update),
+                },
+            }))),
+            admin: glb.admin,
+        })));
+        return c.json({
+            collections: filteredCollections,
+            globals: filteredGlobals,
+            admin: config.admin || {},
+        });
+    });
+    app.get("/api/dyrected/options/:collection/:field", optionalAuth(), async (c) => {
+        const { collection: colSlug, field: fieldName } = c.req.param();
+        const siteId = c.req.header("X-Site-Id");
+        // Resolve collections
+        let collections = [...config.collections];
+        if (siteId && config.onSchemaFetch) {
+            const dynamic = await config.onSchemaFetch(siteId);
+            if (dynamic.collections)
+                collections = [...collections, ...dynamic.collections];
+        }
+        const user = c.get('user');
+        let collection = collections.find((col) => col.slug === colSlug);
+        let field;
+        if (collection) {
+            // Check read access on collection
+            const accessExpr = collection.access?.read;
+            if (accessExpr !== undefined && accessExpr !== null) {
+                const accessArgs = { user, req: c.req, doc: null };
+                const allowed = await checkAccess(accessExpr, accessArgs);
+                if (!allowed) {
+                    return c.json({ error: true, message: `Access denied: read on ${colSlug}` }, 403);
+                }
+            }
+            field = collection.fields.find((f) => f.name === fieldName);
+        }
+        else {
+            let globals = [...config.globals];
+            if (siteId && config.onSchemaFetch) {
+                const dynamic = await config.onSchemaFetch(siteId);
+                if (dynamic.globals)
+                    globals = [...globals, ...dynamic.globals];
+            }
+            const glb = globals.find((g) => g.slug === colSlug);
+            if (!glb) {
+                return c.json({ error: true, message: `${colSlug} not found as collection or global` }, 404);
+            }
+            // Check read access on global
+            const accessExpr = glb.access?.read;
+            if (accessExpr !== undefined && accessExpr !== null) {
+                const accessArgs = { user, req: c.req, doc: null };
+                const allowed = await checkAccess(accessExpr, accessArgs);
+                if (!allowed) {
+                    return c.json({ error: true, message: `Access denied: read on global ${colSlug}` }, 403);
+                }
+            }
+            field = glb.fields.find((f) => f.name === fieldName);
+        }
+        if (!field) {
+            return c.json({ error: true, message: `Field ${fieldName} not found in ${colSlug}` }, 404);
+        }
+        // Get the resolver
+        let resolver;
+        if (typeof field.options === "function") {
+            resolver = field.options;
+        }
+        else if (field.options && typeof field.options === "object" && "resolve" in field.options) {
+            resolver = field.options.resolve;
+        }
+        if (!resolver) {
+            return c.json({ error: true, message: `Field ${fieldName} in ${colSlug} is not dynamic` }, 400);
+        }
+        try {
+            const db = c.get("db") || config.db;
+            // Construct a request query helper
+            const queryParams = c.req.query();
+            const reqContext = {
+                query: queryParams,
+                headers: c.req.header(),
+                raw: c.req.raw,
+            };
+            const result = await resolver({
+                db,
+                user,
+                req: reqContext,
+            });
+            return c.json(result);
+        }
+        catch (err) {
+            console.error(`[dyrected/core] Failed to resolve dynamic options for field ${fieldName}:`, err);
+            return c.json({ error: true, message: err.message || "Failed to resolve dynamic options" }, 500);
+        }
+    });
+    app.get("/api/openapi.json", (c) => {
+        return c.json(generateOpenApi(config));
+    });
+    app.get("/api/docs", (c) => {
+        return c.html(getSwaggerHtml());
+    });
+    app.get("/api/preferences/:key", requireAuth(), async (c) => {
+        const db = config.db;
+        const user = c.get("user");
+        const key = c.req.param("key");
+        if (!db)
+            return c.json({ message: "Database not configured" }, 500);
+        if (!user?.collection || !user.sub)
+            return c.json({ error: true, message: "Authentication required." }, 401);
+        const doc = await db.findOne({ collection: user.collection, id: user.sub });
+        if (!doc)
+            return c.json({ error: true, message: "User not found." }, 404);
+        const preferences = typeof doc.__preferences === "object" && doc.__preferences !== null
+            ? doc.__preferences
+            : {};
+        return c.json({ key, value: preferences[key] ?? null });
+    });
+    app.put("/api/preferences/:key", requireAuth(), async (c) => {
+        const db = config.db;
+        const user = c.get("user");
+        const key = c.req.param("key");
+        if (!db)
+            return c.json({ message: "Database not configured" }, 500);
+        if (!user?.collection || !user.sub)
+            return c.json({ error: true, message: "Authentication required." }, 401);
+        const body = await c.req.json().catch(() => ({}));
+        const doc = await db.findOne({ collection: user.collection, id: user.sub });
+        if (!doc)
+            return c.json({ error: true, message: "User not found." }, 404);
+        const preferences = typeof doc.__preferences === "object" && doc.__preferences !== null
+            ? doc.__preferences
+            : {};
+        const nextPreferences = { ...preferences, [key]: body.value };
+        await db.update({
+            collection: user.collection,
+            id: user.sub,
+            data: { __preferences: nextPreferences },
+        });
+        return c.json({ key, value: body.value });
+    });
+    // Global Media Fallback (Proxies to the 'media' collection)
+    app.get("/api/media/:filename{.+$}", async (c) => {
+        const mediaController = new MediaController("media");
+        return mediaController.serve(c);
+    });
+    app.get("/media/:filename{.+$}", async (c) => {
+        const mediaController = new MediaController("media");
+        return mediaController.serve(c);
+    });
+    // 2. Media Routes (Conditional & Dynamic)
+    if (config.storage) {
+        const uploadCollections = config.collections.filter((c) => c.upload);
+        // Register routes for each upload-enabled collection
+        for (const col of uploadCollections) {
+            const mediaController = new MediaController(col.slug);
+            const prefix = `/api/collections/${col.slug}`;
+            app.get(`${prefix}/media`, accessGate(col, 'read'), (c) => mediaController.find(c));
+            app.get(`${prefix}/media/:filename{.+$}`, (c) => mediaController.serve(c));
+            app.post(`${prefix}/media`, accessGate(col, 'create'), (c) => mediaController.upload(c));
+            app.delete(`${prefix}/media/:id`, accessGate(col, 'delete'), (c) => mediaController.delete(c));
+        }
+    }
+    // 3. Auth Routes — for collections with auth: true
+    for (const collection of config.collections) {
+        if (!collection.auth)
+            continue;
+        const path = `/api/collections/${collection.slug}`;
+        const authController = new AuthController(collection);
+        app.post(`${path}/login`, (c) => authController.login(c));
+        app.post(`${path}/logout`, (c) => authController.logout(c));
+        app.get(`${path}/init`, (c) => authController.init(c));
+        app.post(`${path}/first-user`, (c) => authController.registerFirstUser(c));
+        // /me and /refresh-token require a valid token
+        app.get(`${path}/me`, requireAuth(), (c) => authController.me(c));
+        app.post(`${path}/refresh-token`, requireAuth(), (c) => authController.refreshToken(c));
+        app.post(`${path}/forgot-password`, (c) => authController.forgotPassword(c));
+        app.post(`${path}/reset-password`, (c) => authController.resetPassword(c));
+        app.post(`${path}/invite`, requireAuth(), (c) => authController.invite(c));
+        app.post(`${path}/accept-invite`, (c) => authController.acceptInvite(c));
+    }
+    // 4. Collection Routes (Static)
+    for (const collection of config.collections) {
+        const path = `/api/collections/${collection.slug}`;
+        const controller = new CollectionController(collection);
+        app.get(path, accessGate(collection, 'read'), (c) => controller.find(c));
+        app.post(path, accessGate(collection, 'create'), (c) => controller.create(c));
+        app.post(`${path}/media`, accessGate(collection, 'create'), (c) => controller.create(c));
+        // delete-many must be registered before /:id to avoid the wildcard swallowing it
+        app.delete(`${path}/delete-many`, accessGate(collection, 'delete'), (c) => controller.deleteMany(c));
+        app.get(`${path}/:id`, accessGate(collection, 'read'), (c) => controller.findOne(c));
+        app.patch(`${path}/:id`, accessGate(collection, 'update'), (c) => controller.update(c));
+        app.delete(`${path}/:id`, accessGate(collection, 'delete'), (c) => controller.delete(c));
+        app.post(`${path}/seed`, (c) => controller.seed(c));
+        // Dedicated password-change endpoint (auth collections only)
+        if (collection.auth) {
+            app.post(`${path}/:id/change-password`, requireAuth(), (c) => controller.changePassword(c));
+        }
+    }
+    // 5. Global Routes (Static)
+    for (const global of config.globals) {
+        const path = `/api/globals/${global.slug}`;
+        const controller = new GlobalController(global);
+        app.get(path, accessGate(global, 'read'), (c) => controller.get(c));
+        app.patch(path, accessGate(global, 'update'), (c) => controller.update(c));
+        app.post(`${path}/seed`, (c) => controller.seed(c));
+    }
+    // 6. Preview Routes
+    const previewController = new PreviewController();
+    app.post("/api/preview-token", requireAuth(), (c) => previewController.createToken(c));
+    app.get("/api/preview-data", (c) => previewController.getData(c));
+    // 7. Dynamic Routes (Tenant-specific)
+    // This handles collections/globals defined via sync:schema and fetched via onSchemaFetch
+    app.all("/api/collections/:slug/:id?", async (c) => {
+        const slug = c.req.param("slug");
+        const id = c.req.param("id");
+        const siteId = c.req.header("X-Site-Id") || c.get("siteId");
+        const config = c.get("config");
+        // Skip if static (already handled by routes above)
+        if (config.collections.some((col) => col.slug === slug)) {
+            return c.json({ message: "Method Not Allowed" }, 405);
+        }
+        if (config.onSchemaFetch && siteId) {
+            const dynamic = await config.onSchemaFetch(siteId);
+            let collection = dynamic.collections?.find((col) => col.slug === slug);
+            if (!collection && slug === "media") {
+                collection = {
+                    slug: "media",
+                    labels: { singular: "Media", plural: "Media" },
+                    upload: true,
+                    fields: [],
+                };
+            }
+            if (collection) {
+                // Handle auth sub-routes for dynamic auth collections
+                if (collection.auth && id) {
+                    const authController = new AuthController(collection);
+                    const method = c.req.method;
+                    if (method === "POST" && id === "login")
+                        return authController.login(c);
+                    if (method === "POST" && id === "logout")
+                        return authController.logout(c);
+                    if (method === "GET" && id === "me")
+                        return authController.me(c);
+                    if (method === "POST" && id === "refresh-token")
+                        return authController.refreshToken(c);
+                    if (method === "POST" && id === "forgot-password")
+                        return authController.forgotPassword(c);
+                    if (method === "POST" && id === "reset-password")
+                        return authController.resetPassword(c);
+                }
+                const controller = new CollectionController(collection);
+                const method = c.req.method;
+                if (id) {
+                    if (method === "GET")
+                        return controller.findOne(c);
+                    if (method === "PATCH")
+                        return controller.update(c);
+                    if (method === "DELETE" && id === "delete-many")
+                        return controller.deleteMany(c);
+                    if (method === "DELETE")
+                        return controller.delete(c);
+                    if (method === "POST" && id === "media")
+                        return controller.create(c);
+                    if (method === "POST" && id === "seed")
+                        return controller.seed(c);
+                }
+                else {
+                    if (method === "GET")
+                        return controller.find(c);
+                    if (method === "POST")
+                        return controller.create(c);
+                }
+            }
+        }
+        return c.json({ message: `Collection "${slug}" not found` }, 404);
+    });
+    app.all("/api/globals/:slug", async (c) => {
+        const slug = c.req.param("slug");
+        const siteId = c.req.header("X-Site-Id") || c.get("siteId");
+        const config = c.get("config");
+        // Skip if static
+        if (config.globals.some((glb) => glb.slug === slug)) {
+            return c.json({ message: "Method Not Allowed" }, 405);
+        }
+        if (config.onSchemaFetch && siteId) {
+            const dynamic = await config.onSchemaFetch(siteId);
+            const global = dynamic.globals?.find((glb) => glb.slug === slug);
+            if (global) {
+                const controller = new GlobalController(global);
+                if (c.req.method === "GET")
+                    return controller.get(c);
+                if (c.req.method === "PATCH")
+                    return controller.update(c);
+            }
+        }
+        return c.json({ message: `Global "${slug}" not found` }, 404);
+    });
+}
+//# sourceMappingURL=router.js.map