npm - @ekrist1/vulse - Versions diffs - 0.1.6-alpha.3 → 0.1.7-alpha.4 - Mend

@ekrist1/vulse 0.1.6-alpha.3 → 0.1.7-alpha.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (264) hide show

package/dist/cli/migrate.d.ts.map +1 -1
package/dist/cli/migrate.js +3 -4
package/dist/cli/setup.d.ts.map +1 -1
package/dist/cli/setup.js +11 -10
package/dist/core/blueprints/compile.d.ts +1 -1
package/dist/core/blueprints/compile.d.ts.map +1 -1
package/dist/core/blueprints/compile.js +3 -3
package/dist/core/blueprints/mutations.js +2 -2
package/dist/core/forms/rate-limit.d.ts +1 -1
package/dist/core/forms/rate-limit.d.ts.map +1 -1
package/dist/core/forms/rate-limit.js +3 -3
package/dist/core/forms/unique.d.ts +1 -1
package/dist/core/forms/unique.d.ts.map +1 -1
package/dist/core/forms/unique.js +4 -4
package/dist/core/globals/compile.d.ts +1 -1
package/dist/core/globals/compile.d.ts.map +1 -1
package/dist/core/globals/compile.js +2 -2
package/dist/core/globals/definition.d.ts +1 -1
package/dist/core/globals/definition.d.ts.map +1 -1
package/dist/core/globals/definition.js +3 -3
package/dist/core/repos/globals.js +3 -3
package/dist/core/sha256.d.ts +3 -0
package/dist/core/sha256.d.ts.map +1 -0
package/dist/core/sha256.js +9 -0
package/dist/integration/index.js +1 -1
package/dist/integration/install-hook.d.ts.map +1 -1
package/dist/integration/install-hook.js +6 -4
package/dist/integration/wrangler-config.d.ts +12 -0
package/dist/integration/wrangler-config.d.ts.map +1 -0
package/dist/integration/wrangler-config.js +97 -0
package/dist/integration/wrangler-patch.d.ts +1 -0
package/dist/integration/wrangler-patch.d.ts.map +1 -1
package/dist/integration/wrangler-patch.js +2 -1
package/dist/server/routes/form-submit.js +1 -1
package/dist/version.d.ts +1 -1
package/dist/version.js +1 -1
package/package.json +11 -3
package/src/admin/assets/logo-mark.svg +5 -0
package/src/admin/client/active-locale.ts +17 -0
package/src/admin/client/api.ts +21 -0
package/src/admin/client/form-from-zod.ts +7 -0
package/src/admin/client/live-preview-enabled.ts +5 -0
package/src/admin/components/AdminShell.astro +45 -0
package/src/admin/components/AuthSettings.vue +60 -0
package/src/admin/components/BlockEditor.vue +53 -0
package/src/admin/components/BlueprintEditor.vue +1783 -0
package/src/admin/components/CollectionKindIcon.vue +26 -0
package/src/admin/components/CollectionTree.vue +220 -0
package/src/admin/components/EntryEditorWithPreview.vue +130 -0
package/src/admin/components/EntryForm.vue +411 -0
package/src/admin/components/EntryList.vue +121 -0
package/src/admin/components/EntryStatusBadge.vue +24 -0
package/src/admin/components/FormEditor.vue +233 -0
package/src/admin/components/FormList.vue +54 -0
package/src/admin/components/GlobalSetEditor.vue +272 -0
package/src/admin/components/GlobalSetList.vue +55 -0
package/src/admin/components/LivePreviewPanel.vue +171 -0
package/src/admin/components/LoginForm.vue +53 -0
package/src/admin/components/MediaLibrary.vue +106 -0
package/src/admin/components/MediaPicker.vue +49 -0
package/src/admin/components/RevisionDiff.vue +11 -0
package/src/admin/components/RevisionList.vue +134 -0
package/src/admin/components/SeoFields.vue +113 -0
package/src/admin/components/SetEditor.vue +137 -0
package/src/admin/components/SetList.vue +32 -0
package/src/admin/components/SettingsForm.vue +189 -0
package/src/admin/components/SideNav.vue +152 -0
package/src/admin/components/SubmissionDetail.vue +45 -0
package/src/admin/components/SubmissionList.vue +89 -0
package/src/admin/components/ToastHost.vue +33 -0
package/src/admin/components/TreeRow.vue +163 -0
package/src/admin/components/UserEditor.vue +186 -0
package/src/admin/components/UserList.vue +46 -0
package/src/admin/components/blocks/BlockItem.vue +32 -0
package/src/admin/components/blocks/BlockToolbar.vue +12 -0
package/src/admin/components/blocks/edit/CodeEdit.vue +18 -0
package/src/admin/components/blocks/edit/EmbedEdit.vue +14 -0
package/src/admin/components/blocks/edit/HeadingEdit.vue +19 -0
package/src/admin/components/blocks/edit/ImageEdit.vue +40 -0
package/src/admin/components/blocks/edit/ListEdit.vue +36 -0
package/src/admin/components/blocks/edit/ParagraphEdit.vue +14 -0
package/src/admin/components/blocks/edit/QuoteEdit.vue +18 -0
package/src/admin/components/fields/BlocksField.vue +123 -0
package/src/admin/components/fields/BlocksSetsPicker.vue +59 -0
package/src/admin/components/fields/BoolField.vue +10 -0
package/src/admin/components/fields/DateField.vue +22 -0
package/src/admin/components/fields/EntriesField.vue +153 -0
package/src/admin/components/fields/EntryField.vue +138 -0
package/src/admin/components/fields/EnumField.vue +81 -0
package/src/admin/components/fields/FieldRenderer.vue +87 -0
package/src/admin/components/fields/GridField.vue +173 -0
package/src/admin/components/fields/LinkField.vue +219 -0
package/src/admin/components/fields/MediaField.vue +69 -0
package/src/admin/components/fields/NumberField.vue +12 -0
package/src/admin/components/fields/ObjectField.vue +18 -0
package/src/admin/components/fields/RefField.vue +170 -0
package/src/admin/components/fields/RepeaterField.vue +27 -0
package/src/admin/components/fields/ReplicatorField.vue +121 -0
package/src/admin/components/fields/TextField.vue +11 -0
package/src/admin/components/fields/TextareaField.vue +11 -0
package/src/admin/components/fields/VulseAccordionGroupNodeView.vue +82 -0
package/src/admin/components/fields/VulseAccordionNodeView.vue +128 -0
package/src/admin/components/fields/VulseCalloutNodeView.vue +81 -0
package/src/admin/components/fields/VulseIframeNodeView.vue +112 -0
package/src/admin/components/fields/VulseSetNodeView.vue +68 -0
package/src/admin/components/fields/VulseVideoNodeView.vue +104 -0
package/src/admin/components/fields/blocks-editor-extensions.ts +26 -0
package/src/admin/components/fields/emoji-extension.ts +54 -0
package/src/admin/components/fields/link-extension.ts +48 -0
package/src/admin/components/fields/set-node-utils.ts +115 -0
package/src/admin/components/fields/url-utils.ts +85 -0
package/src/admin/components/fields/vulse-accordion-extension.ts +64 -0
package/src/admin/components/fields/vulse-accordion-group-extension.ts +49 -0
package/src/admin/components/fields/vulse-callout-extension.ts +53 -0
package/src/admin/components/fields/vulse-iframe-extension.ts +96 -0
package/src/admin/components/fields/vulse-set-extension.ts +66 -0
package/src/admin/components/fields/vulse-video-extension.ts +65 -0
package/src/admin/composables/toast.ts +35 -0
package/src/admin/composables/useEntrySearch.ts +112 -0
package/src/admin/composables/useSets.ts +31 -0
package/src/admin/pages/collections/[name]/[id]/revisions.astro +27 -0
package/src/admin/pages/collections/[name]/[id].astro +90 -0
package/src/admin/pages/collections/[name]/index.astro +31 -0
package/src/admin/pages/collections/[name]/new.astro +38 -0
package/src/admin/pages/forms/[handle]/submissions/[id].astro +9 -0
package/src/admin/pages/forms/[handle]/submissions/index.astro +9 -0
package/src/admin/pages/forms/[handle].astro +9 -0
package/src/admin/pages/forms/index.astro +7 -0
package/src/admin/pages/forms/new.astro +7 -0
package/src/admin/pages/index.astro +36 -0
package/src/admin/pages/login.astro +14 -0
package/src/admin/pages/media.astro +8 -0
package/src/admin/pages/schema/[handle].astro +10 -0
package/src/admin/pages/schema/new.astro +9 -0
package/src/admin/pages/settings/auth.astro +9 -0
package/src/admin/pages/settings/globals/[handle].astro +9 -0
package/src/admin/pages/settings/globals/index.astro +7 -0
package/src/admin/pages/settings/globals/new.astro +7 -0
package/src/admin/pages/settings/index.astro +8 -0
package/src/admin/pages/settings/sets/[handle].astro +9 -0
package/src/admin/pages/settings/sets/index.astro +7 -0
package/src/admin/pages/settings/sets/new.astro +7 -0
package/src/admin/pages/users/[id].astro +10 -0
package/src/admin/pages/users/index.astro +8 -0
package/src/admin/styles/admin.css +166 -0
package/src/core/access.ts +9 -0
package/src/core/blocks/schema.ts +66 -0
package/src/core/blueprints/code-to-definition.ts +156 -0
package/src/core/blueprints/compile.ts +176 -0
package/src/core/blueprints/define.ts +12 -0
package/src/core/blueprints/definition.ts +185 -0
package/src/core/blueprints/load.ts +144 -0
package/src/core/blueprints/mutations.ts +236 -0
package/src/core/blueprints/preview-path.ts +33 -0
package/src/core/blueprints/reflect-fields.ts +305 -0
package/src/core/blueprints/registry.ts +14 -0
package/src/core/blueprints/seed.ts +20 -0
package/src/core/blueprints/select-helpers.ts +30 -0
package/src/core/blueprints/seo.ts +180 -0
package/src/core/blueprints/types.ts +59 -0
package/src/core/blueprints/zod-helpers.ts +86 -0
package/src/core/db.ts +11 -0
package/src/core/errors.ts +34 -0
package/src/core/forms/compile.ts +84 -0
package/src/core/forms/definition.ts +102 -0
package/src/core/forms/rate-limit.ts +52 -0
package/src/core/forms/unique.ts +38 -0
package/src/core/globals/compile.ts +35 -0
package/src/core/globals/definition.ts +27 -0
package/src/core/locales.ts +45 -0
package/src/core/migrations.ts +48 -0
package/src/core/parse-content.ts +85 -0
package/src/core/plugins/definition.ts +150 -0
package/src/core/preview-content.ts +21 -0
package/src/core/repos/entries.ts +504 -0
package/src/core/repos/forms.ts +270 -0
package/src/core/repos/globals.ts +179 -0
package/src/core/repos/media.ts +106 -0
package/src/core/repos/preview-sessions.ts +108 -0
package/src/core/repos/revisions.ts +60 -0
package/src/core/repos/settings.ts +23 -0
package/src/core/schema.ts +244 -0
package/src/core/sets/compile.ts +12 -0
package/src/core/sets/definition.ts +10 -0
package/src/core/sets/service.ts +82 -0
package/src/core/sets/validate-tree.ts +57 -0
package/src/core/sha256.ts +10 -0
package/src/core/slug.ts +30 -0
package/src/scaffold/collection-write.ts +83 -0
package/src/scaffold/collection.ts +277 -0
package/src/server/assets/live-preview-bridge.content.ts +2 -0
package/src/server/assets/live-preview-bridge.js +535 -0
package/src/server/better-auth.ts +82 -0
package/src/server/cf-images.ts +34 -0
package/src/server/cron.ts +37 -0
package/src/server/email.ts +17 -0
package/src/server/endpoints/api-auth.ts +10 -0
package/src/server/endpoints/api-vulse-blueprints.ts +23 -0
package/src/server/endpoints/api-vulse-entries-locales.ts +12 -0
package/src/server/endpoints/api-vulse-entries-move.ts +7 -0
package/src/server/endpoints/api-vulse-entries-publish.ts +7 -0
package/src/server/endpoints/api-vulse-entries-tree.ts +7 -0
package/src/server/endpoints/api-vulse-entries.ts +23 -0
package/src/server/endpoints/api-vulse-form-handle.ts +30 -0
package/src/server/endpoints/api-vulse-form-public.ts +7 -0
package/src/server/endpoints/api-vulse-form-submit.ts +7 -0
package/src/server/endpoints/api-vulse-form-upload.ts +7 -0
package/src/server/endpoints/api-vulse-forms.ts +12 -0
package/src/server/endpoints/api-vulse-globals-handle.ts +20 -0
package/src/server/endpoints/api-vulse-globals-public-handle.ts +7 -0
package/src/server/endpoints/api-vulse-globals-public.ts +7 -0
package/src/server/endpoints/api-vulse-globals-value.ts +8 -0
package/src/server/endpoints/api-vulse-globals.ts +12 -0
package/src/server/endpoints/api-vulse-media-file.ts +7 -0
package/src/server/endpoints/api-vulse-media-id.ts +12 -0
package/src/server/endpoints/api-vulse-media.ts +12 -0
package/src/server/endpoints/api-vulse-preview-bridge.ts +11 -0
package/src/server/endpoints/api-vulse-preview-sessions-id.ts +10 -0
package/src/server/endpoints/api-vulse-preview-sessions.ts +7 -0
package/src/server/endpoints/api-vulse-preview-start.ts +7 -0
package/src/server/endpoints/api-vulse-preview-stop.ts +7 -0
package/src/server/endpoints/api-vulse-revisions-restore.ts +7 -0
package/src/server/endpoints/api-vulse-revisions.ts +7 -0
package/src/server/endpoints/api-vulse-search.ts +7 -0
package/src/server/endpoints/api-vulse-sets.ts +23 -0
package/src/server/endpoints/api-vulse-settings.ts +12 -0
package/src/server/endpoints/api-vulse-users-id.ts +12 -0
package/src/server/endpoints/api-vulse-users-reset-password.ts +7 -0
package/src/server/endpoints/api-vulse-users-role.ts +9 -0
package/src/server/endpoints/api-vulse-users.ts +7 -0
package/src/server/endpoints/with-runtime.ts +11 -0
package/src/server/env.ts +23 -0
package/src/server/envelope.ts +21 -0
package/src/server/forms/email.ts +11 -0
package/src/server/forms/process-submission.ts +95 -0
package/src/server/forms/queue.ts +25 -0
package/src/server/forms/templates.ts +24 -0
package/src/server/forms/webhook.ts +19 -0
package/src/server/handler.ts +66 -0
package/src/server/image-probe.ts +35 -0
package/src/server/loader.ts +54 -0
package/src/server/plugins.ts +214 -0
package/src/server/preview.ts +25 -0
package/src/server/r2.ts +13 -0
package/src/server/routes/blueprints.ts +62 -0
package/src/server/routes/entries.ts +255 -0
package/src/server/routes/form-submit.ts +168 -0
package/src/server/routes/form-upload.ts +100 -0
package/src/server/routes/forms.ts +88 -0
package/src/server/routes/globals-public.ts +30 -0
package/src/server/routes/globals.ts +93 -0
package/src/server/routes/media.ts +145 -0
package/src/server/routes/preview-sessions.ts +76 -0
package/src/server/routes/preview.ts +36 -0
package/src/server/routes/revisions.ts +29 -0
package/src/server/routes/search.ts +31 -0
package/src/server/routes/sets.ts +40 -0
package/src/server/routes/settings.ts +24 -0
package/src/server/routes/users.ts +127 -0
package/src/server/runtime.ts +99 -0
package/src/server/sdk/collections.ts +98 -0
package/src/server/sdk/index.ts +25 -0
package/src/server/sdk/media.ts +11 -0
package/src/server/sdk/search.ts +90 -0

package/src/server/routes/globals.ts ADDED Viewed

@@ -0,0 +1,93 @@
+import { z } from 'astro/zod'
+import type { Auth } from '../better-auth.js'
+import type { VulseDb } from '../../core/db.js'
+import { GlobalsRepo } from '../../core/repos/globals.js'
+import { GlobalSetDefinitionSchema } from '../../core/globals/definition.js'
+import { NotFoundError } from '../../core/errors.js'
+import { defineHandler } from '../handler.js'
+const paramsHandle = z.object({ handle: z.string() })
+export function globalsRoutes(db: VulseDb, auth: Auth) {
+  const globals = new GlobalsRepo(db)
+  return {
+    list: defineHandler(auth, { requireRole: ['admin', 'editor'] }, async () => {
+      const rows = await globals.listSets()
+      return rows.map((row) => ({
+        handle: row.handle,
+        label: row.label,
+        fieldCount: row.definition.fields.length,
+        createdAt: row.createdAt,
+        updatedAt: row.updatedAt,
+      }))
+    }),
+    get: defineHandler(auth, {
+      params: paramsHandle,
+      requireRole: ['admin', 'editor'],
+    }, async ({ params }) => {
+      const set = await globals.findSetByHandle(params.handle)
+      if (!set) throw new NotFoundError('global set not found')
+      const value = await globals.getValue(params.handle)
+      return {
+        set: {
+          handle: set.handle,
+          label: set.label,
+          fields: set.definition.fields,
+          createdAt: set.createdAt,
+          updatedAt: set.updatedAt,
+        },
+        value: value ? {
+          handle: value.handle,
+          content: value.content,
+          createdAt: value.createdAt,
+          updatedAt: value.updatedAt,
+        } : null,
+      }
+    }),
+    create: defineHandler(auth, {
+      body: GlobalSetDefinitionSchema,
+      requireRole: ['admin'],
+    }, async ({ body }) => {
+      const row = await globals.createSet(body)
+      return {
+        handle: row.handle,
+        label: row.label,
+        fields: row.definition.fields,
+        createdAt: row.createdAt,
+        updatedAt: row.updatedAt,
+      }
+    }),
+    update: defineHandler(auth, {
+      params: paramsHandle,
+      body: GlobalSetDefinitionSchema,
+      requireRole: ['admin'],
+    }, async ({ params, body }) => {
+      const row = await globals.updateSet(params.handle, body)
+      return {
+        handle: row.handle,
+        label: row.label,
+        fields: row.definition.fields,
+        createdAt: row.createdAt,
+        updatedAt: row.updatedAt,
+      }
+    }),
+    updateValue: defineHandler(auth, {
+      params: paramsHandle,
+      body: z.record(z.string(), z.unknown()),
+      requireRole: ['admin'],
+    }, async ({ params, body }) => globals.updateValue(params.handle, body)),
+    delete: defineHandler(auth, {
+      params: paramsHandle,
+      requireRole: ['admin'],
+    }, async ({ params }) => {
+      await globals.deleteSet(params.handle)
+      return null
+    }),
+  }
+}

package/src/server/routes/media.ts ADDED Viewed

@@ -0,0 +1,145 @@
+import { z } from 'astro/zod'
+import type { VulseDb } from '../../core/db.js'
+import type { Auth } from '../better-auth.js'
+import type { AuthContext, Role } from '../../core/blueprints/types.js'
+import { MediaRepo, type MediaRow } from '../../core/repos/media.js'
+import { defineHandler } from '../handler.js'
+import { putToR2, deleteFromR2 } from '../r2.js'
+import { probeDimensions } from '../image-probe.js'
+import { buildDeliveryUrl, type CfImagesConfig } from '../cf-images.js'
+import { AccessDeniedError, NotFoundError, ValidationError } from '../../core/errors.js'
+import { fail, ok } from '../envelope.js'
+export interface MediaEnv {
+  bucket: R2Bucket
+  cfImages: CfImagesConfig
+}
+export interface MediaItem extends MediaRow {
+  deliveryUrl: string | null
+  previewUrl: string
+}
+const paramsId = z.object({ id: z.string() })
+const ALLOWED_MIME = new Set([
+  'image/jpeg',
+  'image/png',
+  'image/gif',
+  'image/webp',
+  'image/avif',
+  'image/svg+xml',
+])
+const MAX_UPLOAD_BYTES = 25 * 1024 * 1024 // 25 MB
+export function mediaRoutes(db: VulseDb, auth: Auth, mediaEnv: MediaEnv) {
+  const repo = new MediaRepo(db)
+  function withUrls(row: MediaRow): MediaItem {
+    const deliveryUrl = buildDeliveryUrl(mediaEnv.cfImages, row.id)
+    return {
+      ...row,
+      deliveryUrl,
+      previewUrl: deliveryUrl ?? `/api/vulse/media/${row.id}/file`,
+    }
+  }
+  async function requireRole(request: Request, roles: Role[]): Promise<AuthContext> {
+    const session = await auth.api.getSession({ headers: request.headers })
+    const authCtx: AuthContext = session ? {
+      user: {
+        id: session.user.id,
+        email: session.user.email,
+        role: (session.user as { role?: Role }).role ?? 'member',
+      },
+    } : { user: null }
+    if (!authCtx.user) throw new AccessDeniedError('Authentication required')
+    if (!roles.includes(authCtx.user.role)) {
+      throw new AccessDeniedError(`Requires role: ${roles.join(' or ')}`)
+    }
+    return authCtx
+  }
+  return {
+    list: defineHandler(auth, { requireRole: ['admin', 'editor'] }, async () => {
+      return (await repo.list({})).map(withUrls)
+    }),
+    upload: async (request: Request): Promise<Response> => {
+      try {
+        const authCtx = await requireRole(request, ['admin', 'editor'])
+        const form = await request.formData()
+        const entry = form.get('file')
+        if (!entry || typeof entry === 'string') throw new ValidationError('file required')
+        const file = entry as File
+        if (!ALLOWED_MIME.has(file.type)) {
+          throw new ValidationError(`Unsupported file type: ${file.type || 'unknown'}`)
+        }
+        if (file.size > MAX_UPLOAD_BYTES) {
+          throw new ValidationError(`File too large (max ${MAX_UPLOAD_BYTES} bytes)`)
+        }
+        const buf = await file.arrayBuffer()
+        if (buf.byteLength > MAX_UPLOAD_BYTES) {
+          throw new ValidationError(`File too large (max ${MAX_UPLOAD_BYTES} bytes)`)
+        }
+        const dims = probeDimensions(buf, file.type)
+        const { key } = await putToR2({ bucket: mediaEnv.bucket }, buf, file.type)
+        const row = await repo.create({
+          r2Key: key,
+          mime: file.type,
+          size: file.size,
+          ...(dims?.width !== undefined ? { width: dims.width } : {}),
+          ...(dims?.height !== undefined ? { height: dims.height } : {}),
+          uploadedBy: authCtx.user!.id,
+        })
+        return ok(withUrls(row))
+      } catch (err) {
+        return fail(err)
+      }
+    },
+    updateAlt: defineHandler(auth, {
+      params: paramsId,
+      body: z.object({ alt: z.string() }),
+      requireRole: ['admin', 'editor'],
+    }, async ({ params, body }) => {
+      await repo.updateAlt(params.id, body.alt)
+      return { ok: true }
+    }),
+    delete: defineHandler(auth, {
+      params: paramsId,
+      requireRole: ['admin', 'editor'],
+    }, async ({ params }) => {
+      await repo.softDelete(params.id)
+      return { ok: true }
+    }),
+    file: async (request: Request, rawParams: Record<string, string>): Promise<Response> => {
+      try {
+        await requireRole(request, ['admin', 'editor'])
+        const id = rawParams.id
+        if (!id) throw new ValidationError('id required')
+        const row = await repo.findById(id)
+        if (!row || row.deletedAt) throw new NotFoundError(`Media ${id} not found`)
+        const obj = await mediaEnv.bucket.get(row.r2Key)
+        if (!obj) throw new NotFoundError(`Media file ${id} not found`)
+        const headers = new Headers()
+        if (obj.httpMetadata?.contentType) headers.set('content-type', obj.httpMetadata.contentType)
+        headers.set('cache-control', 'private, max-age=3600')
+        return new Response(obj.body, { headers })
+      } catch (err) {
+        return fail(err)
+      }
+    },
+    purge: async (): Promise<{ purged: number }> => {
+      const rows = await repo.listPurgeable(7)
+      for (const r of rows) {
+        await deleteFromR2({ bucket: mediaEnv.bucket }, r.r2Key)
+        await repo.hardDelete(r.id)
+      }
+      return { purged: rows.length }
+    },
+  }
+}

package/src/server/routes/preview-sessions.ts ADDED Viewed

@@ -0,0 +1,76 @@
+import { z } from 'astro/zod'
+import type { Auth } from '../better-auth.js'
+import type { VulseDb } from '../../core/db.js'
+import type { BlueprintRegistry } from '../../core/blueprints/registry.js'
+import { defineHandler } from '../handler.js'
+import { resolvePreviewPath } from '../../core/blueprints/preview-path.js'
+import { PreviewSessionsRepo } from '../../core/repos/preview-sessions.js'
+import { AccessDeniedError, NotFoundError } from '../../core/errors.js'
+function buildPreviewUrl(origin: string, pathTemplate: string, slug: string, token: string): string {
+  const path = pathTemplate.replace('{slug}', encodeURIComponent(slug))
+  const url = new URL(path, origin)
+  url.searchParams.set('vulse_live_preview', token)
+  return url.toString()
+}
+export function previewSessionsRoutes(db: VulseDb, auth: Auth, registry: BlueprintRegistry) {
+  const repo = new PreviewSessionsRepo(db)
+  return {
+    create: defineHandler(auth, {
+      requireRole: ['admin', 'editor'],
+      body: z.object({
+        collection: z.string(),
+        entryId: z.string().nullable().optional(),
+        slug: z.string(),
+        content: z.record(z.string(), z.unknown()),
+        locale: z.string().optional(),
+      }),
+    }, async ({ auth: ctx, body, url }) => {
+      const bp = registry.get(body.collection)
+      if (!bp) throw new NotFoundError(`Collection ${body.collection} not found`)
+      const row = await repo.create({
+        userId: ctx.user!.id,
+        collection: body.collection,
+        slug: body.slug,
+        content: body.content,
+        entryId: body.entryId ?? null,
+        ...(body.locale !== undefined ? { locale: body.locale } : {}),
+      })
+      const previewPath = resolvePreviewPath(bp)
+      return {
+        id: row.id,
+        previewUrl: buildPreviewUrl(url.origin, previewPath, row.slug, row.id),
+        expiresAt: row.expiresAt.toISOString(),
+      }
+    }),
+    update: defineHandler(auth, {
+      requireRole: ['admin', 'editor'],
+      params: z.object({ id: z.string() }),
+      body: z.object({
+        slug: z.string().optional(),
+        content: z.record(z.string(), z.unknown()).optional(),
+        locale: z.string().optional(),
+      }),
+    }, async ({ auth: ctx, params, body }) => {
+      const patch: { slug?: string; content?: unknown; locale?: string } = {}
+      if (body.slug !== undefined) patch.slug = body.slug
+      if (body.content !== undefined) patch.content = body.content
+      if (body.locale !== undefined) patch.locale = body.locale
+      const updated = await repo.update(params.id, ctx.user!.id, patch)
+      if (!updated) throw new AccessDeniedError('Session not found or not owned by you')
+      return { expiresAt: updated.expiresAt.toISOString() }
+    }),
+    remove: defineHandler(auth, {
+      requireRole: ['admin', 'editor'],
+      params: z.object({ id: z.string() }),
+    }, async ({ auth: ctx, params }) => {
+      const ok = await repo.delete(params.id, ctx.user!.id)
+      if (!ok) throw new NotFoundError('Session not found')
+      return { ok: true }
+    }),
+  }
+}

package/src/server/routes/preview.ts ADDED Viewed

@@ -0,0 +1,36 @@
+import type { Auth } from '../better-auth.js'
+import { defineHandler } from '../handler.js'
+import { mintPreviewToken } from '../preview.js'
+function safePreviewTarget(raw: string | null, origin: string): URL {
+  const fallback = new URL('/', origin)
+  if (!raw) return fallback
+  // Reject anything that could escape origin: protocol-relative URLs (//evil.com)
+  // and any input that isn't a single leading "/" path.
+  if (!raw.startsWith('/') || raw.startsWith('//')) return fallback
+  try {
+    const candidate = new URL(raw, origin)
+    if (candidate.origin !== new URL(origin).origin) return fallback
+    return candidate
+  } catch {
+    return fallback
+  }
+}
+export function previewRoutes(auth: Auth, secret: string) {
+  return {
+    start: defineHandler(auth, { requireRole: ['admin', 'editor'] }, async ({ auth: authCtx, url }) => {
+      const token = await mintPreviewToken(secret, authCtx.user!.id)
+      const secure = url.protocol === 'https:'
+      const cookie = `vulse_preview=${token}; Path=/; HttpOnly; SameSite=Lax; Max-Age=3600${secure ? '; Secure' : ''}`
+      const redirect = safePreviewTarget(url.searchParams.get('to'), url.origin)
+      return new Response(null, { status: 302, headers: { Location: redirect.toString(), 'Set-Cookie': cookie } })
+    }),
+    stop: defineHandler(auth, {}, async ({ url }) => {
+      return new Response(null, {
+        status: 302,
+        headers: { Location: new URL('/', url.origin).toString(), 'Set-Cookie': 'vulse_preview=; Path=/; Max-Age=0' },
+      })
+    }),
+  }
+}

package/src/server/routes/revisions.ts ADDED Viewed

@@ -0,0 +1,29 @@
+import { z } from 'astro/zod'
+import type { VulseDb } from '../../core/db.js'
+import type { Auth } from '../better-auth.js'
+import { RevisionsRepo } from '../../core/repos/revisions.js'
+import { resolveLocale } from '../../core/locales.js'
+import { defineHandler } from '../handler.js'
+export function revisionsRoutes(db: VulseDb, auth: Auth) {
+  const repo = new RevisionsRepo(db)
+  return {
+    list: defineHandler(auth, {
+      params: z.object({ collection: z.string(), id: z.string() }),
+      requireRole: ['admin', 'editor'],
+    }, async ({ params, url }) => {
+      const locale = await resolveLocale(db, url.searchParams.get('locale'))
+      return await repo.listByEntry(params.id, locale)
+    }),
+    restore: defineHandler(auth, {
+      params: z.object({ collection: z.string(), id: z.string(), version: z.string() }),
+      requireRole: ['admin', 'editor'],
+    }, async ({ params, url, auth: authCtx }) => {
+      if (!authCtx.user) throw new Error('unreachable')
+      const locale = await resolveLocale(db, url.searchParams.get('locale'))
+      await repo.restore(params.id, Number(params.version), { userId: authCtx.user.id, locale })
+      return { restored: Number(params.version) }
+    }),
+  }
+}

package/src/server/routes/search.ts ADDED Viewed

@@ -0,0 +1,31 @@
+import { z } from 'astro/zod'
+import type { VulseDb } from '../../core/db.js'
+import type { Auth } from '../better-auth.js'
+import { defineHandler } from '../handler.js'
+import { searchSdk } from '../sdk/search.js'
+export function searchRoutes(db: VulseDb, auth: Auth) {
+  const sdk = searchSdk(db)
+  return {
+    query: defineHandler(auth, {
+      params: z.object({}),
+      body: z.object({
+        q: z.string(),
+        collections: z.array(z.string()).optional(),
+        limit: z.number().optional(),
+        includeDrafts: z.boolean().optional(),
+        locale: z.string().optional(),
+      }),
+    }, async ({ body, auth: authCtx }) => {
+      const role = authCtx.user?.role
+      const mayReadDrafts = role === 'admin' || role === 'editor'
+      const includeDrafts = body.includeDrafts === true && mayReadDrafts
+      return sdk.query(body.q, {
+        ...(body.collections !== undefined ? { collections: body.collections } : {}),
+        ...(body.limit !== undefined ? { limit: body.limit } : {}),
+        ...(body.locale !== undefined ? { locale: body.locale } : {}),
+        includeDrafts,
+      })
+    }),
+  }
+}

package/src/server/routes/sets.ts ADDED Viewed

@@ -0,0 +1,40 @@
+import { z } from 'astro/zod'
+import type { Auth } from '../better-auth.js'
+import type { VulseDb } from '../../core/db.js'
+import { SetDefinitionSchema } from '../../core/sets/definition.js'
+import { createSet, deleteSet, getSet, listSets, updateSet } from '../../core/sets/service.js'
+import { NotFoundError } from '../../core/errors.js'
+import { defineHandler } from '../handler.js'
+const paramsHandle = z.object({ handle: z.string() })
+export function setsRoutes(db: VulseDb, auth: Auth) {
+  return {
+    list: defineHandler(auth, {}, async () => listSets(db)),
+    get: defineHandler(auth, { params: paramsHandle }, async ({ params }) => {
+      const row = await getSet(db, params.handle)
+      if (!row) throw new NotFoundError('set not found')
+      return row
+    }),
+    create: defineHandler(auth, {
+      body: SetDefinitionSchema,
+      requireRole: ['admin'],
+    }, async ({ body }) => createSet(db, body)),
+    update: defineHandler(auth, {
+      params: paramsHandle,
+      body: SetDefinitionSchema,
+      requireRole: ['admin'],
+    }, async ({ params, body }) => updateSet(db, params.handle, body)),
+    delete: defineHandler(auth, {
+      params: paramsHandle,
+      requireRole: ['admin'],
+    }, async ({ params }) => {
+      await deleteSet(db, params.handle)
+      return null
+    }),
+  }
+}

package/src/server/routes/settings.ts ADDED Viewed

@@ -0,0 +1,24 @@
+import { z } from 'astro/zod'
+import type { VulseDb } from '../../core/db.js'
+import type { Auth } from '../better-auth.js'
+import { defineHandler } from '../handler.js'
+import { SettingsRepo } from '../../core/repos/settings.js'
+import { invalidateRuntime } from '../runtime.js'
+const AUTH_SETTING_KEYS = new Set(['allowMemberSignUp', 'allowedSignUpDomains'])
+export function settingsRoutes(db: VulseDb, auth: Auth) {
+  const repo = new SettingsRepo(db)
+  return {
+    list: defineHandler(auth, { requireRole: ['admin'] }, async () => await repo.all()),
+    set: defineHandler(auth, {
+      params: z.object({ key: z.string() }),
+      body: z.object({ value: z.unknown() }),
+      requireRole: ['admin'],
+    }, async ({ params, body }) => {
+      await repo.set(params.key, body.value)
+      if (AUTH_SETTING_KEYS.has(params.key)) invalidateRuntime()
+      return { key: params.key }
+    }),
+  }
+}

package/src/server/routes/users.ts ADDED Viewed

@@ -0,0 +1,127 @@
+import { z } from 'astro/zod'
+import { and, eq, like, or } from 'drizzle-orm'
+import { hashPassword } from 'better-auth/crypto'
+import { nanoid } from 'nanoid'
+import type { VulseDb } from '../../core/db.js'
+import type { Auth } from '../better-auth.js'
+import { account as accountTable, user as userTable } from '../../core/schema.js'
+import { defineHandler } from '../handler.js'
+import { NotFoundError } from '../../core/errors.js'
+const userFields = {
+  id: userTable.id,
+  email: userTable.email,
+  name: userTable.name,
+  role: userTable.role,
+  displayName: userTable.displayName,
+  emailVerified: userTable.emailVerified,
+  createdAt: userTable.createdAt,
+  updatedAt: userTable.updatedAt,
+}
+export function usersRoutes(db: VulseDb, auth: Auth) {
+  return {
+    list: defineHandler(auth, { requireRole: ['admin'] }, async ({ url }) => {
+      const q = url.searchParams.get('q')?.trim()
+      if (q) {
+        const pattern = `%${q}%`
+        return await db.select(userFields).from(userTable).where(or(
+          like(userTable.email, pattern),
+          like(userTable.name, pattern),
+          like(userTable.displayName, pattern),
+          eq(userTable.id, q),
+        ))
+      }
+      return await db.select(userFields).from(userTable)
+    }),
+    get: defineHandler(auth, {
+      params: z.object({ id: z.string() }),
+      requireRole: ['admin'],
+    }, async ({ params }) => {
+      const rows = await db.select(userFields).from(userTable).where(eq(userTable.id, params.id))
+      if (!rows.length) throw new NotFoundError(`User ${params.id} not found`)
+      return rows[0]
+    }),
+    update: defineHandler(auth, {
+      params: z.object({ id: z.string() }),
+      body: z.object({
+        name: z.string().min(1).optional(),
+        displayName: z.string().nullable().optional(),
+        role: z.enum(['admin', 'editor', 'member']).optional(),
+      }),
+      requireRole: ['admin'],
+    }, async ({ params, body }) => {
+      const existing = await db.select({ id: userTable.id }).from(userTable).where(eq(userTable.id, params.id))
+      if (!existing.length) throw new NotFoundError(`User ${params.id} not found`)
+      const patch: Partial<typeof userTable.$inferInsert> = { updatedAt: new Date() }
+      if (body.name !== undefined) patch.name = body.name
+      if (body.displayName !== undefined) patch.displayName = body.displayName
+      if (body.role !== undefined) patch.role = body.role
+      await db.update(userTable).set(patch).where(eq(userTable.id, params.id))
+      const rows = await db.select(userFields).from(userTable).where(eq(userTable.id, params.id))
+      return rows[0]
+    }),
+    setRole: defineHandler(auth, {
+      params: z.object({ id: z.string() }),
+      body: z.object({ role: z.enum(['admin', 'editor', 'member']) }),
+      requireRole: ['admin'],
+    }, async ({ params, body }) => {
+      const existing = await db.select({ id: userTable.id }).from(userTable).where(eq(userTable.id, params.id))
+      if (!existing.length) throw new NotFoundError(`User ${params.id} not found`)
+      await db.update(userTable).set({ role: body.role, updatedAt: new Date() }).where(eq(userTable.id, params.id))
+      return { id: params.id, role: body.role }
+    }),
+    resetPassword: defineHandler(auth, {
+      params: z.object({ id: z.string() }),
+      body: z.discriminatedUnion('action', [
+        z.object({ action: z.literal('email'), redirectTo: z.string().optional() }),
+        z.object({ action: z.literal('set'), password: z.string().min(8) }),
+      ]),
+      requireRole: ['admin'],
+    }, async ({ params, body, request }) => {
+      const rows = await db.select({ id: userTable.id, email: userTable.email }).from(userTable).where(eq(userTable.id, params.id))
+      if (!rows.length) throw new NotFoundError(`User ${params.id} not found`)
+      const target = rows[0]!
+      if (body.action === 'email') {
+        await auth.api.requestPasswordReset({
+          body: {
+            email: target.email,
+            redirectTo: body.redirectTo ?? '/reset-password',
+          },
+          headers: request.headers,
+        })
+        return { action: 'email' as const, sent: true }
+      }
+      const hashedPassword = await hashPassword(body.password)
+      const accounts = await db.select({ id: accountTable.id }).from(accountTable).where(and(
+        eq(accountTable.userId, params.id),
+        eq(accountTable.providerId, 'credential'),
+      ))
+      const now = new Date()
+      if (accounts.length) {
+        await db.update(accountTable).set({ password: hashedPassword, updatedAt: now }).where(eq(accountTable.id, accounts[0]!.id))
+      } else {
+        await db.insert(accountTable).values({
+          id: nanoid(),
+          userId: params.id,
+          accountId: params.id,
+          providerId: 'credential',
+          password: hashedPassword,
+          createdAt: now,
+          updatedAt: now,
+        })
+      }
+      return { action: 'set' as const, updated: true }
+    }),
+  }
+}