@infuro/cms-core 1.0.22 → 1.0.24

package/dist/index.js

@@ -3979,11 +3979,11 @@ async function readBufferFromPublicUrl(url) {
   throw new Error("Unsupported media URL");
 }
 function sanitizeZipPath(entryName) {
-  const norm2 = entryName.replace(/\\/g, "/").split("/").filter(Boolean);
-  for (const seg of norm2) {
+  const norm3 = entryName.replace(/\\/g, "/").split("/").filter(Boolean);
+  for (const seg of norm3) {
     if (seg === ".." || seg === ".") return null;
   }
-  return norm2;
+  return norm3;
 }
 function shouldSkipEntry(parts) {
   if (parts[0] === "__MACOSX") return true;
@@ -4207,12 +4207,14 @@ function createDashboardStatsHandler(config) {
       const sevenDaysAgo = new Date(Date.now() - 7 * 24 * 60 * 60 * 1e3);
       const repo = (name) => entityMap[name] ? dataSource.getRepository(entityMap[name]) : void 0;
       const [contactsCount, formsCount, formSubmissionsCount, usersCount, blogsCount, recentContacts, recentSubmissions, contactTypeRows] = await Promise.all([
-        repo("contacts")?.count() ?? 0,
+        repo("contacts")?.count({ where: { deleted: false } }) ?? 0,
         repo("forms")?.count({ where: { deleted: false } }) ?? 0,
         repo("form_submissions")?.count() ?? 0,
         repo("users")?.count({ where: { deleted: false } }) ?? 0,
         repo("blogs")?.count({ where: { deleted: false } }) ?? 0,
-        repo("contacts")?.count({ where: { createdAt: MoreThanOrEqual(sevenDaysAgo) } }) ?? 0,
+        repo("contacts")?.count({
+          where: { deleted: false, createdAt: MoreThanOrEqual(sevenDaysAgo) }
+        }) ?? 0,
         repo("form_submissions")?.count({ where: { createdAt: MoreThanOrEqual(sevenDaysAgo) } }) ?? 0,
         repo("contacts")?.createQueryBuilder("c").select("COALESCE(NULLIF(TRIM(c.type), ''), 'unknown')", "type").addSelect("COUNT(*)", "count").where("c.deleted = :deleted", { deleted: false }).groupBy("COALESCE(NULLIF(TRIM(c.type), ''), 'unknown')").getRawMany() ?? []
       ]);
@@ -4845,11 +4847,14 @@ function createFormSubmissionHandler(config) {
           const contactRepo = dataSource.getRepository(entityMap.contacts);
           let contact = await contactRepo.findOne({ where: { email: contactData.email } });
           if (!contact) {
+            const createdAt = /* @__PURE__ */ new Date();
             contact = await contactRepo.save(
               contactRepo.create({
                 name: contactData.name,
                 email: contactData.email,
-                phone: contactData.phone
+                phone: contactData.phone,
+                createdAt,
+                updatedAt: createdAt
               })
             );
           }
@@ -5005,12 +5010,13 @@ function createUsersApiHandlers(config) {
         const gid = body.groupId ?? null;
         const isCustomer = !!(customerG && gid === customerG.id);
         const adminAccess = isCustomer ? false : body.adminAccess === false ? false : true;
+        const blocked = body.blocked === true || body.blocked === "true" || body.blocked === 1 || body.blocked === "1";
         const newUser = await userRepo().save(
           userRepo().create({
             name: body.name,
             email: body.email,
             password: null,
-            blocked: true,
+            blocked,
             groupId: gid,
             adminAccess
           })
@@ -5025,7 +5031,14 @@ function createUsersApiHandlers(config) {
           inviteLink,
           newUser.name ?? ""
         );
-        return json({ message: "User created successfully (blocked until password is set)", user: newUser, inviteLink }, { status: 201 });
+        return json(
+          {
+            message: blocked ? "User created successfully (blocked until password is set)" : "User created successfully",
+            user: newUser,
+            inviteLink
+          },
+          { status: 201 }
+        );
       } catch {
         return json({ error: "Server Error" }, { status: 500 });
       }
@@ -5327,7 +5340,10 @@ function createChatHandlers(config) {
         const existing = await repo.findOne({ where: { email } });
         let contact;
         if (!existing) {
-          contact = await repo.save(repo.create({ name, email, phone }));
+          const createdAt = /* @__PURE__ */ new Date();
+          contact = await repo.save(
+            repo.create({ name, email, phone, createdAt, updatedAt: createdAt })
+          );
         } else {
           const row = existing;
           if (row.deleted) {
@@ -8527,7 +8543,67 @@ function getNextAuthOptions(config) {
 }
 
 // src/api/crud.ts
-import { Brackets, ILike as ILike2, MoreThan as MoreThan2 } from "typeorm";
+import { ILike as ILike2, MoreThan as MoreThan2, Not } from "typeorm";
+
+// src/lib/address-geo-validation.ts
+import { Country, State, City } from "country-state-city";
+function norm2(s) {
+  return typeof s === "string" ? s.trim() : "";
+}
+function resolveCountry(input) {
+  const t = input.trim();
+  if (!t) return void 0;
+  if (t.length === 2) {
+    const byCode = Country.getCountryByCode(t.toUpperCase());
+    if (byCode) return byCode;
+  }
+  const lower = t.toLowerCase();
+  return Country.getAllCountries().find((c) => c.name.toLowerCase() === lower);
+}
+function resolveState(countryIso, input) {
+  const t = input.trim();
+  if (!t || !countryIso) return void 0;
+  const states = State.getStatesOfCountry(countryIso);
+  const lower = t.toLowerCase();
+  return states.find((s) => s.isoCode.toLowerCase() === t.toLowerCase() || s.name.toLowerCase() === lower);
+}
+function resolveCity(countryIso, stateIso, input) {
+  const t = input.trim();
+  if (!t || !countryIso || !stateIso) return void 0;
+  const lower = t.toLowerCase();
+  const cities = City.getCitiesOfState(countryIso, stateIso);
+  return cities.find((c) => c.name.toLowerCase() === lower);
+}
+function assertValidAddressHierarchy(country, state, city) {
+  const c = resolveCountry(country);
+  if (!c) return { ok: false, error: "Invalid or unknown country." };
+  const st = resolveState(c.isoCode, state);
+  if (!st) return { ok: false, error: "State or province does not match the selected country." };
+  const ct = resolveCity(c.isoCode, st.isoCode, city);
+  if (!ct) return { ok: false, error: "City does not match the selected state." };
+  return { ok: true, country: c.name, state: st.name, city: ct.name };
+}
+function validateAndNormalizeAddressRow(row) {
+  const line1 = norm2(row.line1);
+  const postalCode = norm2(row.postalCode);
+  const countryIn = norm2(row.country);
+  const stateIn = norm2(row.state);
+  const cityIn = norm2(row.city);
+  if (!line1) return "Street address (line 1) is required.";
+  if (!postalCode) return "Postal code is required.";
+  if (!countryIn || !stateIn || !cityIn) return "Country, state, and city are required.";
+  const geo = assertValidAddressHierarchy(countryIn, stateIn, cityIn);
+  if (!geo.ok) return geo.error;
+  row.line1 = line1;
+  row.line2 = norm2(row.line2) || null;
+  row.postalCode = postalCode;
+  row.country = geo.country;
+  row.state = geo.state;
+  row.city = geo.city;
+  return null;
+}
+
+// src/api/crud.ts
 var CRUD_LOG = "[cms-crud]";
 function logCrudClientError(op, detail) {
   console.warn(CRUD_LOG, op, detail);
@@ -8535,6 +8611,40 @@ function logCrudClientError(op, detail) {
 function logCrudServerError(op, detail) {
   console.error(CRUD_LOG, op, detail);
 }
+async function aggregateMediaFolderFileSizes(dataSource, folderIds) {
+  const map = /* @__PURE__ */ new Map();
+  if (folderIds.length === 0) return map;
+  try {
+    const rows = await dataSource.query(
+      `
+      WITH RECURSIVE walk AS (
+        SELECT m."parentId" AS root_id, m.id, m.kind, m.size
+        FROM media m
+        WHERE m."parentId" = ANY($1) AND m.deleted = false
+        UNION ALL
+        SELECT w.root_id, m.id, m.kind, m.size
+        FROM walk w
+        INNER JOIN media m ON m."parentId" = w.id AND m.deleted = false
+      )
+      SELECT root_id AS "rootId", COALESCE(SUM(size) FILTER (WHERE kind = 'file'), 0)::bigint AS "totalSize"
+      FROM walk
+      GROUP BY root_id
+      `,
+      [folderIds]
+    );
+    for (const r of rows) {
+      map.set(Number(r.rootId), Number(r.totalSize));
+    }
+    for (const id of folderIds) {
+      if (!map.has(id)) map.set(id, 0);
+    }
+  } catch (err) {
+    logCrudServerError("media folder size aggregate failed", {
+      message: err instanceof Error ? err.message : String(err)
+    });
+  }
+  return map;
+}
 var DATE_COLUMN_TYPES = /* @__PURE__ */ new Set([
   "date",
   "datetime",
@@ -8599,6 +8709,16 @@ function mergeDeletedFalseWhere(repo, where) {
   }
   return Object.keys(where).length > 0 ? { ...where, ...d } : d;
 }
+function normalizeProductSku(value) {
+  if (value == null) return null;
+  const s = String(value).trim();
+  return s === "" ? null : s;
+}
+async function assertProductSkuUnique(repo, sku, excludeId) {
+  const where = excludeId != null ? { sku, deleted: false, id: Not(excludeId) } : { sku, deleted: false };
+  const row = await repo.findOne({ where });
+  return row == null;
+}
 function buildSoftDeletePayload(meta, deletedBy) {
   const payload = { deleted: true };
   if (meta.columns.some((c) => c.propertyName === "deletedAt")) {
@@ -8753,6 +8873,17 @@ function createCrudHandler(dataSource, entityMap, options) {
         if (statusFilter) productWhere.status = statusFilter;
         if (inventory === "in_stock") productWhere.quantity = MoreThan2(0);
         if (inventory === "out_of_stock") productWhere.quantity = 0;
+        for (const key of ["brandId", "categoryId", "collectionId"]) {
+          const raw = searchParams.get(key)?.trim();
+          if (raw) {
+            const n = Number(raw);
+            if (Number.isFinite(n)) productWhere[key] = n;
+          }
+        }
+        const featuredRaw = searchParams.get("featured")?.trim();
+        if (featuredRaw === "true" || featuredRaw === "false") {
+          productWhere.featured = featuredRaw === "true";
+        }
         if (search && typeof search === "string" && search.trim()) {
           productWhere.name = ILike2(`%${search.trim()}%`);
         }
@@ -8821,19 +8952,36 @@ function createCrudHandler(dataSource, entityMap, options) {
           qb.andWhere("m.filename ILIKE :search", { search: `%${search.trim()}%` });
         }
         if (typeFilter) {
-          qb.andWhere(
-            new Brackets((sq) => {
-              sq.where("m.kind = :folderKind", { folderKind: "folder" }).orWhere("m.mimeType LIKE :mtp", {
-                mtp: `${typeFilter}/%`
-              });
-            })
-          );
+          if (typeFilter === "folder") {
+            qb.andWhere("m.kind = :folderKind", { folderKind: "folder" });
+          } else if (typeFilter === "file") {
+            qb.andWhere("m.kind = :fileKind", { fileKind: "file" });
+          } else if (typeFilter === "image") {
+            qb.andWhere("m.mimeType LIKE :imageMimeType", { imageMimeType: "image/%" });
+          } else if (typeFilter === "video") {
+            qb.andWhere("m.mimeType LIKE :videoMimeType", { videoMimeType: "video/%" });
+          } else if (typeFilter === "audio") {
+            qb.andWhere("m.mimeType LIKE :audioMimeType", { audioMimeType: "audio/%" });
+          } else if (typeFilter === "Document") {
+            qb.andWhere("m.mimeType LIKE :documentMimeType", { documentMimeType: "application/pdf" });
+          } else if (typeFilter === "application") {
+            qb.andWhere("m.kind = :folderKind", { folderKind: "folder" });
+          }
         }
         const allowedSort = ["filename", "createdAt", "id"];
         const sf = allowedSort.includes(sortFieldRaw) ? sortFieldRaw : "filename";
         const so = sortOrder === "DESC" ? "DESC" : "ASC";
-        qb.orderBy("CASE WHEN m.kind = :fk THEN 0 ELSE 1 END", "ASC").addOrderBy(`m.${sf}`, so).setParameter("fk", "folder").skip(skip).take(limit);
-        const [data2, total2] = await qb.getManyAndCount();
+        qb.orderBy(`m.${sf}`, so).skip(skip).take(limit);
+        const [rows, total2] = await qb.getManyAndCount();
+        const mediaRows = rows;
+        const folderIds = mediaRows.filter((m) => m.kind === "folder").map((m) => m.id);
+        let data2 = rows;
+        if (folderIds.length > 0) {
+          const sizeMap = await aggregateMediaFolderFileSizes(dataSource, folderIds);
+          data2 = mediaRows.map(
+            (m) => m.kind === "folder" ? { ...m, size: sizeMap.get(m.id) ?? 0 } : m
+          );
+        }
         return json({ total: total2, page, limit, totalPages: Math.ceil(total2 / limit), data: data2 });
       }
       const sortField = columnNames.has(sortFieldRaw) ? sortFieldRaw : "createdAt";
@@ -8841,7 +8989,7 @@ function createCrudHandler(dataSource, entityMap, options) {
       if (search) {
         where = buildSearchWhereClause(repo, search);
       }
-      const intFilterKeys = ["productId", "attributeId", "taxId"];
+      const intFilterKeys = ["productId", "attributeId", "taxId", "brandId", "categoryId", "collectionId", "parentId"];
       const extraWhere = {};
       for (const key of intFilterKeys) {
         const v = searchParams.get(key);
@@ -8850,6 +8998,15 @@ function createCrudHandler(dataSource, entityMap, options) {
           if (Number.isFinite(n)) extraWhere[key] = n;
         }
       }
+      for (const col of repo.metadata.columns) {
+        if (String(col.type) !== "boolean") continue;
+        const name = col.propertyName;
+        if (!columnNames.has(name)) continue;
+        const raw = searchParams.get(name)?.trim();
+        if (raw === "true" || raw === "false") {
+          extraWhere[name] = raw === "true";
+        }
+      }
       if (Object.keys(extraWhere).length > 0) {
         if (Array.isArray(where)) {
           where = where.map((w) => ({ ...w, ...extraWhere }));
@@ -8944,6 +9101,31 @@ function createCrudHandler(dataSource, entityMap, options) {
         });
         return json({ error: "Invalid request payload" }, { status: 400 });
       }
+      if (resource === "products") {
+        if ("sku" in persistBody) {
+          const skuNorm = normalizeProductSku(persistBody.sku);
+          if (skuNorm) {
+            const ok = await assertProductSkuUnique(repo, skuNorm);
+            if (!ok) {
+              return json({ error: "SKU already exists. Please use a unique SKU." }, { status: 400 });
+            }
+            persistBody.sku = skuNorm;
+          } else {
+            persistBody.sku = null;
+          }
+        }
+      }
+      if (resource === "addresses") {
+        const cid = Number(persistBody.contactId);
+        if (!Number.isFinite(cid)) {
+          return json({ error: "Valid contactId is required." }, { status: 400 });
+        }
+        if (persistBody.tag === "") persistBody.tag = null;
+        const addrErr = validateAndNormalizeAddressRow(persistBody);
+        if (addrErr) {
+          return json({ error: addrErr }, { status: 400 });
+        }
+      }
       sanitizeBodyForEntity(repo, persistBody);
       let created;
       try {
@@ -9138,7 +9320,20 @@ function createCrudByIdHandler(dataSource, entityMap, options) {
           relations: ["order", "order.contact", "contact"]
         });
         if (!payment) return json({ message: "Not found" }, { status: 404 });
-        return json(payment);
+        const p = payment;
+        const order = p.order;
+        const orderContact = order?.contact;
+        const contact = p.contact;
+        const customer = orderContact ?? contact;
+        return json({
+          ...p,
+          order: order ? {
+            id: order.id,
+            orderNumber: order.orderNumber,
+            contact: orderContact ? { name: orderContact.name, email: orderContact.email } : null
+          } : null,
+          contact: customer ? { id: customer.id, name: customer.name, email: customer.email } : null
+        });
       }
       if (resource === "blogs") {
         const blog = await repo.findOne({
@@ -9250,8 +9445,91 @@ function createCrudByIdHandler(dataSource, entityMap, options) {
       const updatePayload = rawBody && typeof rawBody === "object" ? pickColumnUpdates(repo, rawBody) : {};
       if (resource === "media") {
         const u = updatePayload;
-        delete u.parentId;
         delete u.kind;
+        if (rawBody && typeof rawBody === "object" && "parentId" in rawBody) {
+          let pid = null;
+          const p = rawBody.parentId;
+          if (p != null && p !== "") {
+            const n = Number(p);
+            if (!Number.isFinite(n)) {
+              return json({ error: "Invalid parentId" }, { status: 400 });
+            }
+            pid = n;
+          }
+          if (pid != null) {
+            const parent = await repo.findOne({
+              where: { id: pid, deleted: false }
+            });
+            if (!parent || parent.kind !== "folder") {
+              return json({ error: "parent must be a folder" }, { status: 400 });
+            }
+          }
+          const row = await repo.findOne({
+            where: { id: numericId, deleted: false }
+          });
+          if (!row) return json({ message: "Not found" }, { status: 404 });
+          if (pid === numericId) {
+            return json({ error: "Invalid parentId" }, { status: 400 });
+          }
+          if (row.kind === "folder" && pid != null) {
+            let walk = pid;
+            const seen = /* @__PURE__ */ new Set();
+            while (walk != null) {
+              if (walk === numericId) {
+                return json(
+                  { error: "Cannot move a folder into itself or a descendant folder" },
+                  { status: 400 }
+                );
+              }
+              if (seen.has(walk)) break;
+              seen.add(walk);
+              const anc = await repo.findOne({
+                where: { id: walk, deleted: false }
+              });
+              walk = anc ? anc.parentId ?? null : null;
+            }
+          }
+          u.parentId = pid;
+        } else {
+          delete u.parentId;
+        }
+      }
+      if (resource === "products") {
+        const currentRow = await repo.findOne({
+          where: { id: numericId, deleted: false }
+        });
+        if (!currentRow) return json({ message: "Not found" }, { status: 404 });
+        const merged = { ...currentRow, ...updatePayload };
+        const effSku = normalizeProductSku(merged.sku);
+        if (effSku) {
+          const ok = await assertProductSkuUnique(repo, effSku, numericId);
+          if (!ok) {
+            return json({ error: "SKU already exists. Please use a unique SKU." }, { status: 400 });
+          }
+        }
+        if ("sku" in updatePayload) {
+          updatePayload.sku = effSku;
+        }
+      }
+      if (resource === "addresses" && Object.keys(updatePayload).length > 0) {
+        const currentRow = await repo.findOne({
+          where: { id: numericId }
+        });
+        if (!currentRow) return json({ message: "Not found" }, { status: 404 });
+        const merged = {
+          ...currentRow,
+          ...updatePayload
+        };
+        if (merged.tag === "") merged.tag = null;
+        const addrErr = validateAndNormalizeAddressRow(merged);
+        if (addrErr) {
+          return json({ error: addrErr }, { status: 400 });
+        }
+        for (const k of Object.keys(updatePayload)) {
+          if (k in merged) {
+            updatePayload[k] = merged[k];
+          }
+        }
       }
       if (Object.keys(updatePayload).length > 0) {
         sanitizeBodyForEntity(repo, updatePayload);
@@ -9282,6 +9560,11 @@ function createCrudByIdHandler(dataSource, entityMap, options) {
           where: { id: numericId, deleted: false }
         });
         if (!existing) return json({ message: "Not found" }, { status: 404 });
+        if (resource === "contacts") {
+          const result2 = await repo.delete(numericId);
+          if (result2.affected === 0) return json({ message: "Not found" }, { status: 404 });
+          return json({ message: "Deleted successfully" }, { status: 200 });
+        }
         let deletedBy = null;
         if (getDeletedByUserId) {
           try {
@@ -11249,18 +11532,19 @@ function createStorefrontApiHandler(config) {
           const contactOrErr = await getContactForAddresses();
           if (contactOrErr instanceof Response) return contactOrErr;
           const b = await req.json().catch(() => ({}));
-          const created = await addressRepo().save(
-            addressRepo().create({
-              contactId: contactOrErr.contactId,
-              tag: typeof b.tag === "string" ? b.tag.trim() || null : null,
-              line1: typeof b.line1 === "string" ? b.line1.trim() || null : null,
-              line2: typeof b.line2 === "string" ? b.line2.trim() || null : null,
-              city: typeof b.city === "string" ? b.city.trim() || null : null,
-              state: typeof b.state === "string" ? b.state.trim() || null : null,
-              postalCode: typeof b.postalCode === "string" ? b.postalCode.trim() || null : null,
-              country: typeof b.country === "string" ? b.country.trim() || null : null
-            })
-          );
+          const row = {
+            contactId: contactOrErr.contactId,
+            tag: typeof b.tag === "string" ? b.tag.trim() || null : null,
+            line1: typeof b.line1 === "string" ? b.line1 : "",
+            line2: typeof b.line2 === "string" ? b.line2.trim() || null : null,
+            city: typeof b.city === "string" ? b.city : "",
+            state: typeof b.state === "string" ? b.state : "",
+            postalCode: typeof b.postalCode === "string" ? b.postalCode : "",
+            country: typeof b.country === "string" ? b.country : ""
+          };
+          const addrErr = validateAndNormalizeAddressRow(row);
+          if (addrErr) return json({ error: addrErr }, { status: 400 });
+          const created = await addressRepo().save(addressRepo().create(row));
           return json(serializeAddress2(created));
         }
         if (path[0] === "addresses" && path.length === 2 && (method === "PATCH" || method === "PUT")) {
@@ -11279,7 +11563,16 @@ function createStorefrontApiHandler(config) {
           if (b.state !== void 0) updates.state = typeof b.state === "string" ? b.state.trim() || null : null;
           if (b.postalCode !== void 0) updates.postalCode = typeof b.postalCode === "string" ? b.postalCode.trim() || null : null;
           if (b.country !== void 0) updates.country = typeof b.country === "string" ? b.country.trim() || null : null;
-          if (Object.keys(updates).length) await addressRepo().update(id, updates);
+          if (Object.keys(updates).length) {
+            const merged = { ...existing, ...updates };
+            if (merged.tag === "") merged.tag = null;
+            const addrErr = validateAndNormalizeAddressRow(merged);
+            if (addrErr) return json({ error: addrErr }, { status: 400 });
+            for (const k of Object.keys(updates)) {
+              if (k in merged) updates[k] = merged[k];
+            }
+            await addressRepo().update(id, updates);
+          }
           const updated = await addressRepo().findOne({ where: { id } });
           return json(serializeAddress2(updated));
         }
@@ -12091,7 +12384,7 @@ var DEFAULT_ADMIN_NAV = [
 ];
 
 // src/index.ts
-console.log("\u{1F525} USING LOCAL CMS CORE (index.ts loaded) \u{1F525}");
+console.log("\u{1F525} USING LOCAL CMS (index.ts loaded) \u{1F525}");
 export {
   ADMIN_GROUP_NAME,
   Address,