@infuro/cms-core 1.0.23 → 1.0.24

package/dist/index.js

@@ -3979,11 +3979,11 @@ async function readBufferFromPublicUrl(url) {
   throw new Error("Unsupported media URL");
 }
 function sanitizeZipPath(entryName) {
-  const norm2 = entryName.replace(/\\/g, "/").split("/").filter(Boolean);
-  for (const seg of norm2) {
+  const norm3 = entryName.replace(/\\/g, "/").split("/").filter(Boolean);
+  for (const seg of norm3) {
     if (seg === ".." || seg === ".") return null;
   }
-  return norm2;
+  return norm3;
 }
 function shouldSkipEntry(parts) {
   if (parts[0] === "__MACOSX") return true;
@@ -8544,6 +8544,66 @@ function getNextAuthOptions(config) {
 
 // src/api/crud.ts
 import { ILike as ILike2, MoreThan as MoreThan2, Not } from "typeorm";
+
+// src/lib/address-geo-validation.ts
+import { Country, State, City } from "country-state-city";
+function norm2(s) {
+  return typeof s === "string" ? s.trim() : "";
+}
+function resolveCountry(input) {
+  const t = input.trim();
+  if (!t) return void 0;
+  if (t.length === 2) {
+    const byCode = Country.getCountryByCode(t.toUpperCase());
+    if (byCode) return byCode;
+  }
+  const lower = t.toLowerCase();
+  return Country.getAllCountries().find((c) => c.name.toLowerCase() === lower);
+}
+function resolveState(countryIso, input) {
+  const t = input.trim();
+  if (!t || !countryIso) return void 0;
+  const states = State.getStatesOfCountry(countryIso);
+  const lower = t.toLowerCase();
+  return states.find((s) => s.isoCode.toLowerCase() === t.toLowerCase() || s.name.toLowerCase() === lower);
+}
+function resolveCity(countryIso, stateIso, input) {
+  const t = input.trim();
+  if (!t || !countryIso || !stateIso) return void 0;
+  const lower = t.toLowerCase();
+  const cities = City.getCitiesOfState(countryIso, stateIso);
+  return cities.find((c) => c.name.toLowerCase() === lower);
+}
+function assertValidAddressHierarchy(country, state, city) {
+  const c = resolveCountry(country);
+  if (!c) return { ok: false, error: "Invalid or unknown country." };
+  const st = resolveState(c.isoCode, state);
+  if (!st) return { ok: false, error: "State or province does not match the selected country." };
+  const ct = resolveCity(c.isoCode, st.isoCode, city);
+  if (!ct) return { ok: false, error: "City does not match the selected state." };
+  return { ok: true, country: c.name, state: st.name, city: ct.name };
+}
+function validateAndNormalizeAddressRow(row) {
+  const line1 = norm2(row.line1);
+  const postalCode = norm2(row.postalCode);
+  const countryIn = norm2(row.country);
+  const stateIn = norm2(row.state);
+  const cityIn = norm2(row.city);
+  if (!line1) return "Street address (line 1) is required.";
+  if (!postalCode) return "Postal code is required.";
+  if (!countryIn || !stateIn || !cityIn) return "Country, state, and city are required.";
+  const geo = assertValidAddressHierarchy(countryIn, stateIn, cityIn);
+  if (!geo.ok) return geo.error;
+  row.line1 = line1;
+  row.line2 = norm2(row.line2) || null;
+  row.postalCode = postalCode;
+  row.country = geo.country;
+  row.state = geo.state;
+  row.city = geo.city;
+  return null;
+}
+
+// src/api/crud.ts
 var CRUD_LOG = "[cms-crud]";
 function logCrudClientError(op, detail) {
   console.warn(CRUD_LOG, op, detail);
@@ -8813,6 +8873,17 @@ function createCrudHandler(dataSource, entityMap, options) {
         if (statusFilter) productWhere.status = statusFilter;
         if (inventory === "in_stock") productWhere.quantity = MoreThan2(0);
         if (inventory === "out_of_stock") productWhere.quantity = 0;
+        for (const key of ["brandId", "categoryId", "collectionId"]) {
+          const raw = searchParams.get(key)?.trim();
+          if (raw) {
+            const n = Number(raw);
+            if (Number.isFinite(n)) productWhere[key] = n;
+          }
+        }
+        const featuredRaw = searchParams.get("featured")?.trim();
+        if (featuredRaw === "true" || featuredRaw === "false") {
+          productWhere.featured = featuredRaw === "true";
+        }
         if (search && typeof search === "string" && search.trim()) {
           productWhere.name = ILike2(`%${search.trim()}%`);
         }
@@ -8918,7 +8989,7 @@ function createCrudHandler(dataSource, entityMap, options) {
       if (search) {
         where = buildSearchWhereClause(repo, search);
       }
-      const intFilterKeys = ["productId", "attributeId", "taxId"];
+      const intFilterKeys = ["productId", "attributeId", "taxId", "brandId", "categoryId", "collectionId", "parentId"];
       const extraWhere = {};
       for (const key of intFilterKeys) {
         const v = searchParams.get(key);
@@ -8927,6 +8998,15 @@ function createCrudHandler(dataSource, entityMap, options) {
           if (Number.isFinite(n)) extraWhere[key] = n;
         }
       }
+      for (const col of repo.metadata.columns) {
+        if (String(col.type) !== "boolean") continue;
+        const name = col.propertyName;
+        if (!columnNames.has(name)) continue;
+        const raw = searchParams.get(name)?.trim();
+        if (raw === "true" || raw === "false") {
+          extraWhere[name] = raw === "true";
+        }
+      }
       if (Object.keys(extraWhere).length > 0) {
         if (Array.isArray(where)) {
           where = where.map((w) => ({ ...w, ...extraWhere }));
@@ -9035,6 +9115,17 @@ function createCrudHandler(dataSource, entityMap, options) {
           }
         }
       }
+      if (resource === "addresses") {
+        const cid = Number(persistBody.contactId);
+        if (!Number.isFinite(cid)) {
+          return json({ error: "Valid contactId is required." }, { status: 400 });
+        }
+        if (persistBody.tag === "") persistBody.tag = null;
+        const addrErr = validateAndNormalizeAddressRow(persistBody);
+        if (addrErr) {
+          return json({ error: addrErr }, { status: 400 });
+        }
+      }
       sanitizeBodyForEntity(repo, persistBody);
       let created;
       try {
@@ -9354,8 +9445,54 @@ function createCrudByIdHandler(dataSource, entityMap, options) {
       const updatePayload = rawBody && typeof rawBody === "object" ? pickColumnUpdates(repo, rawBody) : {};
       if (resource === "media") {
         const u = updatePayload;
-        delete u.parentId;
         delete u.kind;
+        if (rawBody && typeof rawBody === "object" && "parentId" in rawBody) {
+          let pid = null;
+          const p = rawBody.parentId;
+          if (p != null && p !== "") {
+            const n = Number(p);
+            if (!Number.isFinite(n)) {
+              return json({ error: "Invalid parentId" }, { status: 400 });
+            }
+            pid = n;
+          }
+          if (pid != null) {
+            const parent = await repo.findOne({
+              where: { id: pid, deleted: false }
+            });
+            if (!parent || parent.kind !== "folder") {
+              return json({ error: "parent must be a folder" }, { status: 400 });
+            }
+          }
+          const row = await repo.findOne({
+            where: { id: numericId, deleted: false }
+          });
+          if (!row) return json({ message: "Not found" }, { status: 404 });
+          if (pid === numericId) {
+            return json({ error: "Invalid parentId" }, { status: 400 });
+          }
+          if (row.kind === "folder" && pid != null) {
+            let walk = pid;
+            const seen = /* @__PURE__ */ new Set();
+            while (walk != null) {
+              if (walk === numericId) {
+                return json(
+                  { error: "Cannot move a folder into itself or a descendant folder" },
+                  { status: 400 }
+                );
+              }
+              if (seen.has(walk)) break;
+              seen.add(walk);
+              const anc = await repo.findOne({
+                where: { id: walk, deleted: false }
+              });
+              walk = anc ? anc.parentId ?? null : null;
+            }
+          }
+          u.parentId = pid;
+        } else {
+          delete u.parentId;
+        }
       }
       if (resource === "products") {
         const currentRow = await repo.findOne({
@@ -9374,6 +9511,26 @@ function createCrudByIdHandler(dataSource, entityMap, options) {
           updatePayload.sku = effSku;
         }
       }
+      if (resource === "addresses" && Object.keys(updatePayload).length > 0) {
+        const currentRow = await repo.findOne({
+          where: { id: numericId }
+        });
+        if (!currentRow) return json({ message: "Not found" }, { status: 404 });
+        const merged = {
+          ...currentRow,
+          ...updatePayload
+        };
+        if (merged.tag === "") merged.tag = null;
+        const addrErr = validateAndNormalizeAddressRow(merged);
+        if (addrErr) {
+          return json({ error: addrErr }, { status: 400 });
+        }
+        for (const k of Object.keys(updatePayload)) {
+          if (k in merged) {
+            updatePayload[k] = merged[k];
+          }
+        }
+      }
       if (Object.keys(updatePayload).length > 0) {
         sanitizeBodyForEntity(repo, updatePayload);
         await repo.update(numericId, updatePayload);
@@ -11375,18 +11532,19 @@ function createStorefrontApiHandler(config) {
           const contactOrErr = await getContactForAddresses();
           if (contactOrErr instanceof Response) return contactOrErr;
           const b = await req.json().catch(() => ({}));
-          const created = await addressRepo().save(
-            addressRepo().create({
-              contactId: contactOrErr.contactId,
-              tag: typeof b.tag === "string" ? b.tag.trim() || null : null,
-              line1: typeof b.line1 === "string" ? b.line1.trim() || null : null,
-              line2: typeof b.line2 === "string" ? b.line2.trim() || null : null,
-              city: typeof b.city === "string" ? b.city.trim() || null : null,
-              state: typeof b.state === "string" ? b.state.trim() || null : null,
-              postalCode: typeof b.postalCode === "string" ? b.postalCode.trim() || null : null,
-              country: typeof b.country === "string" ? b.country.trim() || null : null
-            })
-          );
+          const row = {
+            contactId: contactOrErr.contactId,
+            tag: typeof b.tag === "string" ? b.tag.trim() || null : null,
+            line1: typeof b.line1 === "string" ? b.line1 : "",
+            line2: typeof b.line2 === "string" ? b.line2.trim() || null : null,
+            city: typeof b.city === "string" ? b.city : "",
+            state: typeof b.state === "string" ? b.state : "",
+            postalCode: typeof b.postalCode === "string" ? b.postalCode : "",
+            country: typeof b.country === "string" ? b.country : ""
+          };
+          const addrErr = validateAndNormalizeAddressRow(row);
+          if (addrErr) return json({ error: addrErr }, { status: 400 });
+          const created = await addressRepo().save(addressRepo().create(row));
           return json(serializeAddress2(created));
         }
         if (path[0] === "addresses" && path.length === 2 && (method === "PATCH" || method === "PUT")) {
@@ -11405,7 +11563,16 @@ function createStorefrontApiHandler(config) {
           if (b.state !== void 0) updates.state = typeof b.state === "string" ? b.state.trim() || null : null;
           if (b.postalCode !== void 0) updates.postalCode = typeof b.postalCode === "string" ? b.postalCode.trim() || null : null;
           if (b.country !== void 0) updates.country = typeof b.country === "string" ? b.country.trim() || null : null;
-          if (Object.keys(updates).length) await addressRepo().update(id, updates);
+          if (Object.keys(updates).length) {
+            const merged = { ...existing, ...updates };
+            if (merged.tag === "") merged.tag = null;
+            const addrErr = validateAndNormalizeAddressRow(merged);
+            if (addrErr) return json({ error: addrErr }, { status: 400 });
+            for (const k of Object.keys(updates)) {
+              if (k in merged) updates[k] = merged[k];
+            }
+            await addressRepo().update(id, updates);
+          }
           const updated = await addressRepo().findOne({ where: { id } });
           return json(serializeAddress2(updated));
         }