@infuro/cms-core 1.0.24 → 1.0.26

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (29) hide show
  1. package/dist/admin.cjs +5725 -4475
  2. package/dist/admin.cjs.map +1 -1
  3. package/dist/admin.d.cts +23 -4
  4. package/dist/admin.d.ts +23 -4
  5. package/dist/admin.js +5672 -4420
  6. package/dist/admin.js.map +1 -1
  7. package/dist/api.cjs +422 -52
  8. package/dist/api.cjs.map +1 -1
  9. package/dist/api.d.cts +1 -1
  10. package/dist/api.d.ts +1 -1
  11. package/dist/api.js +430 -60
  12. package/dist/api.js.map +1 -1
  13. package/dist/auth.cjs +9 -1
  14. package/dist/auth.cjs.map +1 -1
  15. package/dist/auth.js +9 -1
  16. package/dist/auth.js.map +1 -1
  17. package/dist/cli.cjs +7 -0
  18. package/dist/cli.cjs.map +1 -1
  19. package/dist/cli.js +7 -0
  20. package/dist/cli.js.map +1 -1
  21. package/dist/{index-BGAh4fPQ.d.cts → index--vbixpxE.d.cts} +17 -2
  22. package/dist/{index-Cnwh7B3r.d.ts → index-DMJgi-fy.d.ts} +17 -2
  23. package/dist/index.cjs +508 -67
  24. package/dist/index.cjs.map +1 -1
  25. package/dist/index.d.cts +3 -2
  26. package/dist/index.d.ts +3 -2
  27. package/dist/index.js +509 -68
  28. package/dist/index.js.map +1 -1
  29. package/package.json +1 -1
package/dist/auth.cjs CHANGED
@@ -358,7 +358,7 @@ function getNextAuthOptions(config) {
358
358
  }
359
359
  },
360
360
  callbacks: {
361
- async jwt({ token, user }) {
361
+ async jwt({ token, user, trigger, session }) {
362
362
  if (user) {
363
363
  const u = user;
364
364
  token.id = u.id;
@@ -367,11 +367,19 @@ function getNextAuthOptions(config) {
367
367
  token.entityPerms = u.entityPerms;
368
368
  token.adminAccess = u.adminAccess;
369
369
  }
370
+ if (trigger === "update" && session && typeof session === "object") {
371
+ const s = session;
372
+ const t = token;
373
+ if (typeof s.name === "string") t.name = s.name;
374
+ if (typeof s.email === "string") t.email = s.email;
375
+ }
370
376
  return token;
371
377
  },
372
378
  async session({ session, token }) {
373
379
  if (session.user) {
374
380
  const t = token;
381
+ if (typeof t.name === "string") session.user.name = t.name;
382
+ if (typeof t.email === "string") session.user.email = t.email;
375
383
  session.user.id = t.id;
376
384
  session.user.groupId = t.groupId;
377
385
  session.user.isRBACAdmin = t.isRBACAdmin;
package/dist/auth.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/auth/index.ts","../src/auth/permission-entities.ts","../src/auth/helpers.ts","../src/auth/seed-permissions.ts","../src/auth/middleware.ts","../src/auth/nextauth-options.ts"],"sourcesContent":["export {\r\n createAuthHelpers,\r\n OPEN_ENDPOINTS,\r\n PERMISSION_REQUIRED_ENDPOINTS,\r\n isOpenEndpoint,\r\n isPublicMethod,\r\n getRequiredPermission,\r\n} from './helpers';\r\nexport type { SessionUser, GetSession, AuthHelpers } from './helpers';\r\nexport { sessionHasEntityAccess, canManageRoles, RBAC_ADMIN_ONLY_ENTITIES } from './helpers';\r\nexport {\r\n getPermissionableEntityKeys,\r\n ADMIN_GROUP_NAME,\r\n isSuperAdminGroupName,\r\n permissionRowsToRecord,\r\n hasEntityPermission,\r\n} from './permission-entities';\r\nexport { seedAdministratorPermissions } from './seed-permissions';\r\nexport type { EntityCrudAction, EntityPermissionFlags } from './permission-entities';\r\nexport { createCmsMiddleware, defaultPublicApiMethods } from './middleware';\r\nexport type { CmsMiddlewareConfig } from './middleware';\r\nexport { getNextAuthOptions } from './nextauth-options';\r\nexport type { NextAuthOptionsConfig, NextAuthUser, AuthorizeOtpInput } from './nextauth-options';\r\n","/** API resource keys excluded from the permission matrix (internal / not admin-CRUD). */\r\nexport const PERMISSION_ENTITY_INTERNAL_EXCLUDE = new Set([\r\n 'users',\r\n 'password_reset_tokens',\r\n 'user_groups',\r\n 'permissions',\r\n 'comments',\r\n 'form_fields',\r\n 'configs',\r\n 'knowledge_base_chunks',\r\n 'carts',\r\n 'cart_items',\r\n 'wishlists',\r\n 'wishlist_items',\r\n 'message_templates',\r\n]);\r\n\r\n/** Non-CRUD admin surfaces mapped to entity keys for RBAC. */\r\nexport const PERMISSION_LOGICAL_ENTITIES = [\r\n 'users',\r\n 'forms',\r\n 'form_submissions',\r\n 'dashboard',\r\n 'upload',\r\n 'settings',\r\n 'analytics',\r\n 'chat',\r\n] as const;\r\n\r\n/** Canonical name for new installs / migrations */\r\nexport const ADMIN_GROUP_NAME = 'Administrator';\r\n\r\n/** System administrator group (roles UI + users / user_groups / permissions bypass). */\r\nexport function isSuperAdminGroupName(name: string | null | undefined): boolean {\r\n return name === ADMIN_GROUP_NAME;\r\n}\r\n\r\nexport type EntityCrudAction = 'create' | 'read' | 'update' | 'delete';\r\n\r\nexport type EntityPermissionFlags = { c: boolean; r: boolean; u: boolean; d: boolean };\r\n\r\nexport function getPermissionableEntityKeys(entityMap: Record<string, unknown>): string[] {\r\n const fromMap = Object.keys(entityMap).filter((k) => !PERMISSION_ENTITY_INTERNAL_EXCLUDE.has(k));\r\n const logical = PERMISSION_LOGICAL_ENTITIES.filter((k) => !fromMap.includes(k));\r\n return [...fromMap.sort(), ...logical].filter((k, i, a) => a.indexOf(k) === i);\r\n}\r\n\r\nexport function permissionRowsToRecord(\r\n rows: Array<{ entity: string; canCreate: boolean; canRead: boolean; canUpdate: boolean; canDelete: boolean }> | undefined\r\n): Record<string, EntityPermissionFlags> {\r\n const out: Record<string, EntityPermissionFlags> = {};\r\n if (!rows?.length) return out;\r\n for (const p of rows) {\r\n out[p.entity] = {\r\n c: !!p.canCreate,\r\n r: !!p.canRead,\r\n u: !!p.canUpdate,\r\n d: !!p.canDelete,\r\n };\r\n }\r\n return out;\r\n}\r\n\r\nexport function hasEntityPermission(\r\n record: Record<string, EntityPermissionFlags> | undefined,\r\n entity: string,\r\n action: EntityCrudAction\r\n): boolean {\r\n const p = record?.[entity];\r\n if (!p) return false;\r\n if (action === 'create') return p.c;\r\n if (action === 'read') return p.r;\r\n if (action === 'update') return p.u;\r\n return p.d;\r\n}\r\n","import type { EntityCrudAction, EntityPermissionFlags } from './permission-entities';\r\nimport { hasEntityPermission } from './permission-entities';\r\n\r\n/** isRBACAdmin bypasses entity checks only for these (users / roles plumbing). */\r\nexport const RBAC_ADMIN_ONLY_ENTITIES = new Set(['users', 'user_groups', 'permissions']);\r\n\r\nexport interface SessionUser {\r\n id?: string;\r\n email?: string | null;\r\n name?: string | null;\r\n groupId?: number;\r\n /** @deprecated use entityPerms / isRBACAdmin */\r\n permissions?: string[];\r\n /** Administrator group: full access only for users, user_groups, permissions */\r\n isRBACAdmin?: boolean;\r\n entityPerms?: Record<string, EntityPermissionFlags>;\r\n /** When false and not isRBACAdmin, admin API/UI is denied. */\r\n adminAccess?: boolean;\r\n}\r\n\r\nexport function sessionHasEntityAccess(\r\n user: SessionUser | null | undefined,\r\n entity: string,\r\n action: EntityCrudAction\r\n): boolean {\r\n if (!user?.email) return false;\r\n if (user.isRBACAdmin && RBAC_ADMIN_ONLY_ENTITIES.has(entity)) return true;\r\n return hasEntityPermission(user.entityPerms, entity, action);\r\n}\r\n\r\nexport function canManageRoles(user: SessionUser | null | undefined): boolean {\r\n return !!(user?.email && user.isRBACAdmin);\r\n}\r\n\r\nexport type GetSession = () => Promise<{ user?: SessionUser } | null>;\r\n\r\nexport const OPEN_ENDPOINTS: Array<Record<string, string[]>> = [\r\n { '/api/contacts': ['POST'] },\r\n { '/api/form-submissions': ['POST'] },\r\n { '/api/blogs': ['GET'] },\r\n];\r\n\r\nexport const PERMISSION_REQUIRED_ENDPOINTS: Record<string, string[]> = {};\r\n\r\nexport function isOpenEndpoint(pathname: string): boolean {\r\n return OPEN_ENDPOINTS.some((endpoint) => pathname.startsWith(Object.keys(endpoint)[0]));\r\n}\r\n\r\nexport function getRequiredPermission(pathname: string): string[] | null {\r\n return null;\r\n}\r\n\r\nexport function isPublicMethod(pathname: string, method: string): boolean {\r\n for (const endpoint of OPEN_ENDPOINTS) {\r\n const key = Object.keys(endpoint)[0];\r\n if (pathname.startsWith(key) && endpoint[key].includes(method)) return true;\r\n }\r\n return false;\r\n}\r\n\r\nexport interface AuthHelpers {\r\n requireAuth(req: Request): Promise<Response | null>;\r\n requirePermission(req: Request, permission: string): Promise<Response | null>;\r\n requireEntityPermission(req: Request, entity: string, action: EntityCrudAction): Promise<Response | null>;\r\n requireAdminAccess(req: Request): Promise<Response | null>;\r\n getAuthenticatedUser(): Promise<SessionUser | null>;\r\n}\r\n\r\nexport function createAuthHelpers(getSession: GetSession, NextResponse: { json: (body: unknown, init?: { status?: number }) => Response }): AuthHelpers {\r\n return {\r\n async requireAuth() {\r\n const session = await getSession();\r\n if (!session?.user?.email) {\r\n return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });\r\n }\r\n return null;\r\n },\r\n async requirePermission() {\r\n const session = await getSession();\r\n if (!session?.user?.email) {\r\n return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });\r\n }\r\n return null;\r\n },\r\n async requireEntityPermission(_req: Request, entity: string, action: EntityCrudAction) {\r\n const session = await getSession();\r\n if (!session?.user?.email) {\r\n return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });\r\n }\r\n const u = session.user as SessionUser;\r\n if (sessionHasEntityAccess(u, entity, action)) return null;\r\n return NextResponse.json({ error: 'Forbidden', entity, action }, { status: 403 });\r\n },\r\n async requireAdminAccess() {\r\n const session = await getSession();\r\n if (!session?.user?.email) {\r\n return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });\r\n }\r\n const u = session.user as SessionUser;\r\n if (u.isRBACAdmin) return null;\r\n if (u.adminAccess === false) return NextResponse.json({ error: 'Forbidden', reason: 'admin_access' }, { status: 403 });\r\n return null;\r\n },\r\n async getAuthenticatedUser() {\r\n const session = await getSession();\r\n return (session?.user as SessionUser) ?? null;\r\n },\r\n };\r\n}\r\n","import type { DataSource } from 'typeorm';\r\nimport type { EntityTarget } from 'typeorm';\r\nimport type { ObjectLiteral } from 'typeorm';\r\nimport { getPermissionableEntityKeys, ADMIN_GROUP_NAME } from './permission-entities';\r\n\r\n/**\r\n * Ensures the Administrator group has full CRUD on every permissionable entity\r\n * for the given entity map. Idempotent: upserts per entity.\r\n */\r\nexport async function seedAdministratorPermissions(\r\n dataSource: DataSource,\r\n entityMap: Record<string, unknown>\r\n): Promise<void> {\r\n const entities = getPermissionableEntityKeys(entityMap);\r\n const groupRepo = dataSource.getRepository(entityMap.user_groups as EntityTarget<ObjectLiteral>);\r\n const permRepo = dataSource.getRepository(entityMap.permissions as EntityTarget<ObjectLiteral>);\r\n\r\n const adminGroup = await groupRepo.findOne({ where: { name: ADMIN_GROUP_NAME, deleted: false } });\r\n if (!adminGroup) return;\r\n\r\n const fullCrud = { canCreate: true, canRead: true, canUpdate: true, canDelete: true };\r\n\r\n for (const entity of entities) {\r\n const existing = await permRepo.findOne({\r\n where: { groupId: adminGroup.id, entity },\r\n });\r\n if (existing) {\r\n existing.canCreate = true;\r\n existing.canRead = true;\r\n existing.canUpdate = true;\r\n existing.canDelete = true;\r\n await permRepo.save(existing);\r\n } else {\r\n await permRepo.save(\r\n permRepo.create({\r\n groupId: adminGroup.id,\r\n entity,\r\n ...fullCrud,\r\n })\r\n );\r\n }\r\n }\r\n}\r\n","export interface CmsMiddlewareConfig {\r\n publicAdminPaths?: string[];\r\n publicApiPaths?: string[];\r\n /** path -> allowed methods */\r\n publicApiMethods?: Record<string, string[]>;\r\n signInPath?: string;\r\n getSessionToken?: (request: { cookies: { get: (name: string) => { value?: string } | undefined } }) => string | undefined;\r\n}\r\n\r\n/** Default public API paths (no auth). Sites should extend this with their own routes. */\r\nexport const defaultPublicApiMethods: Record<string, string[]> = {\r\n '/api/contacts': ['POST'],\r\n '/api/form-submissions': ['POST'],\r\n '/api/blogs': ['GET'],\r\n '/api/forms': ['GET'],\r\n '/api/auth': ['GET', 'POST'],\r\n '/api/health': ['GET'],\r\n '/api/users/forgot-password': ['POST'],\r\n '/api/users/set-password': ['POST'],\r\n '/api/users/invite': ['POST'],\r\n};\r\n\r\nfunction defaultGetSessionToken(request: { cookies: { get: (name: string) => { value?: string } | undefined } }): string | undefined {\r\n return (\r\n request.cookies.get('__Secure-next-auth.session-token')?.value ??\r\n request.cookies.get('next-auth.session-token')?.value\r\n );\r\n}\r\n\r\nfunction isPublicMethod(pathname: string, method: string, publicApiMethods: Record<string, string[]>): boolean {\r\n for (const [endpoint, methods] of Object.entries(publicApiMethods)) {\r\n if (pathname.startsWith(endpoint) && methods.includes(method)) return true;\r\n }\r\n return false;\r\n}\r\n\r\n/**\r\n * Returns middleware logic. Use from Next.js middleware:\r\n * import { createCmsMiddleware } from '@infuro/cms-core';\r\n * export const middleware = createCmsMiddleware({ ... });\r\n * export const config = { matcher: ['/admin/:path*', '/api/:path*'] };\r\n */\r\nexport function createCmsMiddleware(config: CmsMiddlewareConfig = {}) {\r\n const {\r\n publicAdminPaths = ['/admin/signin', '/admin/forgot-password', '/admin/reset-password', '/admin/invite'],\r\n publicApiMethods = defaultPublicApiMethods,\r\n signInPath = '/admin/signin',\r\n getSessionToken = defaultGetSessionToken,\r\n } = config;\r\n\r\n return function cmsMiddleware(request: {\r\n nextUrl: { pathname: string };\r\n url: string;\r\n method: string;\r\n cookies: { get: (name: string) => { value?: string } | undefined };\r\n }): { type: 'next' } | { type: 'redirect'; url: string } | { type: 'json'; status: number; body: unknown } {\r\n const pathname = request.nextUrl.pathname;\r\n const method = request.method;\r\n\r\n if (publicAdminPaths.some((p) => pathname === p || pathname.startsWith(p + '/'))) {\r\n return { type: 'next' };\r\n }\r\n\r\n if (pathname.startsWith('/admin')) {\r\n const token = getSessionToken(request);\r\n if (!token) {\r\n return { type: 'redirect', url: new URL(signInPath, request.url).toString() };\r\n }\r\n }\r\n\r\n if (pathname.startsWith('/api')) {\r\n if (isPublicMethod(pathname, method, publicApiMethods)) {\r\n return { type: 'next' };\r\n }\r\n const token = getSessionToken(request);\r\n if (!token) {\r\n return { type: 'json', status: 401, body: { error: 'Unauthorized' } };\r\n }\r\n }\r\n\r\n return { type: 'next' };\r\n };\r\n}\r\n","/**\r\n * Build NextAuth options for credentials auth. App can extend/override via extend().\r\n */\r\nimport type { NextAuthOptions } from 'next-auth';\r\nimport _CredentialsProvider from 'next-auth/providers/credentials';\r\nconst CredentialsProvider = (_CredentialsProvider as unknown as { default: typeof _CredentialsProvider }).default ?? _CredentialsProvider;\r\nimport { isSuperAdminGroupName, permissionRowsToRecord } from './permission-entities';\r\n\r\nexport interface NextAuthUser {\r\n id: number;\r\n email: string;\r\n name: string | null;\r\n password: string | null;\r\n blocked?: boolean;\r\n deleted?: boolean;\r\n groupId?: number | null;\r\n adminAccess?: boolean;\r\n group?: {\r\n name?: string;\r\n permissions?: Array<{\r\n entity: string;\r\n canCreate: boolean;\r\n canRead: boolean;\r\n canUpdate: boolean;\r\n canDelete: boolean;\r\n }>;\r\n };\r\n}\r\n\r\nexport interface AuthorizeOtpInput {\r\n identifier: string;\r\n channel: 'email' | 'sms';\r\n code: string;\r\n}\r\n\r\nexport interface NextAuthOptionsConfig {\r\n /** Resolve user by email (e.g. from TypeORM). Return null if not found. */\r\n getUserByEmail: (email: string) => Promise<NextAuthUser | null>;\r\n comparePassword: (plain: string, hash: string) => Promise<boolean>;\r\n signInPage?: string;\r\n secret?: string;\r\n extend?: (options: NextAuthOptions) => NextAuthOptions;\r\n /** When false, password CredentialsProvider is omitted. Default true. */\r\n enablePasswordLogin?: boolean;\r\n /** When true, registers CredentialsProvider id `otp`. Requires authorizeOtp. Default false. */\r\n enableOtpLogin?: boolean;\r\n /** Validate OTP and return user (same shape as password flow) or null. */\r\n authorizeOtp?: (input: AuthorizeOtpInput) => Promise<NextAuthUser | null>;\r\n}\r\n\r\nfunction sessionUserFromNextAuthUser(user: NextAuthUser) {\r\n const g = user.group;\r\n const isRBACAdmin = isSuperAdminGroupName(g?.name);\r\n const entityPerms = permissionRowsToRecord(g?.permissions);\r\n const adminAccess = (user as NextAuthUser & { adminAccess?: boolean }).adminAccess === true;\r\n return {\r\n id: user.id.toString(),\r\n email: user.email,\r\n name: user.name,\r\n groupId: user.groupId ?? undefined,\r\n isRBACAdmin,\r\n entityPerms,\r\n adminAccess,\r\n };\r\n}\r\n\r\nexport function getNextAuthOptions(config: NextAuthOptionsConfig): NextAuthOptions {\r\n const {\r\n getUserByEmail,\r\n comparePassword,\r\n signInPage = '/admin/signin',\r\n secret,\r\n extend,\r\n enablePasswordLogin = true,\r\n enableOtpLogin = false,\r\n authorizeOtp,\r\n } = config;\r\n\r\n const providers: NextAuthOptions['providers'] = [];\r\n\r\n if (enablePasswordLogin) {\r\n providers.push(\r\n CredentialsProvider({\r\n name: 'credentials',\r\n credentials: {\r\n email: { label: 'Email', type: 'email' },\r\n password: { label: 'Password', type: 'password' },\r\n },\r\n async authorize(credentials) {\r\n if (!credentials?.email || !credentials?.password) return null;\r\n try {\r\n const user = await getUserByEmail(credentials.email);\r\n if (!user || user.blocked || (user as { deleted?: boolean }).deleted || !user.password) return null;\r\n const valid = await comparePassword(credentials.password, user.password);\r\n if (!valid) return null;\r\n return sessionUserFromNextAuthUser(user);\r\n } catch {\r\n return null;\r\n }\r\n },\r\n })\r\n );\r\n }\r\n\r\n if (enableOtpLogin && authorizeOtp) {\r\n providers.push(\r\n CredentialsProvider({\r\n id: 'otp',\r\n name: 'otp',\r\n credentials: {\r\n identifier: { label: 'Email or phone', type: 'text' },\r\n code: { label: 'Code', type: 'text' },\r\n channel: { label: 'Channel', type: 'text' },\r\n },\r\n async authorize(credentials) {\r\n const identifier = typeof credentials?.identifier === 'string' ? credentials.identifier.trim() : '';\r\n const code = typeof credentials?.code === 'string' ? credentials.code.trim() : '';\r\n const ch = credentials?.channel === 'sms' ? 'sms' : 'email';\r\n if (!identifier || !code) return null;\r\n try {\r\n const user = await authorizeOtp({ identifier, channel: ch, code });\r\n if (!user || user.blocked || (user as { deleted?: boolean }).deleted) return null;\r\n return sessionUserFromNextAuthUser(user);\r\n } catch {\r\n return null;\r\n }\r\n },\r\n })\r\n );\r\n }\r\n\r\n const options: NextAuthOptions = {\r\n secret: secret ?? process.env.NEXTAUTH_SECRET,\r\n providers,\r\n session: { strategy: 'jwt' },\r\n pages: { signIn: signInPage },\r\n cookies: {\r\n sessionToken: {\r\n name: process.env.NEXTAUTH_URL?.startsWith('https')\r\n ? '__Secure-next-auth.session-token'\r\n : 'next-auth.session-token',\r\n options: {\r\n httpOnly: true,\r\n sameSite: 'lax',\r\n path: '/',\r\n secure: process.env.NEXTAUTH_URL?.startsWith('https') ?? false,\r\n },\r\n },\r\n },\r\n callbacks: {\r\n async jwt({ token, user }) {\r\n if (user) {\r\n const u = user as unknown as Record<string, unknown>;\r\n (token as Record<string, unknown>).id = u.id;\r\n (token as Record<string, unknown>).groupId = u.groupId;\r\n (token as Record<string, unknown>).isRBACAdmin = u.isRBACAdmin;\r\n (token as Record<string, unknown>).entityPerms = u.entityPerms;\r\n (token as Record<string, unknown>).adminAccess = u.adminAccess;\r\n }\r\n return token;\r\n },\r\n async session({ session, token }) {\r\n if (session.user) {\r\n const t = token as Record<string, unknown>;\r\n (session.user as Record<string, unknown>).id = t.id;\r\n (session.user as Record<string, unknown>).groupId = t.groupId;\r\n (session.user as Record<string, unknown>).isRBACAdmin = t.isRBACAdmin;\r\n (session.user as Record<string, unknown>).entityPerms = t.entityPerms;\r\n (session.user as Record<string, unknown>).adminAccess = t.adminAccess;\r\n }\r\n return session;\r\n },\r\n },\r\n };\r\n\r\n return extend ? extend(options) : options;\r\n}\r\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACCO,IAAM,qCAAqC,oBAAI,IAAI;AAAA,EACxD;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAGM,IAAM,8BAA8B;AAAA,EACzC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAGO,IAAM,mBAAmB;AAGzB,SAAS,sBAAsB,MAA0C;AAC9E,SAAO,SAAS;AAClB;AAMO,SAAS,4BAA4B,WAA8C;AACxF,QAAM,UAAU,OAAO,KAAK,SAAS,EAAE,OAAO,CAAC,MAAM,CAAC,mCAAmC,IAAI,CAAC,CAAC;AAC/F,QAAM,UAAU,4BAA4B,OAAO,CAAC,MAAM,CAAC,QAAQ,SAAS,CAAC,CAAC;AAC9E,SAAO,CAAC,GAAG,QAAQ,KAAK,GAAG,GAAG,OAAO,EAAE,OAAO,CAAC,GAAG,GAAG,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC;AAC/E;AAEO,SAAS,uBACd,MACuC;AACvC,QAAM,MAA6C,CAAC;AACpD,MAAI,CAAC,MAAM,OAAQ,QAAO;AAC1B,aAAW,KAAK,MAAM;AACpB,QAAI,EAAE,MAAM,IAAI;AAAA,MACd,GAAG,CAAC,CAAC,EAAE;AAAA,MACP,GAAG,CAAC,CAAC,EAAE;AAAA,MACP,GAAG,CAAC,CAAC,EAAE;AAAA,MACP,GAAG,CAAC,CAAC,EAAE;AAAA,IACT;AAAA,EACF;AACA,SAAO;AACT;AAEO,SAAS,oBACd,QACA,QACA,QACS;AACT,QAAM,IAAI,SAAS,MAAM;AACzB,MAAI,CAAC,EAAG,QAAO;AACf,MAAI,WAAW,SAAU,QAAO,EAAE;AAClC,MAAI,WAAW,OAAQ,QAAO,EAAE;AAChC,MAAI,WAAW,SAAU,QAAO,EAAE;AAClC,SAAO,EAAE;AACX;;;ACtEO,IAAM,2BAA2B,oBAAI,IAAI,CAAC,SAAS,eAAe,aAAa,CAAC;AAgBhF,SAAS,uBACd,MACA,QACA,QACS;AACT,MAAI,CAAC,MAAM,MAAO,QAAO;AACzB,MAAI,KAAK,eAAe,yBAAyB,IAAI,MAAM,EAAG,QAAO;AACrE,SAAO,oBAAoB,KAAK,aAAa,QAAQ,MAAM;AAC7D;AAEO,SAAS,eAAe,MAA+C;AAC5E,SAAO,CAAC,EAAE,MAAM,SAAS,KAAK;AAChC;AAIO,IAAM,iBAAkD;AAAA,EAC7D,EAAE,iBAAiB,CAAC,MAAM,EAAE;AAAA,EAC5B,EAAE,yBAAyB,CAAC,MAAM,EAAE;AAAA,EACpC,EAAE,cAAc,CAAC,KAAK,EAAE;AAC1B;AAEO,IAAM,gCAA0D,CAAC;AAEjE,SAAS,eAAe,UAA2B;AACxD,SAAO,eAAe,KAAK,CAAC,aAAa,SAAS,WAAW,OAAO,KAAK,QAAQ,EAAE,CAAC,CAAC,CAAC;AACxF;AAEO,SAAS,sBAAsB,UAAmC;AACvE,SAAO;AACT;AAEO,SAAS,eAAe,UAAkB,QAAyB;AACxE,aAAW,YAAY,gBAAgB;AACrC,UAAM,MAAM,OAAO,KAAK,QAAQ,EAAE,CAAC;AACnC,QAAI,SAAS,WAAW,GAAG,KAAK,SAAS,GAAG,EAAE,SAAS,MAAM,EAAG,QAAO;AAAA,EACzE;AACA,SAAO;AACT;AAUO,SAAS,kBAAkB,YAAwB,cAA8F;AACtJ,SAAO;AAAA,IACL,MAAM,cAAc;AAClB,YAAM,UAAU,MAAM,WAAW;AACjC,UAAI,CAAC,SAAS,MAAM,OAAO;AACzB,eAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MACrE;AACA,aAAO;AAAA,IACT;AAAA,IACA,MAAM,oBAAoB;AACxB,YAAM,UAAU,MAAM,WAAW;AACjC,UAAI,CAAC,SAAS,MAAM,OAAO;AACzB,eAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MACrE;AACA,aAAO;AAAA,IACT;AAAA,IACA,MAAM,wBAAwB,MAAe,QAAgB,QAA0B;AACrF,YAAM,UAAU,MAAM,WAAW;AACjC,UAAI,CAAC,SAAS,MAAM,OAAO;AACzB,eAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MACrE;AACA,YAAM,IAAI,QAAQ;AAClB,UAAI,uBAAuB,GAAG,QAAQ,MAAM,EAAG,QAAO;AACtD,aAAO,aAAa,KAAK,EAAE,OAAO,aAAa,QAAQ,OAAO,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAClF;AAAA,IACA,MAAM,qBAAqB;AACzB,YAAM,UAAU,MAAM,WAAW;AACjC,UAAI,CAAC,SAAS,MAAM,OAAO;AACzB,eAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MACrE;AACA,YAAM,IAAI,QAAQ;AAClB,UAAI,EAAE,YAAa,QAAO;AAC1B,UAAI,EAAE,gBAAgB,MAAO,QAAO,aAAa,KAAK,EAAE,OAAO,aAAa,QAAQ,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AACrH,aAAO;AAAA,IACT;AAAA,IACA,MAAM,uBAAuB;AAC3B,YAAM,UAAU,MAAM,WAAW;AACjC,aAAQ,SAAS,QAAwB;AAAA,IAC3C;AAAA,EACF;AACF;;;ACnGA,eAAsB,6BACpB,YACA,WACe;AACf,QAAM,WAAW,4BAA4B,SAAS;AACtD,QAAM,YAAY,WAAW,cAAc,UAAU,WAA0C;AAC/F,QAAM,WAAW,WAAW,cAAc,UAAU,WAA0C;AAE9F,QAAM,aAAa,MAAM,UAAU,QAAQ,EAAE,OAAO,EAAE,MAAM,kBAAkB,SAAS,MAAM,EAAE,CAAC;AAChG,MAAI,CAAC,WAAY;AAEjB,QAAM,WAAW,EAAE,WAAW,MAAM,SAAS,MAAM,WAAW,MAAM,WAAW,KAAK;AAEpF,aAAW,UAAU,UAAU;AAC7B,UAAM,WAAW,MAAM,SAAS,QAAQ;AAAA,MACtC,OAAO,EAAE,SAAS,WAAW,IAAI,OAAO;AAAA,IAC1C,CAAC;AACD,QAAI,UAAU;AACZ,eAAS,YAAY;AACrB,eAAS,UAAU;AACnB,eAAS,YAAY;AACrB,eAAS,YAAY;AACrB,YAAM,SAAS,KAAK,QAAQ;AAAA,IAC9B,OAAO;AACL,YAAM,SAAS;AAAA,QACb,SAAS,OAAO;AAAA,UACd,SAAS,WAAW;AAAA,UACpB;AAAA,UACA,GAAG;AAAA,QACL,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AACF;;;AChCO,IAAM,0BAAoD;AAAA,EAC/D,iBAAiB,CAAC,MAAM;AAAA,EACxB,yBAAyB,CAAC,MAAM;AAAA,EAChC,cAAc,CAAC,KAAK;AAAA,EACpB,cAAc,CAAC,KAAK;AAAA,EACpB,aAAa,CAAC,OAAO,MAAM;AAAA,EAC3B,eAAe,CAAC,KAAK;AAAA,EACrB,8BAA8B,CAAC,MAAM;AAAA,EACrC,2BAA2B,CAAC,MAAM;AAAA,EAClC,qBAAqB,CAAC,MAAM;AAC9B;AAEA,SAAS,uBAAuB,SAAqG;AACnI,SACE,QAAQ,QAAQ,IAAI,kCAAkC,GAAG,SACzD,QAAQ,QAAQ,IAAI,yBAAyB,GAAG;AAEpD;AAEA,SAASA,gBAAe,UAAkB,QAAgB,kBAAqD;AAC7G,aAAW,CAAC,UAAU,OAAO,KAAK,OAAO,QAAQ,gBAAgB,GAAG;AAClE,QAAI,SAAS,WAAW,QAAQ,KAAK,QAAQ,SAAS,MAAM,EAAG,QAAO;AAAA,EACxE;AACA,SAAO;AACT;AAQO,SAAS,oBAAoB,SAA8B,CAAC,GAAG;AACpE,QAAM;AAAA,IACJ,mBAAmB,CAAC,iBAAiB,0BAA0B,yBAAyB,eAAe;AAAA,IACvG,mBAAmB;AAAA,IACnB,aAAa;AAAA,IACb,kBAAkB;AAAA,EACpB,IAAI;AAEJ,SAAO,SAAS,cAAc,SAK6E;AACzG,UAAM,WAAW,QAAQ,QAAQ;AACjC,UAAM,SAAS,QAAQ;AAEvB,QAAI,iBAAiB,KAAK,CAAC,MAAM,aAAa,KAAK,SAAS,WAAW,IAAI,GAAG,CAAC,GAAG;AAChF,aAAO,EAAE,MAAM,OAAO;AAAA,IACxB;AAEA,QAAI,SAAS,WAAW,QAAQ,GAAG;AACjC,YAAM,QAAQ,gBAAgB,OAAO;AACrC,UAAI,CAAC,OAAO;AACV,eAAO,EAAE,MAAM,YAAY,KAAK,IAAI,IAAI,YAAY,QAAQ,GAAG,EAAE,SAAS,EAAE;AAAA,MAC9E;AAAA,IACF;AAEA,QAAI,SAAS,WAAW,MAAM,GAAG;AAC/B,UAAIA,gBAAe,UAAU,QAAQ,gBAAgB,GAAG;AACtD,eAAO,EAAE,MAAM,OAAO;AAAA,MACxB;AACA,YAAM,QAAQ,gBAAgB,OAAO;AACrC,UAAI,CAAC,OAAO;AACV,eAAO,EAAE,MAAM,QAAQ,QAAQ,KAAK,MAAM,EAAE,OAAO,eAAe,EAAE;AAAA,MACtE;AAAA,IACF;AAEA,WAAO,EAAE,MAAM,OAAO;AAAA,EACxB;AACF;;;AC9EA,yBAAiC;AACjC,IAAM,sBAAuB,mBAAAC,QAA6E,WAAW,mBAAAA;AA6CrH,SAAS,4BAA4B,MAAoB;AACvD,QAAM,IAAI,KAAK;AACf,QAAM,cAAc,sBAAsB,GAAG,IAAI;AACjD,QAAM,cAAc,uBAAuB,GAAG,WAAW;AACzD,QAAM,cAAe,KAAkD,gBAAgB;AACvF,SAAO;AAAA,IACL,IAAI,KAAK,GAAG,SAAS;AAAA,IACrB,OAAO,KAAK;AAAA,IACZ,MAAM,KAAK;AAAA,IACX,SAAS,KAAK,WAAW;AAAA,IACzB;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAEO,SAAS,mBAAmB,QAAgD;AACjF,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA,aAAa;AAAA,IACb;AAAA,IACA;AAAA,IACA,sBAAsB;AAAA,IACtB,iBAAiB;AAAA,IACjB;AAAA,EACF,IAAI;AAEJ,QAAM,YAA0C,CAAC;AAEjD,MAAI,qBAAqB;AACvB,cAAU;AAAA,MACR,oBAAoB;AAAA,QAClB,MAAM;AAAA,QACN,aAAa;AAAA,UACX,OAAO,EAAE,OAAO,SAAS,MAAM,QAAQ;AAAA,UACvC,UAAU,EAAE,OAAO,YAAY,MAAM,WAAW;AAAA,QAClD;AAAA,QACA,MAAM,UAAU,aAAa;AAC3B,cAAI,CAAC,aAAa,SAAS,CAAC,aAAa,SAAU,QAAO;AAC1D,cAAI;AACF,kBAAM,OAAO,MAAM,eAAe,YAAY,KAAK;AACnD,gBAAI,CAAC,QAAQ,KAAK,WAAY,KAA+B,WAAW,CAAC,KAAK,SAAU,QAAO;AAC/F,kBAAM,QAAQ,MAAM,gBAAgB,YAAY,UAAU,KAAK,QAAQ;AACvE,gBAAI,CAAC,MAAO,QAAO;AACnB,mBAAO,4BAA4B,IAAI;AAAA,UACzC,QAAQ;AACN,mBAAO;AAAA,UACT;AAAA,QACF;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAEA,MAAI,kBAAkB,cAAc;AAClC,cAAU;AAAA,MACR,oBAAoB;AAAA,QAClB,IAAI;AAAA,QACJ,MAAM;AAAA,QACN,aAAa;AAAA,UACX,YAAY,EAAE,OAAO,kBAAkB,MAAM,OAAO;AAAA,UACpD,MAAM,EAAE,OAAO,QAAQ,MAAM,OAAO;AAAA,UACpC,SAAS,EAAE,OAAO,WAAW,MAAM,OAAO;AAAA,QAC5C;AAAA,QACA,MAAM,UAAU,aAAa;AAC3B,gBAAM,aAAa,OAAO,aAAa,eAAe,WAAW,YAAY,WAAW,KAAK,IAAI;AACjG,gBAAM,OAAO,OAAO,aAAa,SAAS,WAAW,YAAY,KAAK,KAAK,IAAI;AAC/E,gBAAM,KAAK,aAAa,YAAY,QAAQ,QAAQ;AACpD,cAAI,CAAC,cAAc,CAAC,KAAM,QAAO;AACjC,cAAI;AACF,kBAAM,OAAO,MAAM,aAAa,EAAE,YAAY,SAAS,IAAI,KAAK,CAAC;AACjE,gBAAI,CAAC,QAAQ,KAAK,WAAY,KAA+B,QAAS,QAAO;AAC7E,mBAAO,4BAA4B,IAAI;AAAA,UACzC,QAAQ;AACN,mBAAO;AAAA,UACT;AAAA,QACF;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAEA,QAAM,UAA2B;AAAA,IAC/B,QAAQ,UAAU,QAAQ,IAAI;AAAA,IAC9B;AAAA,IACA,SAAS,EAAE,UAAU,MAAM;AAAA,IAC3B,OAAO,EAAE,QAAQ,WAAW;AAAA,IAC5B,SAAS;AAAA,MACP,cAAc;AAAA,QACZ,MAAM,QAAQ,IAAI,cAAc,WAAW,OAAO,IAC9C,qCACA;AAAA,QACJ,SAAS;AAAA,UACP,UAAU;AAAA,UACV,UAAU;AAAA,UACV,MAAM;AAAA,UACN,QAAQ,QAAQ,IAAI,cAAc,WAAW,OAAO,KAAK;AAAA,QAC3D;AAAA,MACF;AAAA,IACF;AAAA,IACA,WAAW;AAAA,MACT,MAAM,IAAI,EAAE,OAAO,KAAK,GAAG;AACzB,YAAI,MAAM;AACR,gBAAM,IAAI;AACV,UAAC,MAAkC,KAAK,EAAE;AAC1C,UAAC,MAAkC,UAAU,EAAE;AAC/C,UAAC,MAAkC,cAAc,EAAE;AACnD,UAAC,MAAkC,cAAc,EAAE;AACnD,UAAC,MAAkC,cAAc,EAAE;AAAA,QACrD;AACA,eAAO;AAAA,MACT;AAAA,MACA,MAAM,QAAQ,EAAE,SAAS,MAAM,GAAG;AAChC,YAAI,QAAQ,MAAM;AAChB,gBAAM,IAAI;AACV,UAAC,QAAQ,KAAiC,KAAK,EAAE;AACjD,UAAC,QAAQ,KAAiC,UAAU,EAAE;AACtD,UAAC,QAAQ,KAAiC,cAAc,EAAE;AAC1D,UAAC,QAAQ,KAAiC,cAAc,EAAE;AAC1D,UAAC,QAAQ,KAAiC,cAAc,EAAE;AAAA,QAC5D;AACA,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAEA,SAAO,SAAS,OAAO,OAAO,IAAI;AACpC;","names":["isPublicMethod","_CredentialsProvider"]}
1
+ {"version":3,"sources":["../src/auth/index.ts","../src/auth/permission-entities.ts","../src/auth/helpers.ts","../src/auth/seed-permissions.ts","../src/auth/middleware.ts","../src/auth/nextauth-options.ts"],"sourcesContent":["export {\r\n createAuthHelpers,\r\n OPEN_ENDPOINTS,\r\n PERMISSION_REQUIRED_ENDPOINTS,\r\n isOpenEndpoint,\r\n isPublicMethod,\r\n getRequiredPermission,\r\n} from './helpers';\r\nexport type { SessionUser, GetSession, AuthHelpers } from './helpers';\r\nexport { sessionHasEntityAccess, canManageRoles, RBAC_ADMIN_ONLY_ENTITIES } from './helpers';\r\nexport {\r\n getPermissionableEntityKeys,\r\n ADMIN_GROUP_NAME,\r\n isSuperAdminGroupName,\r\n permissionRowsToRecord,\r\n hasEntityPermission,\r\n} from './permission-entities';\r\nexport { seedAdministratorPermissions } from './seed-permissions';\r\nexport type { EntityCrudAction, EntityPermissionFlags } from './permission-entities';\r\nexport { createCmsMiddleware, defaultPublicApiMethods } from './middleware';\r\nexport type { CmsMiddlewareConfig } from './middleware';\r\nexport { getNextAuthOptions } from './nextauth-options';\r\nexport type { NextAuthOptionsConfig, NextAuthUser, AuthorizeOtpInput } from './nextauth-options';\r\n","/** API resource keys excluded from the permission matrix (internal / not admin-CRUD). */\r\nexport const PERMISSION_ENTITY_INTERNAL_EXCLUDE = new Set([\r\n 'users',\r\n 'password_reset_tokens',\r\n 'user_groups',\r\n 'permissions',\r\n 'comments',\r\n 'form_fields',\r\n 'configs',\r\n 'knowledge_base_chunks',\r\n 'carts',\r\n 'cart_items',\r\n 'wishlists',\r\n 'wishlist_items',\r\n 'message_templates',\r\n]);\r\n\r\n/** Non-CRUD admin surfaces mapped to entity keys for RBAC. */\r\nexport const PERMISSION_LOGICAL_ENTITIES = [\r\n 'users',\r\n 'forms',\r\n 'form_submissions',\r\n 'dashboard',\r\n 'upload',\r\n 'settings',\r\n 'analytics',\r\n 'chat',\r\n] as const;\r\n\r\n/** Canonical name for new installs / migrations */\r\nexport const ADMIN_GROUP_NAME = 'Administrator';\r\n\r\n/** System administrator group (roles UI + users / user_groups / permissions bypass). */\r\nexport function isSuperAdminGroupName(name: string | null | undefined): boolean {\r\n return name === ADMIN_GROUP_NAME;\r\n}\r\n\r\nexport type EntityCrudAction = 'create' | 'read' | 'update' | 'delete';\r\n\r\nexport type EntityPermissionFlags = { c: boolean; r: boolean; u: boolean; d: boolean };\r\n\r\nexport function getPermissionableEntityKeys(entityMap: Record<string, unknown>): string[] {\r\n const fromMap = Object.keys(entityMap).filter((k) => !PERMISSION_ENTITY_INTERNAL_EXCLUDE.has(k));\r\n const logical = PERMISSION_LOGICAL_ENTITIES.filter((k) => !fromMap.includes(k));\r\n return [...fromMap.sort(), ...logical].filter((k, i, a) => a.indexOf(k) === i);\r\n}\r\n\r\nexport function permissionRowsToRecord(\r\n rows: Array<{ entity: string; canCreate: boolean; canRead: boolean; canUpdate: boolean; canDelete: boolean }> | undefined\r\n): Record<string, EntityPermissionFlags> {\r\n const out: Record<string, EntityPermissionFlags> = {};\r\n if (!rows?.length) return out;\r\n for (const p of rows) {\r\n out[p.entity] = {\r\n c: !!p.canCreate,\r\n r: !!p.canRead,\r\n u: !!p.canUpdate,\r\n d: !!p.canDelete,\r\n };\r\n }\r\n return out;\r\n}\r\n\r\nexport function hasEntityPermission(\r\n record: Record<string, EntityPermissionFlags> | undefined,\r\n entity: string,\r\n action: EntityCrudAction\r\n): boolean {\r\n const p = record?.[entity];\r\n if (!p) return false;\r\n if (action === 'create') return p.c;\r\n if (action === 'read') return p.r;\r\n if (action === 'update') return p.u;\r\n return p.d;\r\n}\r\n","import type { EntityCrudAction, EntityPermissionFlags } from './permission-entities';\r\nimport { hasEntityPermission } from './permission-entities';\r\n\r\n/** isRBACAdmin bypasses entity checks only for these (users / roles plumbing). */\r\nexport const RBAC_ADMIN_ONLY_ENTITIES = new Set(['users', 'user_groups', 'permissions']);\r\n\r\nexport interface SessionUser {\r\n id?: string;\r\n email?: string | null;\r\n name?: string | null;\r\n groupId?: number;\r\n /** @deprecated use entityPerms / isRBACAdmin */\r\n permissions?: string[];\r\n /** Administrator group: full access only for users, user_groups, permissions */\r\n isRBACAdmin?: boolean;\r\n entityPerms?: Record<string, EntityPermissionFlags>;\r\n /** When false and not isRBACAdmin, admin API/UI is denied. */\r\n adminAccess?: boolean;\r\n}\r\n\r\nexport function sessionHasEntityAccess(\r\n user: SessionUser | null | undefined,\r\n entity: string,\r\n action: EntityCrudAction\r\n): boolean {\r\n if (!user?.email) return false;\r\n if (user.isRBACAdmin && RBAC_ADMIN_ONLY_ENTITIES.has(entity)) return true;\r\n return hasEntityPermission(user.entityPerms, entity, action);\r\n}\r\n\r\nexport function canManageRoles(user: SessionUser | null | undefined): boolean {\r\n return !!(user?.email && user.isRBACAdmin);\r\n}\r\n\r\nexport type GetSession = () => Promise<{ user?: SessionUser } | null>;\r\n\r\nexport const OPEN_ENDPOINTS: Array<Record<string, string[]>> = [\r\n { '/api/contacts': ['POST'] },\r\n { '/api/form-submissions': ['POST'] },\r\n { '/api/blogs': ['GET'] },\r\n];\r\n\r\nexport const PERMISSION_REQUIRED_ENDPOINTS: Record<string, string[]> = {};\r\n\r\nexport function isOpenEndpoint(pathname: string): boolean {\r\n return OPEN_ENDPOINTS.some((endpoint) => pathname.startsWith(Object.keys(endpoint)[0]));\r\n}\r\n\r\nexport function getRequiredPermission(pathname: string): string[] | null {\r\n return null;\r\n}\r\n\r\nexport function isPublicMethod(pathname: string, method: string): boolean {\r\n for (const endpoint of OPEN_ENDPOINTS) {\r\n const key = Object.keys(endpoint)[0];\r\n if (pathname.startsWith(key) && endpoint[key].includes(method)) return true;\r\n }\r\n return false;\r\n}\r\n\r\nexport interface AuthHelpers {\r\n requireAuth(req: Request): Promise<Response | null>;\r\n requirePermission(req: Request, permission: string): Promise<Response | null>;\r\n requireEntityPermission(req: Request, entity: string, action: EntityCrudAction): Promise<Response | null>;\r\n requireAdminAccess(req: Request): Promise<Response | null>;\r\n getAuthenticatedUser(): Promise<SessionUser | null>;\r\n}\r\n\r\nexport function createAuthHelpers(getSession: GetSession, NextResponse: { json: (body: unknown, init?: { status?: number }) => Response }): AuthHelpers {\r\n return {\r\n async requireAuth() {\r\n const session = await getSession();\r\n if (!session?.user?.email) {\r\n return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });\r\n }\r\n return null;\r\n },\r\n async requirePermission() {\r\n const session = await getSession();\r\n if (!session?.user?.email) {\r\n return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });\r\n }\r\n return null;\r\n },\r\n async requireEntityPermission(_req: Request, entity: string, action: EntityCrudAction) {\r\n const session = await getSession();\r\n if (!session?.user?.email) {\r\n return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });\r\n }\r\n const u = session.user as SessionUser;\r\n if (sessionHasEntityAccess(u, entity, action)) return null;\r\n return NextResponse.json({ error: 'Forbidden', entity, action }, { status: 403 });\r\n },\r\n async requireAdminAccess() {\r\n const session = await getSession();\r\n if (!session?.user?.email) {\r\n return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });\r\n }\r\n const u = session.user as SessionUser;\r\n if (u.isRBACAdmin) return null;\r\n if (u.adminAccess === false) return NextResponse.json({ error: 'Forbidden', reason: 'admin_access' }, { status: 403 });\r\n return null;\r\n },\r\n async getAuthenticatedUser() {\r\n const session = await getSession();\r\n return (session?.user as SessionUser) ?? null;\r\n },\r\n };\r\n}\r\n","import type { DataSource } from 'typeorm';\r\nimport type { EntityTarget } from 'typeorm';\r\nimport type { ObjectLiteral } from 'typeorm';\r\nimport { getPermissionableEntityKeys, ADMIN_GROUP_NAME } from './permission-entities';\r\n\r\n/**\r\n * Ensures the Administrator group has full CRUD on every permissionable entity\r\n * for the given entity map. Idempotent: upserts per entity.\r\n */\r\nexport async function seedAdministratorPermissions(\r\n dataSource: DataSource,\r\n entityMap: Record<string, unknown>\r\n): Promise<void> {\r\n const entities = getPermissionableEntityKeys(entityMap);\r\n const groupRepo = dataSource.getRepository(entityMap.user_groups as EntityTarget<ObjectLiteral>);\r\n const permRepo = dataSource.getRepository(entityMap.permissions as EntityTarget<ObjectLiteral>);\r\n\r\n const adminGroup = await groupRepo.findOne({ where: { name: ADMIN_GROUP_NAME, deleted: false } });\r\n if (!adminGroup) return;\r\n\r\n const fullCrud = { canCreate: true, canRead: true, canUpdate: true, canDelete: true };\r\n\r\n for (const entity of entities) {\r\n const existing = await permRepo.findOne({\r\n where: { groupId: adminGroup.id, entity },\r\n });\r\n if (existing) {\r\n existing.canCreate = true;\r\n existing.canRead = true;\r\n existing.canUpdate = true;\r\n existing.canDelete = true;\r\n await permRepo.save(existing);\r\n } else {\r\n await permRepo.save(\r\n permRepo.create({\r\n groupId: adminGroup.id,\r\n entity,\r\n ...fullCrud,\r\n })\r\n );\r\n }\r\n }\r\n}\r\n","export interface CmsMiddlewareConfig {\r\n publicAdminPaths?: string[];\r\n publicApiPaths?: string[];\r\n /** path -> allowed methods */\r\n publicApiMethods?: Record<string, string[]>;\r\n signInPath?: string;\r\n getSessionToken?: (request: { cookies: { get: (name: string) => { value?: string } | undefined } }) => string | undefined;\r\n}\r\n\r\n/** Default public API paths (no auth). Sites should extend this with their own routes. */\r\nexport const defaultPublicApiMethods: Record<string, string[]> = {\r\n '/api/contacts': ['POST'],\r\n '/api/form-submissions': ['POST'],\r\n '/api/blogs': ['GET'],\r\n '/api/forms': ['GET'],\r\n '/api/auth': ['GET', 'POST'],\r\n '/api/health': ['GET'],\r\n '/api/users/forgot-password': ['POST'],\r\n '/api/users/set-password': ['POST'],\r\n '/api/users/invite': ['POST'],\r\n};\r\n\r\nfunction defaultGetSessionToken(request: { cookies: { get: (name: string) => { value?: string } | undefined } }): string | undefined {\r\n return (\r\n request.cookies.get('__Secure-next-auth.session-token')?.value ??\r\n request.cookies.get('next-auth.session-token')?.value\r\n );\r\n}\r\n\r\nfunction isPublicMethod(pathname: string, method: string, publicApiMethods: Record<string, string[]>): boolean {\r\n for (const [endpoint, methods] of Object.entries(publicApiMethods)) {\r\n if (pathname.startsWith(endpoint) && methods.includes(method)) return true;\r\n }\r\n return false;\r\n}\r\n\r\n/**\r\n * Returns middleware logic. Use from Next.js middleware:\r\n * import { createCmsMiddleware } from '@infuro/cms-core';\r\n * export const middleware = createCmsMiddleware({ ... });\r\n * export const config = { matcher: ['/admin/:path*', '/api/:path*'] };\r\n */\r\nexport function createCmsMiddleware(config: CmsMiddlewareConfig = {}) {\r\n const {\r\n publicAdminPaths = ['/admin/signin', '/admin/forgot-password', '/admin/reset-password', '/admin/invite'],\r\n publicApiMethods = defaultPublicApiMethods,\r\n signInPath = '/admin/signin',\r\n getSessionToken = defaultGetSessionToken,\r\n } = config;\r\n\r\n return function cmsMiddleware(request: {\r\n nextUrl: { pathname: string };\r\n url: string;\r\n method: string;\r\n cookies: { get: (name: string) => { value?: string } | undefined };\r\n }): { type: 'next' } | { type: 'redirect'; url: string } | { type: 'json'; status: number; body: unknown } {\r\n const pathname = request.nextUrl.pathname;\r\n const method = request.method;\r\n\r\n if (publicAdminPaths.some((p) => pathname === p || pathname.startsWith(p + '/'))) {\r\n return { type: 'next' };\r\n }\r\n\r\n if (pathname.startsWith('/admin')) {\r\n const token = getSessionToken(request);\r\n if (!token) {\r\n return { type: 'redirect', url: new URL(signInPath, request.url).toString() };\r\n }\r\n }\r\n\r\n if (pathname.startsWith('/api')) {\r\n if (isPublicMethod(pathname, method, publicApiMethods)) {\r\n return { type: 'next' };\r\n }\r\n const token = getSessionToken(request);\r\n if (!token) {\r\n return { type: 'json', status: 401, body: { error: 'Unauthorized' } };\r\n }\r\n }\r\n\r\n return { type: 'next' };\r\n };\r\n}\r\n","/**\r\n * Build NextAuth options for credentials auth. App can extend/override via extend().\r\n */\r\nimport type { NextAuthOptions } from 'next-auth';\r\nimport _CredentialsProvider from 'next-auth/providers/credentials';\r\nconst CredentialsProvider = (_CredentialsProvider as unknown as { default: typeof _CredentialsProvider }).default ?? _CredentialsProvider;\r\nimport { isSuperAdminGroupName, permissionRowsToRecord } from './permission-entities';\r\n\r\nexport interface NextAuthUser {\r\n id: number;\r\n email: string;\r\n name: string | null;\r\n password: string | null;\r\n blocked?: boolean;\r\n deleted?: boolean;\r\n groupId?: number | null;\r\n adminAccess?: boolean;\r\n group?: {\r\n name?: string;\r\n permissions?: Array<{\r\n entity: string;\r\n canCreate: boolean;\r\n canRead: boolean;\r\n canUpdate: boolean;\r\n canDelete: boolean;\r\n }>;\r\n };\r\n}\r\n\r\nexport interface AuthorizeOtpInput {\r\n identifier: string;\r\n channel: 'email' | 'sms';\r\n code: string;\r\n}\r\n\r\nexport interface NextAuthOptionsConfig {\r\n /** Resolve user by email (e.g. from TypeORM). Return null if not found. */\r\n getUserByEmail: (email: string) => Promise<NextAuthUser | null>;\r\n comparePassword: (plain: string, hash: string) => Promise<boolean>;\r\n signInPage?: string;\r\n secret?: string;\r\n extend?: (options: NextAuthOptions) => NextAuthOptions;\r\n /** When false, password CredentialsProvider is omitted. Default true. */\r\n enablePasswordLogin?: boolean;\r\n /** When true, registers CredentialsProvider id `otp`. Requires authorizeOtp. Default false. */\r\n enableOtpLogin?: boolean;\r\n /** Validate OTP and return user (same shape as password flow) or null. */\r\n authorizeOtp?: (input: AuthorizeOtpInput) => Promise<NextAuthUser | null>;\r\n}\r\n\r\nfunction sessionUserFromNextAuthUser(user: NextAuthUser) {\r\n const g = user.group;\r\n const isRBACAdmin = isSuperAdminGroupName(g?.name);\r\n const entityPerms = permissionRowsToRecord(g?.permissions);\r\n const adminAccess = (user as NextAuthUser & { adminAccess?: boolean }).adminAccess === true;\r\n return {\r\n id: user.id.toString(),\r\n email: user.email,\r\n name: user.name,\r\n groupId: user.groupId ?? undefined,\r\n isRBACAdmin,\r\n entityPerms,\r\n adminAccess,\r\n };\r\n}\r\n\r\nexport function getNextAuthOptions(config: NextAuthOptionsConfig): NextAuthOptions {\r\n const {\r\n getUserByEmail,\r\n comparePassword,\r\n signInPage = '/admin/signin',\r\n secret,\r\n extend,\r\n enablePasswordLogin = true,\r\n enableOtpLogin = false,\r\n authorizeOtp,\r\n } = config;\r\n\r\n const providers: NextAuthOptions['providers'] = [];\r\n\r\n if (enablePasswordLogin) {\r\n providers.push(\r\n CredentialsProvider({\r\n name: 'credentials',\r\n credentials: {\r\n email: { label: 'Email', type: 'email' },\r\n password: { label: 'Password', type: 'password' },\r\n },\r\n async authorize(credentials) {\r\n if (!credentials?.email || !credentials?.password) return null;\r\n try {\r\n const user = await getUserByEmail(credentials.email);\r\n if (!user || user.blocked || (user as { deleted?: boolean }).deleted || !user.password) return null;\r\n const valid = await comparePassword(credentials.password, user.password);\r\n if (!valid) return null;\r\n return sessionUserFromNextAuthUser(user);\r\n } catch {\r\n return null;\r\n }\r\n },\r\n })\r\n );\r\n }\r\n\r\n if (enableOtpLogin && authorizeOtp) {\r\n providers.push(\r\n CredentialsProvider({\r\n id: 'otp',\r\n name: 'otp',\r\n credentials: {\r\n identifier: { label: 'Email or phone', type: 'text' },\r\n code: { label: 'Code', type: 'text' },\r\n channel: { label: 'Channel', type: 'text' },\r\n },\r\n async authorize(credentials) {\r\n const identifier = typeof credentials?.identifier === 'string' ? credentials.identifier.trim() : '';\r\n const code = typeof credentials?.code === 'string' ? credentials.code.trim() : '';\r\n const ch = credentials?.channel === 'sms' ? 'sms' : 'email';\r\n if (!identifier || !code) return null;\r\n try {\r\n const user = await authorizeOtp({ identifier, channel: ch, code });\r\n if (!user || user.blocked || (user as { deleted?: boolean }).deleted) return null;\r\n return sessionUserFromNextAuthUser(user);\r\n } catch {\r\n return null;\r\n }\r\n },\r\n })\r\n );\r\n }\r\n\r\n const options: NextAuthOptions = {\r\n secret: secret ?? process.env.NEXTAUTH_SECRET,\r\n providers,\r\n session: { strategy: 'jwt' },\r\n pages: { signIn: signInPage },\r\n cookies: {\r\n sessionToken: {\r\n name: process.env.NEXTAUTH_URL?.startsWith('https')\r\n ? '__Secure-next-auth.session-token'\r\n : 'next-auth.session-token',\r\n options: {\r\n httpOnly: true,\r\n sameSite: 'lax',\r\n path: '/',\r\n secure: process.env.NEXTAUTH_URL?.startsWith('https') ?? false,\r\n },\r\n },\r\n },\r\n callbacks: {\r\n async jwt({ token, user, trigger, session }) {\r\n if (user) {\r\n const u = user as unknown as Record<string, unknown>;\r\n (token as Record<string, unknown>).id = u.id;\r\n (token as Record<string, unknown>).groupId = u.groupId;\r\n (token as Record<string, unknown>).isRBACAdmin = u.isRBACAdmin;\r\n (token as Record<string, unknown>).entityPerms = u.entityPerms;\r\n (token as Record<string, unknown>).adminAccess = u.adminAccess;\r\n }\r\n if (trigger === 'update' && session && typeof session === 'object') {\r\n const s = session as Record<string, unknown>;\r\n const t = token as Record<string, unknown>;\r\n if (typeof s.name === 'string') t.name = s.name;\r\n if (typeof s.email === 'string') t.email = s.email;\r\n }\r\n return token;\r\n },\r\n async session({ session, token }) {\r\n if (session.user) {\r\n const t = token as Record<string, unknown>;\r\n if (typeof t.name === 'string') session.user.name = t.name;\r\n if (typeof t.email === 'string') session.user.email = t.email;\r\n (session.user as Record<string, unknown>).id = t.id;\r\n (session.user as Record<string, unknown>).groupId = t.groupId;\r\n (session.user as Record<string, unknown>).isRBACAdmin = t.isRBACAdmin;\r\n (session.user as Record<string, unknown>).entityPerms = t.entityPerms;\r\n (session.user as Record<string, unknown>).adminAccess = t.adminAccess;\r\n }\r\n return session;\r\n },\r\n },\r\n };\r\n\r\n return extend ? extend(options) : options;\r\n}\r\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;;;ACCO,IAAM,qCAAqC,oBAAI,IAAI;AAAA,EACxD;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAGM,IAAM,8BAA8B;AAAA,EACzC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAGO,IAAM,mBAAmB;AAGzB,SAAS,sBAAsB,MAA0C;AAC9E,SAAO,SAAS;AAClB;AAMO,SAAS,4BAA4B,WAA8C;AACxF,QAAM,UAAU,OAAO,KAAK,SAAS,EAAE,OAAO,CAAC,MAAM,CAAC,mCAAmC,IAAI,CAAC,CAAC;AAC/F,QAAM,UAAU,4BAA4B,OAAO,CAAC,MAAM,CAAC,QAAQ,SAAS,CAAC,CAAC;AAC9E,SAAO,CAAC,GAAG,QAAQ,KAAK,GAAG,GAAG,OAAO,EAAE,OAAO,CAAC,GAAG,GAAG,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC;AAC/E;AAEO,SAAS,uBACd,MACuC;AACvC,QAAM,MAA6C,CAAC;AACpD,MAAI,CAAC,MAAM,OAAQ,QAAO;AAC1B,aAAW,KAAK,MAAM;AACpB,QAAI,EAAE,MAAM,IAAI;AAAA,MACd,GAAG,CAAC,CAAC,EAAE;AAAA,MACP,GAAG,CAAC,CAAC,EAAE;AAAA,MACP,GAAG,CAAC,CAAC,EAAE;AAAA,MACP,GAAG,CAAC,CAAC,EAAE;AAAA,IACT;AAAA,EACF;AACA,SAAO;AACT;AAEO,SAAS,oBACd,QACA,QACA,QACS;AACT,QAAM,IAAI,SAAS,MAAM;AACzB,MAAI,CAAC,EAAG,QAAO;AACf,MAAI,WAAW,SAAU,QAAO,EAAE;AAClC,MAAI,WAAW,OAAQ,QAAO,EAAE;AAChC,MAAI,WAAW,SAAU,QAAO,EAAE;AAClC,SAAO,EAAE;AACX;;;ACtEO,IAAM,2BAA2B,oBAAI,IAAI,CAAC,SAAS,eAAe,aAAa,CAAC;AAgBhF,SAAS,uBACd,MACA,QACA,QACS;AACT,MAAI,CAAC,MAAM,MAAO,QAAO;AACzB,MAAI,KAAK,eAAe,yBAAyB,IAAI,MAAM,EAAG,QAAO;AACrE,SAAO,oBAAoB,KAAK,aAAa,QAAQ,MAAM;AAC7D;AAEO,SAAS,eAAe,MAA+C;AAC5E,SAAO,CAAC,EAAE,MAAM,SAAS,KAAK;AAChC;AAIO,IAAM,iBAAkD;AAAA,EAC7D,EAAE,iBAAiB,CAAC,MAAM,EAAE;AAAA,EAC5B,EAAE,yBAAyB,CAAC,MAAM,EAAE;AAAA,EACpC,EAAE,cAAc,CAAC,KAAK,EAAE;AAC1B;AAEO,IAAM,gCAA0D,CAAC;AAEjE,SAAS,eAAe,UAA2B;AACxD,SAAO,eAAe,KAAK,CAAC,aAAa,SAAS,WAAW,OAAO,KAAK,QAAQ,EAAE,CAAC,CAAC,CAAC;AACxF;AAEO,SAAS,sBAAsB,UAAmC;AACvE,SAAO;AACT;AAEO,SAAS,eAAe,UAAkB,QAAyB;AACxE,aAAW,YAAY,gBAAgB;AACrC,UAAM,MAAM,OAAO,KAAK,QAAQ,EAAE,CAAC;AACnC,QAAI,SAAS,WAAW,GAAG,KAAK,SAAS,GAAG,EAAE,SAAS,MAAM,EAAG,QAAO;AAAA,EACzE;AACA,SAAO;AACT;AAUO,SAAS,kBAAkB,YAAwB,cAA8F;AACtJ,SAAO;AAAA,IACL,MAAM,cAAc;AAClB,YAAM,UAAU,MAAM,WAAW;AACjC,UAAI,CAAC,SAAS,MAAM,OAAO;AACzB,eAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MACrE;AACA,aAAO;AAAA,IACT;AAAA,IACA,MAAM,oBAAoB;AACxB,YAAM,UAAU,MAAM,WAAW;AACjC,UAAI,CAAC,SAAS,MAAM,OAAO;AACzB,eAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MACrE;AACA,aAAO;AAAA,IACT;AAAA,IACA,MAAM,wBAAwB,MAAe,QAAgB,QAA0B;AACrF,YAAM,UAAU,MAAM,WAAW;AACjC,UAAI,CAAC,SAAS,MAAM,OAAO;AACzB,eAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MACrE;AACA,YAAM,IAAI,QAAQ;AAClB,UAAI,uBAAuB,GAAG,QAAQ,MAAM,EAAG,QAAO;AACtD,aAAO,aAAa,KAAK,EAAE,OAAO,aAAa,QAAQ,OAAO,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAClF;AAAA,IACA,MAAM,qBAAqB;AACzB,YAAM,UAAU,MAAM,WAAW;AACjC,UAAI,CAAC,SAAS,MAAM,OAAO;AACzB,eAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MACrE;AACA,YAAM,IAAI,QAAQ;AAClB,UAAI,EAAE,YAAa,QAAO;AAC1B,UAAI,EAAE,gBAAgB,MAAO,QAAO,aAAa,KAAK,EAAE,OAAO,aAAa,QAAQ,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AACrH,aAAO;AAAA,IACT;AAAA,IACA,MAAM,uBAAuB;AAC3B,YAAM,UAAU,MAAM,WAAW;AACjC,aAAQ,SAAS,QAAwB;AAAA,IAC3C;AAAA,EACF;AACF;;;ACnGA,eAAsB,6BACpB,YACA,WACe;AACf,QAAM,WAAW,4BAA4B,SAAS;AACtD,QAAM,YAAY,WAAW,cAAc,UAAU,WAA0C;AAC/F,QAAM,WAAW,WAAW,cAAc,UAAU,WAA0C;AAE9F,QAAM,aAAa,MAAM,UAAU,QAAQ,EAAE,OAAO,EAAE,MAAM,kBAAkB,SAAS,MAAM,EAAE,CAAC;AAChG,MAAI,CAAC,WAAY;AAEjB,QAAM,WAAW,EAAE,WAAW,MAAM,SAAS,MAAM,WAAW,MAAM,WAAW,KAAK;AAEpF,aAAW,UAAU,UAAU;AAC7B,UAAM,WAAW,MAAM,SAAS,QAAQ;AAAA,MACtC,OAAO,EAAE,SAAS,WAAW,IAAI,OAAO;AAAA,IAC1C,CAAC;AACD,QAAI,UAAU;AACZ,eAAS,YAAY;AACrB,eAAS,UAAU;AACnB,eAAS,YAAY;AACrB,eAAS,YAAY;AACrB,YAAM,SAAS,KAAK,QAAQ;AAAA,IAC9B,OAAO;AACL,YAAM,SAAS;AAAA,QACb,SAAS,OAAO;AAAA,UACd,SAAS,WAAW;AAAA,UACpB;AAAA,UACA,GAAG;AAAA,QACL,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AACF;;;AChCO,IAAM,0BAAoD;AAAA,EAC/D,iBAAiB,CAAC,MAAM;AAAA,EACxB,yBAAyB,CAAC,MAAM;AAAA,EAChC,cAAc,CAAC,KAAK;AAAA,EACpB,cAAc,CAAC,KAAK;AAAA,EACpB,aAAa,CAAC,OAAO,MAAM;AAAA,EAC3B,eAAe,CAAC,KAAK;AAAA,EACrB,8BAA8B,CAAC,MAAM;AAAA,EACrC,2BAA2B,CAAC,MAAM;AAAA,EAClC,qBAAqB,CAAC,MAAM;AAC9B;AAEA,SAAS,uBAAuB,SAAqG;AACnI,SACE,QAAQ,QAAQ,IAAI,kCAAkC,GAAG,SACzD,QAAQ,QAAQ,IAAI,yBAAyB,GAAG;AAEpD;AAEA,SAASA,gBAAe,UAAkB,QAAgB,kBAAqD;AAC7G,aAAW,CAAC,UAAU,OAAO,KAAK,OAAO,QAAQ,gBAAgB,GAAG;AAClE,QAAI,SAAS,WAAW,QAAQ,KAAK,QAAQ,SAAS,MAAM,EAAG,QAAO;AAAA,EACxE;AACA,SAAO;AACT;AAQO,SAAS,oBAAoB,SAA8B,CAAC,GAAG;AACpE,QAAM;AAAA,IACJ,mBAAmB,CAAC,iBAAiB,0BAA0B,yBAAyB,eAAe;AAAA,IACvG,mBAAmB;AAAA,IACnB,aAAa;AAAA,IACb,kBAAkB;AAAA,EACpB,IAAI;AAEJ,SAAO,SAAS,cAAc,SAK6E;AACzG,UAAM,WAAW,QAAQ,QAAQ;AACjC,UAAM,SAAS,QAAQ;AAEvB,QAAI,iBAAiB,KAAK,CAAC,MAAM,aAAa,KAAK,SAAS,WAAW,IAAI,GAAG,CAAC,GAAG;AAChF,aAAO,EAAE,MAAM,OAAO;AAAA,IACxB;AAEA,QAAI,SAAS,WAAW,QAAQ,GAAG;AACjC,YAAM,QAAQ,gBAAgB,OAAO;AACrC,UAAI,CAAC,OAAO;AACV,eAAO,EAAE,MAAM,YAAY,KAAK,IAAI,IAAI,YAAY,QAAQ,GAAG,EAAE,SAAS,EAAE;AAAA,MAC9E;AAAA,IACF;AAEA,QAAI,SAAS,WAAW,MAAM,GAAG;AAC/B,UAAIA,gBAAe,UAAU,QAAQ,gBAAgB,GAAG;AACtD,eAAO,EAAE,MAAM,OAAO;AAAA,MACxB;AACA,YAAM,QAAQ,gBAAgB,OAAO;AACrC,UAAI,CAAC,OAAO;AACV,eAAO,EAAE,MAAM,QAAQ,QAAQ,KAAK,MAAM,EAAE,OAAO,eAAe,EAAE;AAAA,MACtE;AAAA,IACF;AAEA,WAAO,EAAE,MAAM,OAAO;AAAA,EACxB;AACF;;;AC9EA,yBAAiC;AACjC,IAAM,sBAAuB,mBAAAC,QAA6E,WAAW,mBAAAA;AA6CrH,SAAS,4BAA4B,MAAoB;AACvD,QAAM,IAAI,KAAK;AACf,QAAM,cAAc,sBAAsB,GAAG,IAAI;AACjD,QAAM,cAAc,uBAAuB,GAAG,WAAW;AACzD,QAAM,cAAe,KAAkD,gBAAgB;AACvF,SAAO;AAAA,IACL,IAAI,KAAK,GAAG,SAAS;AAAA,IACrB,OAAO,KAAK;AAAA,IACZ,MAAM,KAAK;AAAA,IACX,SAAS,KAAK,WAAW;AAAA,IACzB;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAEO,SAAS,mBAAmB,QAAgD;AACjF,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA,aAAa;AAAA,IACb;AAAA,IACA;AAAA,IACA,sBAAsB;AAAA,IACtB,iBAAiB;AAAA,IACjB;AAAA,EACF,IAAI;AAEJ,QAAM,YAA0C,CAAC;AAEjD,MAAI,qBAAqB;AACvB,cAAU;AAAA,MACR,oBAAoB;AAAA,QAClB,MAAM;AAAA,QACN,aAAa;AAAA,UACX,OAAO,EAAE,OAAO,SAAS,MAAM,QAAQ;AAAA,UACvC,UAAU,EAAE,OAAO,YAAY,MAAM,WAAW;AAAA,QAClD;AAAA,QACA,MAAM,UAAU,aAAa;AAC3B,cAAI,CAAC,aAAa,SAAS,CAAC,aAAa,SAAU,QAAO;AAC1D,cAAI;AACF,kBAAM,OAAO,MAAM,eAAe,YAAY,KAAK;AACnD,gBAAI,CAAC,QAAQ,KAAK,WAAY,KAA+B,WAAW,CAAC,KAAK,SAAU,QAAO;AAC/F,kBAAM,QAAQ,MAAM,gBAAgB,YAAY,UAAU,KAAK,QAAQ;AACvE,gBAAI,CAAC,MAAO,QAAO;AACnB,mBAAO,4BAA4B,IAAI;AAAA,UACzC,QAAQ;AACN,mBAAO;AAAA,UACT;AAAA,QACF;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAEA,MAAI,kBAAkB,cAAc;AAClC,cAAU;AAAA,MACR,oBAAoB;AAAA,QAClB,IAAI;AAAA,QACJ,MAAM;AAAA,QACN,aAAa;AAAA,UACX,YAAY,EAAE,OAAO,kBAAkB,MAAM,OAAO;AAAA,UACpD,MAAM,EAAE,OAAO,QAAQ,MAAM,OAAO;AAAA,UACpC,SAAS,EAAE,OAAO,WAAW,MAAM,OAAO;AAAA,QAC5C;AAAA,QACA,MAAM,UAAU,aAAa;AAC3B,gBAAM,aAAa,OAAO,aAAa,eAAe,WAAW,YAAY,WAAW,KAAK,IAAI;AACjG,gBAAM,OAAO,OAAO,aAAa,SAAS,WAAW,YAAY,KAAK,KAAK,IAAI;AAC/E,gBAAM,KAAK,aAAa,YAAY,QAAQ,QAAQ;AACpD,cAAI,CAAC,cAAc,CAAC,KAAM,QAAO;AACjC,cAAI;AACF,kBAAM,OAAO,MAAM,aAAa,EAAE,YAAY,SAAS,IAAI,KAAK,CAAC;AACjE,gBAAI,CAAC,QAAQ,KAAK,WAAY,KAA+B,QAAS,QAAO;AAC7E,mBAAO,4BAA4B,IAAI;AAAA,UACzC,QAAQ;AACN,mBAAO;AAAA,UACT;AAAA,QACF;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAEA,QAAM,UAA2B;AAAA,IAC/B,QAAQ,UAAU,QAAQ,IAAI;AAAA,IAC9B;AAAA,IACA,SAAS,EAAE,UAAU,MAAM;AAAA,IAC3B,OAAO,EAAE,QAAQ,WAAW;AAAA,IAC5B,SAAS;AAAA,MACP,cAAc;AAAA,QACZ,MAAM,QAAQ,IAAI,cAAc,WAAW,OAAO,IAC9C,qCACA;AAAA,QACJ,SAAS;AAAA,UACP,UAAU;AAAA,UACV,UAAU;AAAA,UACV,MAAM;AAAA,UACN,QAAQ,QAAQ,IAAI,cAAc,WAAW,OAAO,KAAK;AAAA,QAC3D;AAAA,MACF;AAAA,IACF;AAAA,IACA,WAAW;AAAA,MACT,MAAM,IAAI,EAAE,OAAO,MAAM,SAAS,QAAQ,GAAG;AAC3C,YAAI,MAAM;AACR,gBAAM,IAAI;AACV,UAAC,MAAkC,KAAK,EAAE;AAC1C,UAAC,MAAkC,UAAU,EAAE;AAC/C,UAAC,MAAkC,cAAc,EAAE;AACnD,UAAC,MAAkC,cAAc,EAAE;AACnD,UAAC,MAAkC,cAAc,EAAE;AAAA,QACrD;AACA,YAAI,YAAY,YAAY,WAAW,OAAO,YAAY,UAAU;AAClE,gBAAM,IAAI;AACV,gBAAM,IAAI;AACV,cAAI,OAAO,EAAE,SAAS,SAAU,GAAE,OAAO,EAAE;AAC3C,cAAI,OAAO,EAAE,UAAU,SAAU,GAAE,QAAQ,EAAE;AAAA,QAC/C;AACA,eAAO;AAAA,MACT;AAAA,MACA,MAAM,QAAQ,EAAE,SAAS,MAAM,GAAG;AAChC,YAAI,QAAQ,MAAM;AAChB,gBAAM,IAAI;AACV,cAAI,OAAO,EAAE,SAAS,SAAU,SAAQ,KAAK,OAAO,EAAE;AACtD,cAAI,OAAO,EAAE,UAAU,SAAU,SAAQ,KAAK,QAAQ,EAAE;AACxD,UAAC,QAAQ,KAAiC,KAAK,EAAE;AACjD,UAAC,QAAQ,KAAiC,UAAU,EAAE;AACtD,UAAC,QAAQ,KAAiC,cAAc,EAAE;AAC1D,UAAC,QAAQ,KAAiC,cAAc,EAAE;AAC1D,UAAC,QAAQ,KAAiC,cAAc,EAAE;AAAA,QAC5D;AACA,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAEA,SAAO,SAAS,OAAO,OAAO,IAAI;AACpC;","names":["isPublicMethod","_CredentialsProvider"]}
package/dist/auth.js CHANGED
@@ -305,7 +305,7 @@ function getNextAuthOptions(config) {
305
305
  }
306
306
  },
307
307
  callbacks: {
308
- async jwt({ token, user }) {
308
+ async jwt({ token, user, trigger, session }) {
309
309
  if (user) {
310
310
  const u = user;
311
311
  token.id = u.id;
@@ -314,11 +314,19 @@ function getNextAuthOptions(config) {
314
314
  token.entityPerms = u.entityPerms;
315
315
  token.adminAccess = u.adminAccess;
316
316
  }
317
+ if (trigger === "update" && session && typeof session === "object") {
318
+ const s = session;
319
+ const t = token;
320
+ if (typeof s.name === "string") t.name = s.name;
321
+ if (typeof s.email === "string") t.email = s.email;
322
+ }
317
323
  return token;
318
324
  },
319
325
  async session({ session, token }) {
320
326
  if (session.user) {
321
327
  const t = token;
328
+ if (typeof t.name === "string") session.user.name = t.name;
329
+ if (typeof t.email === "string") session.user.email = t.email;
322
330
  session.user.id = t.id;
323
331
  session.user.groupId = t.groupId;
324
332
  session.user.isRBACAdmin = t.isRBACAdmin;
package/dist/auth.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/auth/permission-entities.ts","../src/auth/helpers.ts","../src/auth/seed-permissions.ts","../src/auth/middleware.ts","../src/auth/nextauth-options.ts"],"sourcesContent":["/** API resource keys excluded from the permission matrix (internal / not admin-CRUD). */\r\nexport const PERMISSION_ENTITY_INTERNAL_EXCLUDE = new Set([\r\n 'users',\r\n 'password_reset_tokens',\r\n 'user_groups',\r\n 'permissions',\r\n 'comments',\r\n 'form_fields',\r\n 'configs',\r\n 'knowledge_base_chunks',\r\n 'carts',\r\n 'cart_items',\r\n 'wishlists',\r\n 'wishlist_items',\r\n 'message_templates',\r\n]);\r\n\r\n/** Non-CRUD admin surfaces mapped to entity keys for RBAC. */\r\nexport const PERMISSION_LOGICAL_ENTITIES = [\r\n 'users',\r\n 'forms',\r\n 'form_submissions',\r\n 'dashboard',\r\n 'upload',\r\n 'settings',\r\n 'analytics',\r\n 'chat',\r\n] as const;\r\n\r\n/** Canonical name for new installs / migrations */\r\nexport const ADMIN_GROUP_NAME = 'Administrator';\r\n\r\n/** System administrator group (roles UI + users / user_groups / permissions bypass). */\r\nexport function isSuperAdminGroupName(name: string | null | undefined): boolean {\r\n return name === ADMIN_GROUP_NAME;\r\n}\r\n\r\nexport type EntityCrudAction = 'create' | 'read' | 'update' | 'delete';\r\n\r\nexport type EntityPermissionFlags = { c: boolean; r: boolean; u: boolean; d: boolean };\r\n\r\nexport function getPermissionableEntityKeys(entityMap: Record<string, unknown>): string[] {\r\n const fromMap = Object.keys(entityMap).filter((k) => !PERMISSION_ENTITY_INTERNAL_EXCLUDE.has(k));\r\n const logical = PERMISSION_LOGICAL_ENTITIES.filter((k) => !fromMap.includes(k));\r\n return [...fromMap.sort(), ...logical].filter((k, i, a) => a.indexOf(k) === i);\r\n}\r\n\r\nexport function permissionRowsToRecord(\r\n rows: Array<{ entity: string; canCreate: boolean; canRead: boolean; canUpdate: boolean; canDelete: boolean }> | undefined\r\n): Record<string, EntityPermissionFlags> {\r\n const out: Record<string, EntityPermissionFlags> = {};\r\n if (!rows?.length) return out;\r\n for (const p of rows) {\r\n out[p.entity] = {\r\n c: !!p.canCreate,\r\n r: !!p.canRead,\r\n u: !!p.canUpdate,\r\n d: !!p.canDelete,\r\n };\r\n }\r\n return out;\r\n}\r\n\r\nexport function hasEntityPermission(\r\n record: Record<string, EntityPermissionFlags> | undefined,\r\n entity: string,\r\n action: EntityCrudAction\r\n): boolean {\r\n const p = record?.[entity];\r\n if (!p) return false;\r\n if (action === 'create') return p.c;\r\n if (action === 'read') return p.r;\r\n if (action === 'update') return p.u;\r\n return p.d;\r\n}\r\n","import type { EntityCrudAction, EntityPermissionFlags } from './permission-entities';\r\nimport { hasEntityPermission } from './permission-entities';\r\n\r\n/** isRBACAdmin bypasses entity checks only for these (users / roles plumbing). */\r\nexport const RBAC_ADMIN_ONLY_ENTITIES = new Set(['users', 'user_groups', 'permissions']);\r\n\r\nexport interface SessionUser {\r\n id?: string;\r\n email?: string | null;\r\n name?: string | null;\r\n groupId?: number;\r\n /** @deprecated use entityPerms / isRBACAdmin */\r\n permissions?: string[];\r\n /** Administrator group: full access only for users, user_groups, permissions */\r\n isRBACAdmin?: boolean;\r\n entityPerms?: Record<string, EntityPermissionFlags>;\r\n /** When false and not isRBACAdmin, admin API/UI is denied. */\r\n adminAccess?: boolean;\r\n}\r\n\r\nexport function sessionHasEntityAccess(\r\n user: SessionUser | null | undefined,\r\n entity: string,\r\n action: EntityCrudAction\r\n): boolean {\r\n if (!user?.email) return false;\r\n if (user.isRBACAdmin && RBAC_ADMIN_ONLY_ENTITIES.has(entity)) return true;\r\n return hasEntityPermission(user.entityPerms, entity, action);\r\n}\r\n\r\nexport function canManageRoles(user: SessionUser | null | undefined): boolean {\r\n return !!(user?.email && user.isRBACAdmin);\r\n}\r\n\r\nexport type GetSession = () => Promise<{ user?: SessionUser } | null>;\r\n\r\nexport const OPEN_ENDPOINTS: Array<Record<string, string[]>> = [\r\n { '/api/contacts': ['POST'] },\r\n { '/api/form-submissions': ['POST'] },\r\n { '/api/blogs': ['GET'] },\r\n];\r\n\r\nexport const PERMISSION_REQUIRED_ENDPOINTS: Record<string, string[]> = {};\r\n\r\nexport function isOpenEndpoint(pathname: string): boolean {\r\n return OPEN_ENDPOINTS.some((endpoint) => pathname.startsWith(Object.keys(endpoint)[0]));\r\n}\r\n\r\nexport function getRequiredPermission(pathname: string): string[] | null {\r\n return null;\r\n}\r\n\r\nexport function isPublicMethod(pathname: string, method: string): boolean {\r\n for (const endpoint of OPEN_ENDPOINTS) {\r\n const key = Object.keys(endpoint)[0];\r\n if (pathname.startsWith(key) && endpoint[key].includes(method)) return true;\r\n }\r\n return false;\r\n}\r\n\r\nexport interface AuthHelpers {\r\n requireAuth(req: Request): Promise<Response | null>;\r\n requirePermission(req: Request, permission: string): Promise<Response | null>;\r\n requireEntityPermission(req: Request, entity: string, action: EntityCrudAction): Promise<Response | null>;\r\n requireAdminAccess(req: Request): Promise<Response | null>;\r\n getAuthenticatedUser(): Promise<SessionUser | null>;\r\n}\r\n\r\nexport function createAuthHelpers(getSession: GetSession, NextResponse: { json: (body: unknown, init?: { status?: number }) => Response }): AuthHelpers {\r\n return {\r\n async requireAuth() {\r\n const session = await getSession();\r\n if (!session?.user?.email) {\r\n return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });\r\n }\r\n return null;\r\n },\r\n async requirePermission() {\r\n const session = await getSession();\r\n if (!session?.user?.email) {\r\n return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });\r\n }\r\n return null;\r\n },\r\n async requireEntityPermission(_req: Request, entity: string, action: EntityCrudAction) {\r\n const session = await getSession();\r\n if (!session?.user?.email) {\r\n return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });\r\n }\r\n const u = session.user as SessionUser;\r\n if (sessionHasEntityAccess(u, entity, action)) return null;\r\n return NextResponse.json({ error: 'Forbidden', entity, action }, { status: 403 });\r\n },\r\n async requireAdminAccess() {\r\n const session = await getSession();\r\n if (!session?.user?.email) {\r\n return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });\r\n }\r\n const u = session.user as SessionUser;\r\n if (u.isRBACAdmin) return null;\r\n if (u.adminAccess === false) return NextResponse.json({ error: 'Forbidden', reason: 'admin_access' }, { status: 403 });\r\n return null;\r\n },\r\n async getAuthenticatedUser() {\r\n const session = await getSession();\r\n return (session?.user as SessionUser) ?? null;\r\n },\r\n };\r\n}\r\n","import type { DataSource } from 'typeorm';\r\nimport type { EntityTarget } from 'typeorm';\r\nimport type { ObjectLiteral } from 'typeorm';\r\nimport { getPermissionableEntityKeys, ADMIN_GROUP_NAME } from './permission-entities';\r\n\r\n/**\r\n * Ensures the Administrator group has full CRUD on every permissionable entity\r\n * for the given entity map. Idempotent: upserts per entity.\r\n */\r\nexport async function seedAdministratorPermissions(\r\n dataSource: DataSource,\r\n entityMap: Record<string, unknown>\r\n): Promise<void> {\r\n const entities = getPermissionableEntityKeys(entityMap);\r\n const groupRepo = dataSource.getRepository(entityMap.user_groups as EntityTarget<ObjectLiteral>);\r\n const permRepo = dataSource.getRepository(entityMap.permissions as EntityTarget<ObjectLiteral>);\r\n\r\n const adminGroup = await groupRepo.findOne({ where: { name: ADMIN_GROUP_NAME, deleted: false } });\r\n if (!adminGroup) return;\r\n\r\n const fullCrud = { canCreate: true, canRead: true, canUpdate: true, canDelete: true };\r\n\r\n for (const entity of entities) {\r\n const existing = await permRepo.findOne({\r\n where: { groupId: adminGroup.id, entity },\r\n });\r\n if (existing) {\r\n existing.canCreate = true;\r\n existing.canRead = true;\r\n existing.canUpdate = true;\r\n existing.canDelete = true;\r\n await permRepo.save(existing);\r\n } else {\r\n await permRepo.save(\r\n permRepo.create({\r\n groupId: adminGroup.id,\r\n entity,\r\n ...fullCrud,\r\n })\r\n );\r\n }\r\n }\r\n}\r\n","export interface CmsMiddlewareConfig {\r\n publicAdminPaths?: string[];\r\n publicApiPaths?: string[];\r\n /** path -> allowed methods */\r\n publicApiMethods?: Record<string, string[]>;\r\n signInPath?: string;\r\n getSessionToken?: (request: { cookies: { get: (name: string) => { value?: string } | undefined } }) => string | undefined;\r\n}\r\n\r\n/** Default public API paths (no auth). Sites should extend this with their own routes. */\r\nexport const defaultPublicApiMethods: Record<string, string[]> = {\r\n '/api/contacts': ['POST'],\r\n '/api/form-submissions': ['POST'],\r\n '/api/blogs': ['GET'],\r\n '/api/forms': ['GET'],\r\n '/api/auth': ['GET', 'POST'],\r\n '/api/health': ['GET'],\r\n '/api/users/forgot-password': ['POST'],\r\n '/api/users/set-password': ['POST'],\r\n '/api/users/invite': ['POST'],\r\n};\r\n\r\nfunction defaultGetSessionToken(request: { cookies: { get: (name: string) => { value?: string } | undefined } }): string | undefined {\r\n return (\r\n request.cookies.get('__Secure-next-auth.session-token')?.value ??\r\n request.cookies.get('next-auth.session-token')?.value\r\n );\r\n}\r\n\r\nfunction isPublicMethod(pathname: string, method: string, publicApiMethods: Record<string, string[]>): boolean {\r\n for (const [endpoint, methods] of Object.entries(publicApiMethods)) {\r\n if (pathname.startsWith(endpoint) && methods.includes(method)) return true;\r\n }\r\n return false;\r\n}\r\n\r\n/**\r\n * Returns middleware logic. Use from Next.js middleware:\r\n * import { createCmsMiddleware } from '@infuro/cms-core';\r\n * export const middleware = createCmsMiddleware({ ... });\r\n * export const config = { matcher: ['/admin/:path*', '/api/:path*'] };\r\n */\r\nexport function createCmsMiddleware(config: CmsMiddlewareConfig = {}) {\r\n const {\r\n publicAdminPaths = ['/admin/signin', '/admin/forgot-password', '/admin/reset-password', '/admin/invite'],\r\n publicApiMethods = defaultPublicApiMethods,\r\n signInPath = '/admin/signin',\r\n getSessionToken = defaultGetSessionToken,\r\n } = config;\r\n\r\n return function cmsMiddleware(request: {\r\n nextUrl: { pathname: string };\r\n url: string;\r\n method: string;\r\n cookies: { get: (name: string) => { value?: string } | undefined };\r\n }): { type: 'next' } | { type: 'redirect'; url: string } | { type: 'json'; status: number; body: unknown } {\r\n const pathname = request.nextUrl.pathname;\r\n const method = request.method;\r\n\r\n if (publicAdminPaths.some((p) => pathname === p || pathname.startsWith(p + '/'))) {\r\n return { type: 'next' };\r\n }\r\n\r\n if (pathname.startsWith('/admin')) {\r\n const token = getSessionToken(request);\r\n if (!token) {\r\n return { type: 'redirect', url: new URL(signInPath, request.url).toString() };\r\n }\r\n }\r\n\r\n if (pathname.startsWith('/api')) {\r\n if (isPublicMethod(pathname, method, publicApiMethods)) {\r\n return { type: 'next' };\r\n }\r\n const token = getSessionToken(request);\r\n if (!token) {\r\n return { type: 'json', status: 401, body: { error: 'Unauthorized' } };\r\n }\r\n }\r\n\r\n return { type: 'next' };\r\n };\r\n}\r\n","/**\r\n * Build NextAuth options for credentials auth. App can extend/override via extend().\r\n */\r\nimport type { NextAuthOptions } from 'next-auth';\r\nimport _CredentialsProvider from 'next-auth/providers/credentials';\r\nconst CredentialsProvider = (_CredentialsProvider as unknown as { default: typeof _CredentialsProvider }).default ?? _CredentialsProvider;\r\nimport { isSuperAdminGroupName, permissionRowsToRecord } from './permission-entities';\r\n\r\nexport interface NextAuthUser {\r\n id: number;\r\n email: string;\r\n name: string | null;\r\n password: string | null;\r\n blocked?: boolean;\r\n deleted?: boolean;\r\n groupId?: number | null;\r\n adminAccess?: boolean;\r\n group?: {\r\n name?: string;\r\n permissions?: Array<{\r\n entity: string;\r\n canCreate: boolean;\r\n canRead: boolean;\r\n canUpdate: boolean;\r\n canDelete: boolean;\r\n }>;\r\n };\r\n}\r\n\r\nexport interface AuthorizeOtpInput {\r\n identifier: string;\r\n channel: 'email' | 'sms';\r\n code: string;\r\n}\r\n\r\nexport interface NextAuthOptionsConfig {\r\n /** Resolve user by email (e.g. from TypeORM). Return null if not found. */\r\n getUserByEmail: (email: string) => Promise<NextAuthUser | null>;\r\n comparePassword: (plain: string, hash: string) => Promise<boolean>;\r\n signInPage?: string;\r\n secret?: string;\r\n extend?: (options: NextAuthOptions) => NextAuthOptions;\r\n /** When false, password CredentialsProvider is omitted. Default true. */\r\n enablePasswordLogin?: boolean;\r\n /** When true, registers CredentialsProvider id `otp`. Requires authorizeOtp. Default false. */\r\n enableOtpLogin?: boolean;\r\n /** Validate OTP and return user (same shape as password flow) or null. */\r\n authorizeOtp?: (input: AuthorizeOtpInput) => Promise<NextAuthUser | null>;\r\n}\r\n\r\nfunction sessionUserFromNextAuthUser(user: NextAuthUser) {\r\n const g = user.group;\r\n const isRBACAdmin = isSuperAdminGroupName(g?.name);\r\n const entityPerms = permissionRowsToRecord(g?.permissions);\r\n const adminAccess = (user as NextAuthUser & { adminAccess?: boolean }).adminAccess === true;\r\n return {\r\n id: user.id.toString(),\r\n email: user.email,\r\n name: user.name,\r\n groupId: user.groupId ?? undefined,\r\n isRBACAdmin,\r\n entityPerms,\r\n adminAccess,\r\n };\r\n}\r\n\r\nexport function getNextAuthOptions(config: NextAuthOptionsConfig): NextAuthOptions {\r\n const {\r\n getUserByEmail,\r\n comparePassword,\r\n signInPage = '/admin/signin',\r\n secret,\r\n extend,\r\n enablePasswordLogin = true,\r\n enableOtpLogin = false,\r\n authorizeOtp,\r\n } = config;\r\n\r\n const providers: NextAuthOptions['providers'] = [];\r\n\r\n if (enablePasswordLogin) {\r\n providers.push(\r\n CredentialsProvider({\r\n name: 'credentials',\r\n credentials: {\r\n email: { label: 'Email', type: 'email' },\r\n password: { label: 'Password', type: 'password' },\r\n },\r\n async authorize(credentials) {\r\n if (!credentials?.email || !credentials?.password) return null;\r\n try {\r\n const user = await getUserByEmail(credentials.email);\r\n if (!user || user.blocked || (user as { deleted?: boolean }).deleted || !user.password) return null;\r\n const valid = await comparePassword(credentials.password, user.password);\r\n if (!valid) return null;\r\n return sessionUserFromNextAuthUser(user);\r\n } catch {\r\n return null;\r\n }\r\n },\r\n })\r\n );\r\n }\r\n\r\n if (enableOtpLogin && authorizeOtp) {\r\n providers.push(\r\n CredentialsProvider({\r\n id: 'otp',\r\n name: 'otp',\r\n credentials: {\r\n identifier: { label: 'Email or phone', type: 'text' },\r\n code: { label: 'Code', type: 'text' },\r\n channel: { label: 'Channel', type: 'text' },\r\n },\r\n async authorize(credentials) {\r\n const identifier = typeof credentials?.identifier === 'string' ? credentials.identifier.trim() : '';\r\n const code = typeof credentials?.code === 'string' ? credentials.code.trim() : '';\r\n const ch = credentials?.channel === 'sms' ? 'sms' : 'email';\r\n if (!identifier || !code) return null;\r\n try {\r\n const user = await authorizeOtp({ identifier, channel: ch, code });\r\n if (!user || user.blocked || (user as { deleted?: boolean }).deleted) return null;\r\n return sessionUserFromNextAuthUser(user);\r\n } catch {\r\n return null;\r\n }\r\n },\r\n })\r\n );\r\n }\r\n\r\n const options: NextAuthOptions = {\r\n secret: secret ?? process.env.NEXTAUTH_SECRET,\r\n providers,\r\n session: { strategy: 'jwt' },\r\n pages: { signIn: signInPage },\r\n cookies: {\r\n sessionToken: {\r\n name: process.env.NEXTAUTH_URL?.startsWith('https')\r\n ? '__Secure-next-auth.session-token'\r\n : 'next-auth.session-token',\r\n options: {\r\n httpOnly: true,\r\n sameSite: 'lax',\r\n path: '/',\r\n secure: process.env.NEXTAUTH_URL?.startsWith('https') ?? false,\r\n },\r\n },\r\n },\r\n callbacks: {\r\n async jwt({ token, user }) {\r\n if (user) {\r\n const u = user as unknown as Record<string, unknown>;\r\n (token as Record<string, unknown>).id = u.id;\r\n (token as Record<string, unknown>).groupId = u.groupId;\r\n (token as Record<string, unknown>).isRBACAdmin = u.isRBACAdmin;\r\n (token as Record<string, unknown>).entityPerms = u.entityPerms;\r\n (token as Record<string, unknown>).adminAccess = u.adminAccess;\r\n }\r\n return token;\r\n },\r\n async session({ session, token }) {\r\n if (session.user) {\r\n const t = token as Record<string, unknown>;\r\n (session.user as Record<string, unknown>).id = t.id;\r\n (session.user as Record<string, unknown>).groupId = t.groupId;\r\n (session.user as Record<string, unknown>).isRBACAdmin = t.isRBACAdmin;\r\n (session.user as Record<string, unknown>).entityPerms = t.entityPerms;\r\n (session.user as Record<string, unknown>).adminAccess = t.adminAccess;\r\n }\r\n return session;\r\n },\r\n },\r\n };\r\n\r\n return extend ? extend(options) : options;\r\n}\r\n"],"mappings":";AACO,IAAM,qCAAqC,oBAAI,IAAI;AAAA,EACxD;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAGM,IAAM,8BAA8B;AAAA,EACzC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAGO,IAAM,mBAAmB;AAGzB,SAAS,sBAAsB,MAA0C;AAC9E,SAAO,SAAS;AAClB;AAMO,SAAS,4BAA4B,WAA8C;AACxF,QAAM,UAAU,OAAO,KAAK,SAAS,EAAE,OAAO,CAAC,MAAM,CAAC,mCAAmC,IAAI,CAAC,CAAC;AAC/F,QAAM,UAAU,4BAA4B,OAAO,CAAC,MAAM,CAAC,QAAQ,SAAS,CAAC,CAAC;AAC9E,SAAO,CAAC,GAAG,QAAQ,KAAK,GAAG,GAAG,OAAO,EAAE,OAAO,CAAC,GAAG,GAAG,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC;AAC/E;AAEO,SAAS,uBACd,MACuC;AACvC,QAAM,MAA6C,CAAC;AACpD,MAAI,CAAC,MAAM,OAAQ,QAAO;AAC1B,aAAW,KAAK,MAAM;AACpB,QAAI,EAAE,MAAM,IAAI;AAAA,MACd,GAAG,CAAC,CAAC,EAAE;AAAA,MACP,GAAG,CAAC,CAAC,EAAE;AAAA,MACP,GAAG,CAAC,CAAC,EAAE;AAAA,MACP,GAAG,CAAC,CAAC,EAAE;AAAA,IACT;AAAA,EACF;AACA,SAAO;AACT;AAEO,SAAS,oBACd,QACA,QACA,QACS;AACT,QAAM,IAAI,SAAS,MAAM;AACzB,MAAI,CAAC,EAAG,QAAO;AACf,MAAI,WAAW,SAAU,QAAO,EAAE;AAClC,MAAI,WAAW,OAAQ,QAAO,EAAE;AAChC,MAAI,WAAW,SAAU,QAAO,EAAE;AAClC,SAAO,EAAE;AACX;;;ACtEO,IAAM,2BAA2B,oBAAI,IAAI,CAAC,SAAS,eAAe,aAAa,CAAC;AAgBhF,SAAS,uBACd,MACA,QACA,QACS;AACT,MAAI,CAAC,MAAM,MAAO,QAAO;AACzB,MAAI,KAAK,eAAe,yBAAyB,IAAI,MAAM,EAAG,QAAO;AACrE,SAAO,oBAAoB,KAAK,aAAa,QAAQ,MAAM;AAC7D;AAEO,SAAS,eAAe,MAA+C;AAC5E,SAAO,CAAC,EAAE,MAAM,SAAS,KAAK;AAChC;AAIO,IAAM,iBAAkD;AAAA,EAC7D,EAAE,iBAAiB,CAAC,MAAM,EAAE;AAAA,EAC5B,EAAE,yBAAyB,CAAC,MAAM,EAAE;AAAA,EACpC,EAAE,cAAc,CAAC,KAAK,EAAE;AAC1B;AAEO,IAAM,gCAA0D,CAAC;AAEjE,SAAS,eAAe,UAA2B;AACxD,SAAO,eAAe,KAAK,CAAC,aAAa,SAAS,WAAW,OAAO,KAAK,QAAQ,EAAE,CAAC,CAAC,CAAC;AACxF;AAEO,SAAS,sBAAsB,UAAmC;AACvE,SAAO;AACT;AAEO,SAAS,eAAe,UAAkB,QAAyB;AACxE,aAAW,YAAY,gBAAgB;AACrC,UAAM,MAAM,OAAO,KAAK,QAAQ,EAAE,CAAC;AACnC,QAAI,SAAS,WAAW,GAAG,KAAK,SAAS,GAAG,EAAE,SAAS,MAAM,EAAG,QAAO;AAAA,EACzE;AACA,SAAO;AACT;AAUO,SAAS,kBAAkB,YAAwB,cAA8F;AACtJ,SAAO;AAAA,IACL,MAAM,cAAc;AAClB,YAAM,UAAU,MAAM,WAAW;AACjC,UAAI,CAAC,SAAS,MAAM,OAAO;AACzB,eAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MACrE;AACA,aAAO;AAAA,IACT;AAAA,IACA,MAAM,oBAAoB;AACxB,YAAM,UAAU,MAAM,WAAW;AACjC,UAAI,CAAC,SAAS,MAAM,OAAO;AACzB,eAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MACrE;AACA,aAAO;AAAA,IACT;AAAA,IACA,MAAM,wBAAwB,MAAe,QAAgB,QAA0B;AACrF,YAAM,UAAU,MAAM,WAAW;AACjC,UAAI,CAAC,SAAS,MAAM,OAAO;AACzB,eAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MACrE;AACA,YAAM,IAAI,QAAQ;AAClB,UAAI,uBAAuB,GAAG,QAAQ,MAAM,EAAG,QAAO;AACtD,aAAO,aAAa,KAAK,EAAE,OAAO,aAAa,QAAQ,OAAO,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAClF;AAAA,IACA,MAAM,qBAAqB;AACzB,YAAM,UAAU,MAAM,WAAW;AACjC,UAAI,CAAC,SAAS,MAAM,OAAO;AACzB,eAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MACrE;AACA,YAAM,IAAI,QAAQ;AAClB,UAAI,EAAE,YAAa,QAAO;AAC1B,UAAI,EAAE,gBAAgB,MAAO,QAAO,aAAa,KAAK,EAAE,OAAO,aAAa,QAAQ,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AACrH,aAAO;AAAA,IACT;AAAA,IACA,MAAM,uBAAuB;AAC3B,YAAM,UAAU,MAAM,WAAW;AACjC,aAAQ,SAAS,QAAwB;AAAA,IAC3C;AAAA,EACF;AACF;;;ACnGA,eAAsB,6BACpB,YACA,WACe;AACf,QAAM,WAAW,4BAA4B,SAAS;AACtD,QAAM,YAAY,WAAW,cAAc,UAAU,WAA0C;AAC/F,QAAM,WAAW,WAAW,cAAc,UAAU,WAA0C;AAE9F,QAAM,aAAa,MAAM,UAAU,QAAQ,EAAE,OAAO,EAAE,MAAM,kBAAkB,SAAS,MAAM,EAAE,CAAC;AAChG,MAAI,CAAC,WAAY;AAEjB,QAAM,WAAW,EAAE,WAAW,MAAM,SAAS,MAAM,WAAW,MAAM,WAAW,KAAK;AAEpF,aAAW,UAAU,UAAU;AAC7B,UAAM,WAAW,MAAM,SAAS,QAAQ;AAAA,MACtC,OAAO,EAAE,SAAS,WAAW,IAAI,OAAO;AAAA,IAC1C,CAAC;AACD,QAAI,UAAU;AACZ,eAAS,YAAY;AACrB,eAAS,UAAU;AACnB,eAAS,YAAY;AACrB,eAAS,YAAY;AACrB,YAAM,SAAS,KAAK,QAAQ;AAAA,IAC9B,OAAO;AACL,YAAM,SAAS;AAAA,QACb,SAAS,OAAO;AAAA,UACd,SAAS,WAAW;AAAA,UACpB;AAAA,UACA,GAAG;AAAA,QACL,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AACF;;;AChCO,IAAM,0BAAoD;AAAA,EAC/D,iBAAiB,CAAC,MAAM;AAAA,EACxB,yBAAyB,CAAC,MAAM;AAAA,EAChC,cAAc,CAAC,KAAK;AAAA,EACpB,cAAc,CAAC,KAAK;AAAA,EACpB,aAAa,CAAC,OAAO,MAAM;AAAA,EAC3B,eAAe,CAAC,KAAK;AAAA,EACrB,8BAA8B,CAAC,MAAM;AAAA,EACrC,2BAA2B,CAAC,MAAM;AAAA,EAClC,qBAAqB,CAAC,MAAM;AAC9B;AAEA,SAAS,uBAAuB,SAAqG;AACnI,SACE,QAAQ,QAAQ,IAAI,kCAAkC,GAAG,SACzD,QAAQ,QAAQ,IAAI,yBAAyB,GAAG;AAEpD;AAEA,SAASA,gBAAe,UAAkB,QAAgB,kBAAqD;AAC7G,aAAW,CAAC,UAAU,OAAO,KAAK,OAAO,QAAQ,gBAAgB,GAAG;AAClE,QAAI,SAAS,WAAW,QAAQ,KAAK,QAAQ,SAAS,MAAM,EAAG,QAAO;AAAA,EACxE;AACA,SAAO;AACT;AAQO,SAAS,oBAAoB,SAA8B,CAAC,GAAG;AACpE,QAAM;AAAA,IACJ,mBAAmB,CAAC,iBAAiB,0BAA0B,yBAAyB,eAAe;AAAA,IACvG,mBAAmB;AAAA,IACnB,aAAa;AAAA,IACb,kBAAkB;AAAA,EACpB,IAAI;AAEJ,SAAO,SAAS,cAAc,SAK6E;AACzG,UAAM,WAAW,QAAQ,QAAQ;AACjC,UAAM,SAAS,QAAQ;AAEvB,QAAI,iBAAiB,KAAK,CAAC,MAAM,aAAa,KAAK,SAAS,WAAW,IAAI,GAAG,CAAC,GAAG;AAChF,aAAO,EAAE,MAAM,OAAO;AAAA,IACxB;AAEA,QAAI,SAAS,WAAW,QAAQ,GAAG;AACjC,YAAM,QAAQ,gBAAgB,OAAO;AACrC,UAAI,CAAC,OAAO;AACV,eAAO,EAAE,MAAM,YAAY,KAAK,IAAI,IAAI,YAAY,QAAQ,GAAG,EAAE,SAAS,EAAE;AAAA,MAC9E;AAAA,IACF;AAEA,QAAI,SAAS,WAAW,MAAM,GAAG;AAC/B,UAAIA,gBAAe,UAAU,QAAQ,gBAAgB,GAAG;AACtD,eAAO,EAAE,MAAM,OAAO;AAAA,MACxB;AACA,YAAM,QAAQ,gBAAgB,OAAO;AACrC,UAAI,CAAC,OAAO;AACV,eAAO,EAAE,MAAM,QAAQ,QAAQ,KAAK,MAAM,EAAE,OAAO,eAAe,EAAE;AAAA,MACtE;AAAA,IACF;AAEA,WAAO,EAAE,MAAM,OAAO;AAAA,EACxB;AACF;;;AC9EA,OAAO,0BAA0B;AACjC,IAAM,sBAAuB,qBAA6E,WAAW;AA6CrH,SAAS,4BAA4B,MAAoB;AACvD,QAAM,IAAI,KAAK;AACf,QAAM,cAAc,sBAAsB,GAAG,IAAI;AACjD,QAAM,cAAc,uBAAuB,GAAG,WAAW;AACzD,QAAM,cAAe,KAAkD,gBAAgB;AACvF,SAAO;AAAA,IACL,IAAI,KAAK,GAAG,SAAS;AAAA,IACrB,OAAO,KAAK;AAAA,IACZ,MAAM,KAAK;AAAA,IACX,SAAS,KAAK,WAAW;AAAA,IACzB;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAEO,SAAS,mBAAmB,QAAgD;AACjF,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA,aAAa;AAAA,IACb;AAAA,IACA;AAAA,IACA,sBAAsB;AAAA,IACtB,iBAAiB;AAAA,IACjB;AAAA,EACF,IAAI;AAEJ,QAAM,YAA0C,CAAC;AAEjD,MAAI,qBAAqB;AACvB,cAAU;AAAA,MACR,oBAAoB;AAAA,QAClB,MAAM;AAAA,QACN,aAAa;AAAA,UACX,OAAO,EAAE,OAAO,SAAS,MAAM,QAAQ;AAAA,UACvC,UAAU,EAAE,OAAO,YAAY,MAAM,WAAW;AAAA,QAClD;AAAA,QACA,MAAM,UAAU,aAAa;AAC3B,cAAI,CAAC,aAAa,SAAS,CAAC,aAAa,SAAU,QAAO;AAC1D,cAAI;AACF,kBAAM,OAAO,MAAM,eAAe,YAAY,KAAK;AACnD,gBAAI,CAAC,QAAQ,KAAK,WAAY,KAA+B,WAAW,CAAC,KAAK,SAAU,QAAO;AAC/F,kBAAM,QAAQ,MAAM,gBAAgB,YAAY,UAAU,KAAK,QAAQ;AACvE,gBAAI,CAAC,MAAO,QAAO;AACnB,mBAAO,4BAA4B,IAAI;AAAA,UACzC,QAAQ;AACN,mBAAO;AAAA,UACT;AAAA,QACF;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAEA,MAAI,kBAAkB,cAAc;AAClC,cAAU;AAAA,MACR,oBAAoB;AAAA,QAClB,IAAI;AAAA,QACJ,MAAM;AAAA,QACN,aAAa;AAAA,UACX,YAAY,EAAE,OAAO,kBAAkB,MAAM,OAAO;AAAA,UACpD,MAAM,EAAE,OAAO,QAAQ,MAAM,OAAO;AAAA,UACpC,SAAS,EAAE,OAAO,WAAW,MAAM,OAAO;AAAA,QAC5C;AAAA,QACA,MAAM,UAAU,aAAa;AAC3B,gBAAM,aAAa,OAAO,aAAa,eAAe,WAAW,YAAY,WAAW,KAAK,IAAI;AACjG,gBAAM,OAAO,OAAO,aAAa,SAAS,WAAW,YAAY,KAAK,KAAK,IAAI;AAC/E,gBAAM,KAAK,aAAa,YAAY,QAAQ,QAAQ;AACpD,cAAI,CAAC,cAAc,CAAC,KAAM,QAAO;AACjC,cAAI;AACF,kBAAM,OAAO,MAAM,aAAa,EAAE,YAAY,SAAS,IAAI,KAAK,CAAC;AACjE,gBAAI,CAAC,QAAQ,KAAK,WAAY,KAA+B,QAAS,QAAO;AAC7E,mBAAO,4BAA4B,IAAI;AAAA,UACzC,QAAQ;AACN,mBAAO;AAAA,UACT;AAAA,QACF;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAEA,QAAM,UAA2B;AAAA,IAC/B,QAAQ,UAAU,QAAQ,IAAI;AAAA,IAC9B;AAAA,IACA,SAAS,EAAE,UAAU,MAAM;AAAA,IAC3B,OAAO,EAAE,QAAQ,WAAW;AAAA,IAC5B,SAAS;AAAA,MACP,cAAc;AAAA,QACZ,MAAM,QAAQ,IAAI,cAAc,WAAW,OAAO,IAC9C,qCACA;AAAA,QACJ,SAAS;AAAA,UACP,UAAU;AAAA,UACV,UAAU;AAAA,UACV,MAAM;AAAA,UACN,QAAQ,QAAQ,IAAI,cAAc,WAAW,OAAO,KAAK;AAAA,QAC3D;AAAA,MACF;AAAA,IACF;AAAA,IACA,WAAW;AAAA,MACT,MAAM,IAAI,EAAE,OAAO,KAAK,GAAG;AACzB,YAAI,MAAM;AACR,gBAAM,IAAI;AACV,UAAC,MAAkC,KAAK,EAAE;AAC1C,UAAC,MAAkC,UAAU,EAAE;AAC/C,UAAC,MAAkC,cAAc,EAAE;AACnD,UAAC,MAAkC,cAAc,EAAE;AACnD,UAAC,MAAkC,cAAc,EAAE;AAAA,QACrD;AACA,eAAO;AAAA,MACT;AAAA,MACA,MAAM,QAAQ,EAAE,SAAS,MAAM,GAAG;AAChC,YAAI,QAAQ,MAAM;AAChB,gBAAM,IAAI;AACV,UAAC,QAAQ,KAAiC,KAAK,EAAE;AACjD,UAAC,QAAQ,KAAiC,UAAU,EAAE;AACtD,UAAC,QAAQ,KAAiC,cAAc,EAAE;AAC1D,UAAC,QAAQ,KAAiC,cAAc,EAAE;AAC1D,UAAC,QAAQ,KAAiC,cAAc,EAAE;AAAA,QAC5D;AACA,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAEA,SAAO,SAAS,OAAO,OAAO,IAAI;AACpC;","names":["isPublicMethod"]}
1
+ {"version":3,"sources":["../src/auth/permission-entities.ts","../src/auth/helpers.ts","../src/auth/seed-permissions.ts","../src/auth/middleware.ts","../src/auth/nextauth-options.ts"],"sourcesContent":["/** API resource keys excluded from the permission matrix (internal / not admin-CRUD). */\r\nexport const PERMISSION_ENTITY_INTERNAL_EXCLUDE = new Set([\r\n 'users',\r\n 'password_reset_tokens',\r\n 'user_groups',\r\n 'permissions',\r\n 'comments',\r\n 'form_fields',\r\n 'configs',\r\n 'knowledge_base_chunks',\r\n 'carts',\r\n 'cart_items',\r\n 'wishlists',\r\n 'wishlist_items',\r\n 'message_templates',\r\n]);\r\n\r\n/** Non-CRUD admin surfaces mapped to entity keys for RBAC. */\r\nexport const PERMISSION_LOGICAL_ENTITIES = [\r\n 'users',\r\n 'forms',\r\n 'form_submissions',\r\n 'dashboard',\r\n 'upload',\r\n 'settings',\r\n 'analytics',\r\n 'chat',\r\n] as const;\r\n\r\n/** Canonical name for new installs / migrations */\r\nexport const ADMIN_GROUP_NAME = 'Administrator';\r\n\r\n/** System administrator group (roles UI + users / user_groups / permissions bypass). */\r\nexport function isSuperAdminGroupName(name: string | null | undefined): boolean {\r\n return name === ADMIN_GROUP_NAME;\r\n}\r\n\r\nexport type EntityCrudAction = 'create' | 'read' | 'update' | 'delete';\r\n\r\nexport type EntityPermissionFlags = { c: boolean; r: boolean; u: boolean; d: boolean };\r\n\r\nexport function getPermissionableEntityKeys(entityMap: Record<string, unknown>): string[] {\r\n const fromMap = Object.keys(entityMap).filter((k) => !PERMISSION_ENTITY_INTERNAL_EXCLUDE.has(k));\r\n const logical = PERMISSION_LOGICAL_ENTITIES.filter((k) => !fromMap.includes(k));\r\n return [...fromMap.sort(), ...logical].filter((k, i, a) => a.indexOf(k) === i);\r\n}\r\n\r\nexport function permissionRowsToRecord(\r\n rows: Array<{ entity: string; canCreate: boolean; canRead: boolean; canUpdate: boolean; canDelete: boolean }> | undefined\r\n): Record<string, EntityPermissionFlags> {\r\n const out: Record<string, EntityPermissionFlags> = {};\r\n if (!rows?.length) return out;\r\n for (const p of rows) {\r\n out[p.entity] = {\r\n c: !!p.canCreate,\r\n r: !!p.canRead,\r\n u: !!p.canUpdate,\r\n d: !!p.canDelete,\r\n };\r\n }\r\n return out;\r\n}\r\n\r\nexport function hasEntityPermission(\r\n record: Record<string, EntityPermissionFlags> | undefined,\r\n entity: string,\r\n action: EntityCrudAction\r\n): boolean {\r\n const p = record?.[entity];\r\n if (!p) return false;\r\n if (action === 'create') return p.c;\r\n if (action === 'read') return p.r;\r\n if (action === 'update') return p.u;\r\n return p.d;\r\n}\r\n","import type { EntityCrudAction, EntityPermissionFlags } from './permission-entities';\r\nimport { hasEntityPermission } from './permission-entities';\r\n\r\n/** isRBACAdmin bypasses entity checks only for these (users / roles plumbing). */\r\nexport const RBAC_ADMIN_ONLY_ENTITIES = new Set(['users', 'user_groups', 'permissions']);\r\n\r\nexport interface SessionUser {\r\n id?: string;\r\n email?: string | null;\r\n name?: string | null;\r\n groupId?: number;\r\n /** @deprecated use entityPerms / isRBACAdmin */\r\n permissions?: string[];\r\n /** Administrator group: full access only for users, user_groups, permissions */\r\n isRBACAdmin?: boolean;\r\n entityPerms?: Record<string, EntityPermissionFlags>;\r\n /** When false and not isRBACAdmin, admin API/UI is denied. */\r\n adminAccess?: boolean;\r\n}\r\n\r\nexport function sessionHasEntityAccess(\r\n user: SessionUser | null | undefined,\r\n entity: string,\r\n action: EntityCrudAction\r\n): boolean {\r\n if (!user?.email) return false;\r\n if (user.isRBACAdmin && RBAC_ADMIN_ONLY_ENTITIES.has(entity)) return true;\r\n return hasEntityPermission(user.entityPerms, entity, action);\r\n}\r\n\r\nexport function canManageRoles(user: SessionUser | null | undefined): boolean {\r\n return !!(user?.email && user.isRBACAdmin);\r\n}\r\n\r\nexport type GetSession = () => Promise<{ user?: SessionUser } | null>;\r\n\r\nexport const OPEN_ENDPOINTS: Array<Record<string, string[]>> = [\r\n { '/api/contacts': ['POST'] },\r\n { '/api/form-submissions': ['POST'] },\r\n { '/api/blogs': ['GET'] },\r\n];\r\n\r\nexport const PERMISSION_REQUIRED_ENDPOINTS: Record<string, string[]> = {};\r\n\r\nexport function isOpenEndpoint(pathname: string): boolean {\r\n return OPEN_ENDPOINTS.some((endpoint) => pathname.startsWith(Object.keys(endpoint)[0]));\r\n}\r\n\r\nexport function getRequiredPermission(pathname: string): string[] | null {\r\n return null;\r\n}\r\n\r\nexport function isPublicMethod(pathname: string, method: string): boolean {\r\n for (const endpoint of OPEN_ENDPOINTS) {\r\n const key = Object.keys(endpoint)[0];\r\n if (pathname.startsWith(key) && endpoint[key].includes(method)) return true;\r\n }\r\n return false;\r\n}\r\n\r\nexport interface AuthHelpers {\r\n requireAuth(req: Request): Promise<Response | null>;\r\n requirePermission(req: Request, permission: string): Promise<Response | null>;\r\n requireEntityPermission(req: Request, entity: string, action: EntityCrudAction): Promise<Response | null>;\r\n requireAdminAccess(req: Request): Promise<Response | null>;\r\n getAuthenticatedUser(): Promise<SessionUser | null>;\r\n}\r\n\r\nexport function createAuthHelpers(getSession: GetSession, NextResponse: { json: (body: unknown, init?: { status?: number }) => Response }): AuthHelpers {\r\n return {\r\n async requireAuth() {\r\n const session = await getSession();\r\n if (!session?.user?.email) {\r\n return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });\r\n }\r\n return null;\r\n },\r\n async requirePermission() {\r\n const session = await getSession();\r\n if (!session?.user?.email) {\r\n return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });\r\n }\r\n return null;\r\n },\r\n async requireEntityPermission(_req: Request, entity: string, action: EntityCrudAction) {\r\n const session = await getSession();\r\n if (!session?.user?.email) {\r\n return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });\r\n }\r\n const u = session.user as SessionUser;\r\n if (sessionHasEntityAccess(u, entity, action)) return null;\r\n return NextResponse.json({ error: 'Forbidden', entity, action }, { status: 403 });\r\n },\r\n async requireAdminAccess() {\r\n const session = await getSession();\r\n if (!session?.user?.email) {\r\n return NextResponse.json({ error: 'Unauthorized' }, { status: 401 });\r\n }\r\n const u = session.user as SessionUser;\r\n if (u.isRBACAdmin) return null;\r\n if (u.adminAccess === false) return NextResponse.json({ error: 'Forbidden', reason: 'admin_access' }, { status: 403 });\r\n return null;\r\n },\r\n async getAuthenticatedUser() {\r\n const session = await getSession();\r\n return (session?.user as SessionUser) ?? null;\r\n },\r\n };\r\n}\r\n","import type { DataSource } from 'typeorm';\r\nimport type { EntityTarget } from 'typeorm';\r\nimport type { ObjectLiteral } from 'typeorm';\r\nimport { getPermissionableEntityKeys, ADMIN_GROUP_NAME } from './permission-entities';\r\n\r\n/**\r\n * Ensures the Administrator group has full CRUD on every permissionable entity\r\n * for the given entity map. Idempotent: upserts per entity.\r\n */\r\nexport async function seedAdministratorPermissions(\r\n dataSource: DataSource,\r\n entityMap: Record<string, unknown>\r\n): Promise<void> {\r\n const entities = getPermissionableEntityKeys(entityMap);\r\n const groupRepo = dataSource.getRepository(entityMap.user_groups as EntityTarget<ObjectLiteral>);\r\n const permRepo = dataSource.getRepository(entityMap.permissions as EntityTarget<ObjectLiteral>);\r\n\r\n const adminGroup = await groupRepo.findOne({ where: { name: ADMIN_GROUP_NAME, deleted: false } });\r\n if (!adminGroup) return;\r\n\r\n const fullCrud = { canCreate: true, canRead: true, canUpdate: true, canDelete: true };\r\n\r\n for (const entity of entities) {\r\n const existing = await permRepo.findOne({\r\n where: { groupId: adminGroup.id, entity },\r\n });\r\n if (existing) {\r\n existing.canCreate = true;\r\n existing.canRead = true;\r\n existing.canUpdate = true;\r\n existing.canDelete = true;\r\n await permRepo.save(existing);\r\n } else {\r\n await permRepo.save(\r\n permRepo.create({\r\n groupId: adminGroup.id,\r\n entity,\r\n ...fullCrud,\r\n })\r\n );\r\n }\r\n }\r\n}\r\n","export interface CmsMiddlewareConfig {\r\n publicAdminPaths?: string[];\r\n publicApiPaths?: string[];\r\n /** path -> allowed methods */\r\n publicApiMethods?: Record<string, string[]>;\r\n signInPath?: string;\r\n getSessionToken?: (request: { cookies: { get: (name: string) => { value?: string } | undefined } }) => string | undefined;\r\n}\r\n\r\n/** Default public API paths (no auth). Sites should extend this with their own routes. */\r\nexport const defaultPublicApiMethods: Record<string, string[]> = {\r\n '/api/contacts': ['POST'],\r\n '/api/form-submissions': ['POST'],\r\n '/api/blogs': ['GET'],\r\n '/api/forms': ['GET'],\r\n '/api/auth': ['GET', 'POST'],\r\n '/api/health': ['GET'],\r\n '/api/users/forgot-password': ['POST'],\r\n '/api/users/set-password': ['POST'],\r\n '/api/users/invite': ['POST'],\r\n};\r\n\r\nfunction defaultGetSessionToken(request: { cookies: { get: (name: string) => { value?: string } | undefined } }): string | undefined {\r\n return (\r\n request.cookies.get('__Secure-next-auth.session-token')?.value ??\r\n request.cookies.get('next-auth.session-token')?.value\r\n );\r\n}\r\n\r\nfunction isPublicMethod(pathname: string, method: string, publicApiMethods: Record<string, string[]>): boolean {\r\n for (const [endpoint, methods] of Object.entries(publicApiMethods)) {\r\n if (pathname.startsWith(endpoint) && methods.includes(method)) return true;\r\n }\r\n return false;\r\n}\r\n\r\n/**\r\n * Returns middleware logic. Use from Next.js middleware:\r\n * import { createCmsMiddleware } from '@infuro/cms-core';\r\n * export const middleware = createCmsMiddleware({ ... });\r\n * export const config = { matcher: ['/admin/:path*', '/api/:path*'] };\r\n */\r\nexport function createCmsMiddleware(config: CmsMiddlewareConfig = {}) {\r\n const {\r\n publicAdminPaths = ['/admin/signin', '/admin/forgot-password', '/admin/reset-password', '/admin/invite'],\r\n publicApiMethods = defaultPublicApiMethods,\r\n signInPath = '/admin/signin',\r\n getSessionToken = defaultGetSessionToken,\r\n } = config;\r\n\r\n return function cmsMiddleware(request: {\r\n nextUrl: { pathname: string };\r\n url: string;\r\n method: string;\r\n cookies: { get: (name: string) => { value?: string } | undefined };\r\n }): { type: 'next' } | { type: 'redirect'; url: string } | { type: 'json'; status: number; body: unknown } {\r\n const pathname = request.nextUrl.pathname;\r\n const method = request.method;\r\n\r\n if (publicAdminPaths.some((p) => pathname === p || pathname.startsWith(p + '/'))) {\r\n return { type: 'next' };\r\n }\r\n\r\n if (pathname.startsWith('/admin')) {\r\n const token = getSessionToken(request);\r\n if (!token) {\r\n return { type: 'redirect', url: new URL(signInPath, request.url).toString() };\r\n }\r\n }\r\n\r\n if (pathname.startsWith('/api')) {\r\n if (isPublicMethod(pathname, method, publicApiMethods)) {\r\n return { type: 'next' };\r\n }\r\n const token = getSessionToken(request);\r\n if (!token) {\r\n return { type: 'json', status: 401, body: { error: 'Unauthorized' } };\r\n }\r\n }\r\n\r\n return { type: 'next' };\r\n };\r\n}\r\n","/**\r\n * Build NextAuth options for credentials auth. App can extend/override via extend().\r\n */\r\nimport type { NextAuthOptions } from 'next-auth';\r\nimport _CredentialsProvider from 'next-auth/providers/credentials';\r\nconst CredentialsProvider = (_CredentialsProvider as unknown as { default: typeof _CredentialsProvider }).default ?? _CredentialsProvider;\r\nimport { isSuperAdminGroupName, permissionRowsToRecord } from './permission-entities';\r\n\r\nexport interface NextAuthUser {\r\n id: number;\r\n email: string;\r\n name: string | null;\r\n password: string | null;\r\n blocked?: boolean;\r\n deleted?: boolean;\r\n groupId?: number | null;\r\n adminAccess?: boolean;\r\n group?: {\r\n name?: string;\r\n permissions?: Array<{\r\n entity: string;\r\n canCreate: boolean;\r\n canRead: boolean;\r\n canUpdate: boolean;\r\n canDelete: boolean;\r\n }>;\r\n };\r\n}\r\n\r\nexport interface AuthorizeOtpInput {\r\n identifier: string;\r\n channel: 'email' | 'sms';\r\n code: string;\r\n}\r\n\r\nexport interface NextAuthOptionsConfig {\r\n /** Resolve user by email (e.g. from TypeORM). Return null if not found. */\r\n getUserByEmail: (email: string) => Promise<NextAuthUser | null>;\r\n comparePassword: (plain: string, hash: string) => Promise<boolean>;\r\n signInPage?: string;\r\n secret?: string;\r\n extend?: (options: NextAuthOptions) => NextAuthOptions;\r\n /** When false, password CredentialsProvider is omitted. Default true. */\r\n enablePasswordLogin?: boolean;\r\n /** When true, registers CredentialsProvider id `otp`. Requires authorizeOtp. Default false. */\r\n enableOtpLogin?: boolean;\r\n /** Validate OTP and return user (same shape as password flow) or null. */\r\n authorizeOtp?: (input: AuthorizeOtpInput) => Promise<NextAuthUser | null>;\r\n}\r\n\r\nfunction sessionUserFromNextAuthUser(user: NextAuthUser) {\r\n const g = user.group;\r\n const isRBACAdmin = isSuperAdminGroupName(g?.name);\r\n const entityPerms = permissionRowsToRecord(g?.permissions);\r\n const adminAccess = (user as NextAuthUser & { adminAccess?: boolean }).adminAccess === true;\r\n return {\r\n id: user.id.toString(),\r\n email: user.email,\r\n name: user.name,\r\n groupId: user.groupId ?? undefined,\r\n isRBACAdmin,\r\n entityPerms,\r\n adminAccess,\r\n };\r\n}\r\n\r\nexport function getNextAuthOptions(config: NextAuthOptionsConfig): NextAuthOptions {\r\n const {\r\n getUserByEmail,\r\n comparePassword,\r\n signInPage = '/admin/signin',\r\n secret,\r\n extend,\r\n enablePasswordLogin = true,\r\n enableOtpLogin = false,\r\n authorizeOtp,\r\n } = config;\r\n\r\n const providers: NextAuthOptions['providers'] = [];\r\n\r\n if (enablePasswordLogin) {\r\n providers.push(\r\n CredentialsProvider({\r\n name: 'credentials',\r\n credentials: {\r\n email: { label: 'Email', type: 'email' },\r\n password: { label: 'Password', type: 'password' },\r\n },\r\n async authorize(credentials) {\r\n if (!credentials?.email || !credentials?.password) return null;\r\n try {\r\n const user = await getUserByEmail(credentials.email);\r\n if (!user || user.blocked || (user as { deleted?: boolean }).deleted || !user.password) return null;\r\n const valid = await comparePassword(credentials.password, user.password);\r\n if (!valid) return null;\r\n return sessionUserFromNextAuthUser(user);\r\n } catch {\r\n return null;\r\n }\r\n },\r\n })\r\n );\r\n }\r\n\r\n if (enableOtpLogin && authorizeOtp) {\r\n providers.push(\r\n CredentialsProvider({\r\n id: 'otp',\r\n name: 'otp',\r\n credentials: {\r\n identifier: { label: 'Email or phone', type: 'text' },\r\n code: { label: 'Code', type: 'text' },\r\n channel: { label: 'Channel', type: 'text' },\r\n },\r\n async authorize(credentials) {\r\n const identifier = typeof credentials?.identifier === 'string' ? credentials.identifier.trim() : '';\r\n const code = typeof credentials?.code === 'string' ? credentials.code.trim() : '';\r\n const ch = credentials?.channel === 'sms' ? 'sms' : 'email';\r\n if (!identifier || !code) return null;\r\n try {\r\n const user = await authorizeOtp({ identifier, channel: ch, code });\r\n if (!user || user.blocked || (user as { deleted?: boolean }).deleted) return null;\r\n return sessionUserFromNextAuthUser(user);\r\n } catch {\r\n return null;\r\n }\r\n },\r\n })\r\n );\r\n }\r\n\r\n const options: NextAuthOptions = {\r\n secret: secret ?? process.env.NEXTAUTH_SECRET,\r\n providers,\r\n session: { strategy: 'jwt' },\r\n pages: { signIn: signInPage },\r\n cookies: {\r\n sessionToken: {\r\n name: process.env.NEXTAUTH_URL?.startsWith('https')\r\n ? '__Secure-next-auth.session-token'\r\n : 'next-auth.session-token',\r\n options: {\r\n httpOnly: true,\r\n sameSite: 'lax',\r\n path: '/',\r\n secure: process.env.NEXTAUTH_URL?.startsWith('https') ?? false,\r\n },\r\n },\r\n },\r\n callbacks: {\r\n async jwt({ token, user, trigger, session }) {\r\n if (user) {\r\n const u = user as unknown as Record<string, unknown>;\r\n (token as Record<string, unknown>).id = u.id;\r\n (token as Record<string, unknown>).groupId = u.groupId;\r\n (token as Record<string, unknown>).isRBACAdmin = u.isRBACAdmin;\r\n (token as Record<string, unknown>).entityPerms = u.entityPerms;\r\n (token as Record<string, unknown>).adminAccess = u.adminAccess;\r\n }\r\n if (trigger === 'update' && session && typeof session === 'object') {\r\n const s = session as Record<string, unknown>;\r\n const t = token as Record<string, unknown>;\r\n if (typeof s.name === 'string') t.name = s.name;\r\n if (typeof s.email === 'string') t.email = s.email;\r\n }\r\n return token;\r\n },\r\n async session({ session, token }) {\r\n if (session.user) {\r\n const t = token as Record<string, unknown>;\r\n if (typeof t.name === 'string') session.user.name = t.name;\r\n if (typeof t.email === 'string') session.user.email = t.email;\r\n (session.user as Record<string, unknown>).id = t.id;\r\n (session.user as Record<string, unknown>).groupId = t.groupId;\r\n (session.user as Record<string, unknown>).isRBACAdmin = t.isRBACAdmin;\r\n (session.user as Record<string, unknown>).entityPerms = t.entityPerms;\r\n (session.user as Record<string, unknown>).adminAccess = t.adminAccess;\r\n }\r\n return session;\r\n },\r\n },\r\n };\r\n\r\n return extend ? extend(options) : options;\r\n}\r\n"],"mappings":";AACO,IAAM,qCAAqC,oBAAI,IAAI;AAAA,EACxD;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF,CAAC;AAGM,IAAM,8BAA8B;AAAA,EACzC;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;AAGO,IAAM,mBAAmB;AAGzB,SAAS,sBAAsB,MAA0C;AAC9E,SAAO,SAAS;AAClB;AAMO,SAAS,4BAA4B,WAA8C;AACxF,QAAM,UAAU,OAAO,KAAK,SAAS,EAAE,OAAO,CAAC,MAAM,CAAC,mCAAmC,IAAI,CAAC,CAAC;AAC/F,QAAM,UAAU,4BAA4B,OAAO,CAAC,MAAM,CAAC,QAAQ,SAAS,CAAC,CAAC;AAC9E,SAAO,CAAC,GAAG,QAAQ,KAAK,GAAG,GAAG,OAAO,EAAE,OAAO,CAAC,GAAG,GAAG,MAAM,EAAE,QAAQ,CAAC,MAAM,CAAC;AAC/E;AAEO,SAAS,uBACd,MACuC;AACvC,QAAM,MAA6C,CAAC;AACpD,MAAI,CAAC,MAAM,OAAQ,QAAO;AAC1B,aAAW,KAAK,MAAM;AACpB,QAAI,EAAE,MAAM,IAAI;AAAA,MACd,GAAG,CAAC,CAAC,EAAE;AAAA,MACP,GAAG,CAAC,CAAC,EAAE;AAAA,MACP,GAAG,CAAC,CAAC,EAAE;AAAA,MACP,GAAG,CAAC,CAAC,EAAE;AAAA,IACT;AAAA,EACF;AACA,SAAO;AACT;AAEO,SAAS,oBACd,QACA,QACA,QACS;AACT,QAAM,IAAI,SAAS,MAAM;AACzB,MAAI,CAAC,EAAG,QAAO;AACf,MAAI,WAAW,SAAU,QAAO,EAAE;AAClC,MAAI,WAAW,OAAQ,QAAO,EAAE;AAChC,MAAI,WAAW,SAAU,QAAO,EAAE;AAClC,SAAO,EAAE;AACX;;;ACtEO,IAAM,2BAA2B,oBAAI,IAAI,CAAC,SAAS,eAAe,aAAa,CAAC;AAgBhF,SAAS,uBACd,MACA,QACA,QACS;AACT,MAAI,CAAC,MAAM,MAAO,QAAO;AACzB,MAAI,KAAK,eAAe,yBAAyB,IAAI,MAAM,EAAG,QAAO;AACrE,SAAO,oBAAoB,KAAK,aAAa,QAAQ,MAAM;AAC7D;AAEO,SAAS,eAAe,MAA+C;AAC5E,SAAO,CAAC,EAAE,MAAM,SAAS,KAAK;AAChC;AAIO,IAAM,iBAAkD;AAAA,EAC7D,EAAE,iBAAiB,CAAC,MAAM,EAAE;AAAA,EAC5B,EAAE,yBAAyB,CAAC,MAAM,EAAE;AAAA,EACpC,EAAE,cAAc,CAAC,KAAK,EAAE;AAC1B;AAEO,IAAM,gCAA0D,CAAC;AAEjE,SAAS,eAAe,UAA2B;AACxD,SAAO,eAAe,KAAK,CAAC,aAAa,SAAS,WAAW,OAAO,KAAK,QAAQ,EAAE,CAAC,CAAC,CAAC;AACxF;AAEO,SAAS,sBAAsB,UAAmC;AACvE,SAAO;AACT;AAEO,SAAS,eAAe,UAAkB,QAAyB;AACxE,aAAW,YAAY,gBAAgB;AACrC,UAAM,MAAM,OAAO,KAAK,QAAQ,EAAE,CAAC;AACnC,QAAI,SAAS,WAAW,GAAG,KAAK,SAAS,GAAG,EAAE,SAAS,MAAM,EAAG,QAAO;AAAA,EACzE;AACA,SAAO;AACT;AAUO,SAAS,kBAAkB,YAAwB,cAA8F;AACtJ,SAAO;AAAA,IACL,MAAM,cAAc;AAClB,YAAM,UAAU,MAAM,WAAW;AACjC,UAAI,CAAC,SAAS,MAAM,OAAO;AACzB,eAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MACrE;AACA,aAAO;AAAA,IACT;AAAA,IACA,MAAM,oBAAoB;AACxB,YAAM,UAAU,MAAM,WAAW;AACjC,UAAI,CAAC,SAAS,MAAM,OAAO;AACzB,eAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MACrE;AACA,aAAO;AAAA,IACT;AAAA,IACA,MAAM,wBAAwB,MAAe,QAAgB,QAA0B;AACrF,YAAM,UAAU,MAAM,WAAW;AACjC,UAAI,CAAC,SAAS,MAAM,OAAO;AACzB,eAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MACrE;AACA,YAAM,IAAI,QAAQ;AAClB,UAAI,uBAAuB,GAAG,QAAQ,MAAM,EAAG,QAAO;AACtD,aAAO,aAAa,KAAK,EAAE,OAAO,aAAa,QAAQ,OAAO,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,IAClF;AAAA,IACA,MAAM,qBAAqB;AACzB,YAAM,UAAU,MAAM,WAAW;AACjC,UAAI,CAAC,SAAS,MAAM,OAAO;AACzB,eAAO,aAAa,KAAK,EAAE,OAAO,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AAAA,MACrE;AACA,YAAM,IAAI,QAAQ;AAClB,UAAI,EAAE,YAAa,QAAO;AAC1B,UAAI,EAAE,gBAAgB,MAAO,QAAO,aAAa,KAAK,EAAE,OAAO,aAAa,QAAQ,eAAe,GAAG,EAAE,QAAQ,IAAI,CAAC;AACrH,aAAO;AAAA,IACT;AAAA,IACA,MAAM,uBAAuB;AAC3B,YAAM,UAAU,MAAM,WAAW;AACjC,aAAQ,SAAS,QAAwB;AAAA,IAC3C;AAAA,EACF;AACF;;;ACnGA,eAAsB,6BACpB,YACA,WACe;AACf,QAAM,WAAW,4BAA4B,SAAS;AACtD,QAAM,YAAY,WAAW,cAAc,UAAU,WAA0C;AAC/F,QAAM,WAAW,WAAW,cAAc,UAAU,WAA0C;AAE9F,QAAM,aAAa,MAAM,UAAU,QAAQ,EAAE,OAAO,EAAE,MAAM,kBAAkB,SAAS,MAAM,EAAE,CAAC;AAChG,MAAI,CAAC,WAAY;AAEjB,QAAM,WAAW,EAAE,WAAW,MAAM,SAAS,MAAM,WAAW,MAAM,WAAW,KAAK;AAEpF,aAAW,UAAU,UAAU;AAC7B,UAAM,WAAW,MAAM,SAAS,QAAQ;AAAA,MACtC,OAAO,EAAE,SAAS,WAAW,IAAI,OAAO;AAAA,IAC1C,CAAC;AACD,QAAI,UAAU;AACZ,eAAS,YAAY;AACrB,eAAS,UAAU;AACnB,eAAS,YAAY;AACrB,eAAS,YAAY;AACrB,YAAM,SAAS,KAAK,QAAQ;AAAA,IAC9B,OAAO;AACL,YAAM,SAAS;AAAA,QACb,SAAS,OAAO;AAAA,UACd,SAAS,WAAW;AAAA,UACpB;AAAA,UACA,GAAG;AAAA,QACL,CAAC;AAAA,MACH;AAAA,IACF;AAAA,EACF;AACF;;;AChCO,IAAM,0BAAoD;AAAA,EAC/D,iBAAiB,CAAC,MAAM;AAAA,EACxB,yBAAyB,CAAC,MAAM;AAAA,EAChC,cAAc,CAAC,KAAK;AAAA,EACpB,cAAc,CAAC,KAAK;AAAA,EACpB,aAAa,CAAC,OAAO,MAAM;AAAA,EAC3B,eAAe,CAAC,KAAK;AAAA,EACrB,8BAA8B,CAAC,MAAM;AAAA,EACrC,2BAA2B,CAAC,MAAM;AAAA,EAClC,qBAAqB,CAAC,MAAM;AAC9B;AAEA,SAAS,uBAAuB,SAAqG;AACnI,SACE,QAAQ,QAAQ,IAAI,kCAAkC,GAAG,SACzD,QAAQ,QAAQ,IAAI,yBAAyB,GAAG;AAEpD;AAEA,SAASA,gBAAe,UAAkB,QAAgB,kBAAqD;AAC7G,aAAW,CAAC,UAAU,OAAO,KAAK,OAAO,QAAQ,gBAAgB,GAAG;AAClE,QAAI,SAAS,WAAW,QAAQ,KAAK,QAAQ,SAAS,MAAM,EAAG,QAAO;AAAA,EACxE;AACA,SAAO;AACT;AAQO,SAAS,oBAAoB,SAA8B,CAAC,GAAG;AACpE,QAAM;AAAA,IACJ,mBAAmB,CAAC,iBAAiB,0BAA0B,yBAAyB,eAAe;AAAA,IACvG,mBAAmB;AAAA,IACnB,aAAa;AAAA,IACb,kBAAkB;AAAA,EACpB,IAAI;AAEJ,SAAO,SAAS,cAAc,SAK6E;AACzG,UAAM,WAAW,QAAQ,QAAQ;AACjC,UAAM,SAAS,QAAQ;AAEvB,QAAI,iBAAiB,KAAK,CAAC,MAAM,aAAa,KAAK,SAAS,WAAW,IAAI,GAAG,CAAC,GAAG;AAChF,aAAO,EAAE,MAAM,OAAO;AAAA,IACxB;AAEA,QAAI,SAAS,WAAW,QAAQ,GAAG;AACjC,YAAM,QAAQ,gBAAgB,OAAO;AACrC,UAAI,CAAC,OAAO;AACV,eAAO,EAAE,MAAM,YAAY,KAAK,IAAI,IAAI,YAAY,QAAQ,GAAG,EAAE,SAAS,EAAE;AAAA,MAC9E;AAAA,IACF;AAEA,QAAI,SAAS,WAAW,MAAM,GAAG;AAC/B,UAAIA,gBAAe,UAAU,QAAQ,gBAAgB,GAAG;AACtD,eAAO,EAAE,MAAM,OAAO;AAAA,MACxB;AACA,YAAM,QAAQ,gBAAgB,OAAO;AACrC,UAAI,CAAC,OAAO;AACV,eAAO,EAAE,MAAM,QAAQ,QAAQ,KAAK,MAAM,EAAE,OAAO,eAAe,EAAE;AAAA,MACtE;AAAA,IACF;AAEA,WAAO,EAAE,MAAM,OAAO;AAAA,EACxB;AACF;;;AC9EA,OAAO,0BAA0B;AACjC,IAAM,sBAAuB,qBAA6E,WAAW;AA6CrH,SAAS,4BAA4B,MAAoB;AACvD,QAAM,IAAI,KAAK;AACf,QAAM,cAAc,sBAAsB,GAAG,IAAI;AACjD,QAAM,cAAc,uBAAuB,GAAG,WAAW;AACzD,QAAM,cAAe,KAAkD,gBAAgB;AACvF,SAAO;AAAA,IACL,IAAI,KAAK,GAAG,SAAS;AAAA,IACrB,OAAO,KAAK;AAAA,IACZ,MAAM,KAAK;AAAA,IACX,SAAS,KAAK,WAAW;AAAA,IACzB;AAAA,IACA;AAAA,IACA;AAAA,EACF;AACF;AAEO,SAAS,mBAAmB,QAAgD;AACjF,QAAM;AAAA,IACJ;AAAA,IACA;AAAA,IACA,aAAa;AAAA,IACb;AAAA,IACA;AAAA,IACA,sBAAsB;AAAA,IACtB,iBAAiB;AAAA,IACjB;AAAA,EACF,IAAI;AAEJ,QAAM,YAA0C,CAAC;AAEjD,MAAI,qBAAqB;AACvB,cAAU;AAAA,MACR,oBAAoB;AAAA,QAClB,MAAM;AAAA,QACN,aAAa;AAAA,UACX,OAAO,EAAE,OAAO,SAAS,MAAM,QAAQ;AAAA,UACvC,UAAU,EAAE,OAAO,YAAY,MAAM,WAAW;AAAA,QAClD;AAAA,QACA,MAAM,UAAU,aAAa;AAC3B,cAAI,CAAC,aAAa,SAAS,CAAC,aAAa,SAAU,QAAO;AAC1D,cAAI;AACF,kBAAM,OAAO,MAAM,eAAe,YAAY,KAAK;AACnD,gBAAI,CAAC,QAAQ,KAAK,WAAY,KAA+B,WAAW,CAAC,KAAK,SAAU,QAAO;AAC/F,kBAAM,QAAQ,MAAM,gBAAgB,YAAY,UAAU,KAAK,QAAQ;AACvE,gBAAI,CAAC,MAAO,QAAO;AACnB,mBAAO,4BAA4B,IAAI;AAAA,UACzC,QAAQ;AACN,mBAAO;AAAA,UACT;AAAA,QACF;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAEA,MAAI,kBAAkB,cAAc;AAClC,cAAU;AAAA,MACR,oBAAoB;AAAA,QAClB,IAAI;AAAA,QACJ,MAAM;AAAA,QACN,aAAa;AAAA,UACX,YAAY,EAAE,OAAO,kBAAkB,MAAM,OAAO;AAAA,UACpD,MAAM,EAAE,OAAO,QAAQ,MAAM,OAAO;AAAA,UACpC,SAAS,EAAE,OAAO,WAAW,MAAM,OAAO;AAAA,QAC5C;AAAA,QACA,MAAM,UAAU,aAAa;AAC3B,gBAAM,aAAa,OAAO,aAAa,eAAe,WAAW,YAAY,WAAW,KAAK,IAAI;AACjG,gBAAM,OAAO,OAAO,aAAa,SAAS,WAAW,YAAY,KAAK,KAAK,IAAI;AAC/E,gBAAM,KAAK,aAAa,YAAY,QAAQ,QAAQ;AACpD,cAAI,CAAC,cAAc,CAAC,KAAM,QAAO;AACjC,cAAI;AACF,kBAAM,OAAO,MAAM,aAAa,EAAE,YAAY,SAAS,IAAI,KAAK,CAAC;AACjE,gBAAI,CAAC,QAAQ,KAAK,WAAY,KAA+B,QAAS,QAAO;AAC7E,mBAAO,4BAA4B,IAAI;AAAA,UACzC,QAAQ;AACN,mBAAO;AAAA,UACT;AAAA,QACF;AAAA,MACF,CAAC;AAAA,IACH;AAAA,EACF;AAEA,QAAM,UAA2B;AAAA,IAC/B,QAAQ,UAAU,QAAQ,IAAI;AAAA,IAC9B;AAAA,IACA,SAAS,EAAE,UAAU,MAAM;AAAA,IAC3B,OAAO,EAAE,QAAQ,WAAW;AAAA,IAC5B,SAAS;AAAA,MACP,cAAc;AAAA,QACZ,MAAM,QAAQ,IAAI,cAAc,WAAW,OAAO,IAC9C,qCACA;AAAA,QACJ,SAAS;AAAA,UACP,UAAU;AAAA,UACV,UAAU;AAAA,UACV,MAAM;AAAA,UACN,QAAQ,QAAQ,IAAI,cAAc,WAAW,OAAO,KAAK;AAAA,QAC3D;AAAA,MACF;AAAA,IACF;AAAA,IACA,WAAW;AAAA,MACT,MAAM,IAAI,EAAE,OAAO,MAAM,SAAS,QAAQ,GAAG;AAC3C,YAAI,MAAM;AACR,gBAAM,IAAI;AACV,UAAC,MAAkC,KAAK,EAAE;AAC1C,UAAC,MAAkC,UAAU,EAAE;AAC/C,UAAC,MAAkC,cAAc,EAAE;AACnD,UAAC,MAAkC,cAAc,EAAE;AACnD,UAAC,MAAkC,cAAc,EAAE;AAAA,QACrD;AACA,YAAI,YAAY,YAAY,WAAW,OAAO,YAAY,UAAU;AAClE,gBAAM,IAAI;AACV,gBAAM,IAAI;AACV,cAAI,OAAO,EAAE,SAAS,SAAU,GAAE,OAAO,EAAE;AAC3C,cAAI,OAAO,EAAE,UAAU,SAAU,GAAE,QAAQ,EAAE;AAAA,QAC/C;AACA,eAAO;AAAA,MACT;AAAA,MACA,MAAM,QAAQ,EAAE,SAAS,MAAM,GAAG;AAChC,YAAI,QAAQ,MAAM;AAChB,gBAAM,IAAI;AACV,cAAI,OAAO,EAAE,SAAS,SAAU,SAAQ,KAAK,OAAO,EAAE;AACtD,cAAI,OAAO,EAAE,UAAU,SAAU,SAAQ,KAAK,QAAQ,EAAE;AACxD,UAAC,QAAQ,KAAiC,KAAK,EAAE;AACjD,UAAC,QAAQ,KAAiC,UAAU,EAAE;AACtD,UAAC,QAAQ,KAAiC,cAAc,EAAE;AAC1D,UAAC,QAAQ,KAAiC,cAAc,EAAE;AAC1D,UAAC,QAAQ,KAAiC,cAAc,EAAE;AAAA,QAC5D;AACA,eAAO;AAAA,MACT;AAAA,IACF;AAAA,EACF;AAEA,SAAO,SAAS,OAAO,OAAO,IAAI;AACpC;","names":["isPublicMethod"]}
package/dist/cli.cjs CHANGED
@@ -183,6 +183,13 @@ async function getHandler() {
183
183
  requireAuth: requireAdminApiAuth,
184
184
  baseUrl,
185
185
  },
186
+ userProfile: {
187
+ dataSource,
188
+ entityMap: CMS_ENTITY_MAP,
189
+ json: NextResponse.json.bind(NextResponse),
190
+ getSession: () =>
191
+ getServerSession().then((s) => (s ? { user: s.user } : null)),
192
+ },
186
193
  })
187
194
  );
188
195
  }
package/dist/cli.cjs.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"sources":["../src/cli.ts"],"sourcesContent":["#!/usr/bin/env node\r\n/**\r\n * @infuro/cms-core init CLI\r\n * Usage: npx @infuro/cms-core init [--force] [--dry-run] [--no-deps] [--no-patch-config]\r\n */\r\nimport fs from 'fs';\r\nimport path from 'path';\r\n\r\nconst TEMPLATES = {\r\n 'src/lib/data-source.ts': `import 'reflect-metadata';\r\nimport path from 'path';\r\nimport { createRequire } from 'module';\r\nimport { DataSource } from 'typeorm';\r\nimport { CMS_ENTITY_MAP } from '@infuro/cms-core';\r\n\r\nconst require = createRequire(import.meta.url);\r\nconst coreDir = path.dirname(require.resolve('@infuro/cms-core'));\r\n\r\nlet dataSource: DataSource | null = null;\r\n\r\nexport function getDataSource(): DataSource {\r\n if (!dataSource) {\r\n dataSource = new DataSource({\r\n type: 'postgres',\r\n url: process.env.DATABASE_URL,\r\n entities: Object.values(CMS_ENTITY_MAP),\r\n synchronize: false,\r\n ...(process.env.TYPEORM_CLI && {\r\n migrations: [\r\n path.join(coreDir, 'migrations', '*.ts'),\r\n path.join(process.cwd(), 'src', 'migrations', '*.ts'),\r\n ],\r\n }),\r\n });\r\n }\r\n return dataSource;\r\n}\r\n\r\nexport async function getDataSourceInitialized(): Promise<DataSource> {\r\n const ds = getDataSource();\r\n if (!ds.isInitialized) await ds.initialize();\r\n return ds;\r\n}\r\n\r\nexport default getDataSource;\r\n`,\r\n\r\n 'src/lib/auth-helpers.ts': `import { getServerSession } from 'next-auth';\r\nimport { NextResponse } from 'next/server';\r\nimport { createAuthHelpers } from '@infuro/cms-core/auth';\r\n\r\nconst helpers = createAuthHelpers(\r\n async () => {\r\n const s = await getServerSession();\r\n return s ? { user: s.user } : null;\r\n },\r\n NextResponse\r\n);\r\n\r\nexport const requireAuth = helpers.requireAuth;\r\nexport const requirePermission = helpers.requirePermission;\r\nexport const requireEntityPermission = helpers.requireEntityPermission;\r\nexport const requireAdminAccess = helpers.requireAdminAccess;\r\nexport const getAuthenticatedUser = helpers.getAuthenticatedUser;\r\n`,\r\n\r\n 'src/lib/cms.ts': `import {\r\n createCmsApp,\r\n localStoragePlugin,\r\n type CmsApp,\r\n} from '@infuro/cms-core';\r\nimport { getDataSourceInitialized } from './data-source';\r\n\r\nlet cmsPromise: Promise<CmsApp> | null = null;\r\n\r\nexport async function getCms(): Promise<CmsApp> {\r\n if (cmsPromise) return cmsPromise;\r\n const dataSource = await getDataSourceInitialized();\r\n cmsPromise = createCmsApp({\r\n dataSource,\r\n config: process.env as unknown as Record<string, string>,\r\n plugins: [\r\n localStoragePlugin({ dir: 'public/uploads' }),\r\n ],\r\n });\r\n return cmsPromise;\r\n}\r\n`,\r\n\r\n 'src/app/api/[[...path]]/route.ts': `import { NextResponse } from 'next/server';\r\nimport { getServerSession } from 'next-auth';\r\nimport { createCmsApiHandler } from '@infuro/cms-core/api';\r\nimport { CMS_ENTITY_MAP } from '@infuro/cms-core';\r\nimport { getDataSourceInitialized } from '@/lib/data-source';\r\nimport {\r\n requireAuth,\r\n requireAdminAccess,\r\n requireEntityPermission,\r\n getAuthenticatedUser,\r\n} from '@/lib/auth-helpers';\r\nimport { getCms } from '@/lib/cms';\r\nimport bcrypt from 'bcryptjs';\r\n\r\nconst baseUrl = process.env.NEXTAUTH_URL || 'http://localhost:3000';\r\n\r\nasync function requireAdminApiAuth(req: Request) {\r\n const a = await requireAuth(req);\r\n if (a) return a;\r\n return requireAdminAccess(req);\r\n}\r\n\r\nlet handlerPromise: Promise<ReturnType<typeof createCmsApiHandler>> | null = null;\r\n\r\nasync function getHandler() {\r\n if (!handlerPromise) {\r\n const dataSource = await getDataSourceInitialized();\r\n handlerPromise = Promise.resolve(\r\n createCmsApiHandler({\r\n dataSource,\r\n entityMap: CMS_ENTITY_MAP,\r\n requireAuth: requireAdminApiAuth,\r\n requireEntityPermission,\r\n getSessionUser: getAuthenticatedUser,\r\n json: NextResponse.json.bind(NextResponse),\r\n getCms,\r\n userAuth: {\r\n dataSource,\r\n entityMap: CMS_ENTITY_MAP,\r\n json: NextResponse.json.bind(NextResponse),\r\n baseUrl,\r\n hashPassword: (p) => Promise.resolve(bcrypt.hashSync(p, 12)),\r\n comparePassword: (p, h) => Promise.resolve(bcrypt.compareSync(p, h)),\r\n resetExpiryHours: 1,\r\n getSession: () =>\r\n getServerSession().then((s) => (s ? { user: s.user } : null)),\r\n },\r\n dashboard: {\r\n dataSource,\r\n entityMap: CMS_ENTITY_MAP,\r\n json: NextResponse.json.bind(NextResponse),\r\n requireAuth: requireAdminApiAuth,\r\n requirePermission: requireAdminApiAuth,\r\n },\r\n upload: {\r\n json: NextResponse.json.bind(NextResponse),\r\n requireAuth: requireAdminApiAuth,\r\n storage: () => getCms().then((cms) => cms.getPlugin('storage')),\r\n localUploadDir: 'public/uploads',\r\n },\r\n blogBySlug: {\r\n dataSource,\r\n entityMap: CMS_ENTITY_MAP,\r\n json: NextResponse.json.bind(NextResponse),\r\n requireAuth: async () => null,\r\n },\r\n formBySlug: {\r\n dataSource,\r\n entityMap: CMS_ENTITY_MAP,\r\n json: NextResponse.json.bind(NextResponse),\r\n requireAuth: async () => null,\r\n },\r\n usersApi: {\r\n dataSource,\r\n entityMap: CMS_ENTITY_MAP,\r\n json: NextResponse.json.bind(NextResponse),\r\n requireAuth: requireAdminApiAuth,\r\n baseUrl,\r\n },\r\n })\r\n );\r\n }\r\n return handlerPromise;\r\n}\r\n\r\nasync function handle(method: string, req: Request, context: { params: Promise<{ path?: string[] }> }) {\r\n try {\r\n const handler = await getHandler();\r\n const { path: pathSegments = [] } = await context.params;\r\n return handler.handle(method, pathSegments, req);\r\n } catch {\r\n return NextResponse.json({ error: 'Server Error' }, { status: 500 });\r\n }\r\n}\r\n\r\nexport async function GET(req: Request, ctx: { params: Promise<{ path?: string[] }> }) { return handle('GET', req, ctx); }\r\nexport async function POST(req: Request, ctx: { params: Promise<{ path?: string[] }> }) { return handle('POST', req, ctx); }\r\nexport async function PUT(req: Request, ctx: { params: Promise<{ path?: string[] }> }) { return handle('PUT', req, ctx); }\r\nexport async function PATCH(req: Request, ctx: { params: Promise<{ path?: string[] }> }) { return handle('PATCH', req, ctx); }\r\nexport async function DELETE(req: Request, ctx: { params: Promise<{ path?: string[] }> }) { return handle('DELETE', req, ctx); }\r\n`,\r\n\r\n 'src/app/api/auth/[...nextauth]/route.ts': `import NextAuth from 'next-auth';\r\nimport { getNextAuthOptions } from '@infuro/cms-core/auth';\r\nimport { getDataSourceInitialized } from '@/lib/data-source';\r\nimport { CMS_ENTITY_MAP } from '@infuro/cms-core';\r\nimport bcrypt from 'bcryptjs';\r\n\r\nasync function getOptions() {\r\n const dataSource = await getDataSourceInitialized();\r\n const userRepo = dataSource.getRepository(CMS_ENTITY_MAP.users);\r\n return getNextAuthOptions({\r\n getUserByEmail: async (email: string) => {\r\n return userRepo.findOne({\r\n where: { email },\r\n relations: ['group', 'group.permissions'],\r\n select: ['id', 'email', 'name', 'password', 'blocked', 'deleted', 'groupId', 'adminAccess'],\r\n }) as any;\r\n },\r\n comparePassword: (plain, hash) => Promise.resolve(bcrypt.compareSync(plain, hash)),\r\n signInPage: '/admin/signin',\r\n });\r\n}\r\n\r\nlet handler: ReturnType<typeof NextAuth> | null = null;\r\n\r\nasync function getHandler() {\r\n if (!handler) handler = NextAuth(await getOptions());\r\n return handler;\r\n}\r\n\r\ntype NextAuthContext = { params: Promise<{ nextauth?: string[] }> };\r\n\r\nexport async function GET(req: Request, context: NextAuthContext) {\r\n return (await getHandler())(req, context);\r\n}\r\nexport async function POST(req: Request, context: NextAuthContext) {\r\n return (await getHandler())(req, context);\r\n}\r\n`,\r\n\r\n 'src/app/admin/layout.tsx': `'use client';\r\n\r\nimport '@infuro/cms-core/admin.css';\r\nimport AdminLayout from '@infuro/cms-core/admin';\r\n\r\nexport default function AdminLayoutWrapper({ children }: { children: React.ReactNode }) {\r\n return (\r\n <AdminLayout\r\n customNavItems={[]}\r\n customNavSections={[]}\r\n customCrudConfigs={{}}\r\n >\r\n {children}\r\n </AdminLayout>\r\n );\r\n}\r\n`,\r\n\r\n 'src/app/admin/[[...slug]]/page.tsx': `import { AdminPageResolver } from '@infuro/cms-core/admin';\r\n\r\nexport default async function AdminPage({ params }: { params: Promise<{ slug?: string[] }> }) {\r\n const { slug } = await params;\r\n return <AdminPageResolver slug={slug} />;\r\n}\r\n`,\r\n\r\n 'src/middleware.ts': `import { NextResponse } from 'next/server';\r\nimport type { NextRequest } from 'next/server';\r\nimport { createCmsMiddleware } from '@infuro/cms-core/auth';\r\n\r\nconst cmsMiddleware = createCmsMiddleware({\r\n publicApiMethods: {\r\n '/api/contacts': ['POST'],\r\n '/api/form-submissions': ['POST'],\r\n '/api/blogs': ['GET'],\r\n '/api/forms': ['GET'],\r\n '/api/auth': ['GET', 'POST'],\r\n '/api/users/forgot-password': ['POST'],\r\n '/api/users/set-password': ['POST'],\r\n '/api/users/invite': ['POST'],\r\n },\r\n});\r\n\r\nexport function middleware(request: NextRequest) {\r\n const result = cmsMiddleware({\r\n nextUrl: request.nextUrl,\r\n url: request.url,\r\n method: request.method,\r\n cookies: request.cookies,\r\n });\r\n\r\n if (result.type === 'next') return NextResponse.next();\r\n if (result.type === 'redirect') return NextResponse.redirect(result.url);\r\n if (result.type === 'json') return NextResponse.json(result.body, { status: result.status });\r\n return NextResponse.next();\r\n}\r\n\r\nexport const config = {\r\n matcher: ['/admin/:path*', '/api/:path*'],\r\n};\r\n`,\r\n\r\n 'src/app/providers.tsx': `\"use client\";\r\n\r\nimport { ThemeProvider } from \"next-themes\";\r\nimport { SessionProvider } from \"next-auth/react\";\r\nimport { Toaster } from \"sonner\";\r\n\r\nexport function Providers({ children }: { children: React.ReactNode }) {\r\n return (\r\n <SessionProvider>\r\n <ThemeProvider attribute=\"class\" defaultTheme=\"system\" enableSystem>\r\n {children}\r\n <Toaster position=\"top-right\" />\r\n </ThemeProvider>\r\n </SessionProvider>\r\n );\r\n}\r\n`,\r\n\r\n '.env.example': `DATABASE_URL=postgres://user:password@localhost:5432/mydb\r\nNEXTAUTH_SECRET=your-random-secret\r\nNEXTAUTH_URL=http://localhost:3000\r\n\r\n# Admin user (for npm run seed)\r\nADMIN_EMAIL=admin@example.com\r\nADMIN_PASSWORD=changeme\r\n`,\r\n\r\n 'src/lib/seed.ts': `try { require('dotenv/config'); } catch {}\r\nimport 'reflect-metadata';\r\nimport { getDataSourceInitialized } from './data-source';\r\nimport { CMS_ENTITY_MAP } from '@infuro/cms-core';\r\nimport bcrypt from 'bcryptjs';\r\n\r\nasync function main() {\r\n const ds = await getDataSourceInitialized();\r\n const userRepo = ds.getRepository(CMS_ENTITY_MAP.users);\r\n\r\n const email = process.env.ADMIN_EMAIL || 'admin@example.com';\r\n const password = process.env.ADMIN_PASSWORD || 'changeme';\r\n\r\n const existing = await userRepo.findOne({ where: { email } });\r\n if (!existing) {\r\n const hashedPassword = await bcrypt.hash(password, 10);\r\n await userRepo.save(userRepo.create({ name: 'Admin', email, password: hashedPassword }));\r\n console.log('Default admin user created');\r\n } else {\r\n console.log('Default admin user already exists');\r\n }\r\n\r\n await ds.destroy();\r\n}\r\n\r\nmain().catch((e) => {\r\n console.error(e);\r\n process.exit(1);\r\n});\r\n`,\r\n\r\n 'scripts/migration-datasource.cjs': `/**\r\n * Data source for TypeORM CLI (migration:generate). Resolves @infuro/cms-core from project root (works with npm link).\r\n */\r\nrequire('reflect-metadata');\r\nrequire('dotenv/config');\r\nconst path = require('path');\r\nconst { DataSource } = require('typeorm');\r\nconst coreEntry = path.resolve(__dirname, '..', 'node_modules', '@infuro', 'cms-core', 'dist', 'index.cjs');\r\nconst { CMS_ENTITY_MAP } = require(coreEntry);\r\n\r\nmodule.exports = new DataSource({\r\n type: 'postgres',\r\n url: process.env.DATABASE_URL,\r\n entities: Object.values(CMS_ENTITY_MAP),\r\n synchronize: false,\r\n migrations: ['src/migrations/*.ts'],\r\n});\r\n`,\r\n\r\n 'scripts/run-migrations.ts': `/**\r\n * Run TypeORM migrations. Loads .env so DATABASE_URL is set.\r\n * Usage: npm run migration:run\r\n */\r\ntry { require('dotenv/config'); } catch {}\r\nimport 'reflect-metadata';\r\n\r\nasync function main() {\r\n process.env.TYPEORM_CLI = '1';\r\n const { getDataSourceInitialized } = await import('../src/lib/data-source');\r\n const ds = await getDataSourceInitialized();\r\n const run = await ds.runMigrations();\r\n console.log(run.length ? \\`Ran \\${run.length} migration(s).\\` : 'No pending migrations.');\r\n await ds.destroy();\r\n}\r\n\r\nmain().catch((e) => {\r\n console.error(e);\r\n process.exit(1);\r\n});\r\n`,\r\n\r\n 'src/migrations/README.md': `# TypeORM migrations\r\n\r\nGenerate a new migration (after changing entities):\r\n\r\n\\`\\`\\`bash\r\nnpm run migration:generate -- MyMigrationName\r\n\\`\\`\\`\r\n\r\nRun pending migrations:\r\n\r\n\\`\\`\\`bash\r\nnpm run migration:run\r\n\\`\\`\\`\r\n`,\r\n\r\n 'src/themes/default/index.ts': `import { createTheme } from '@infuro/cms-core/theme';\r\n\r\nimport { Container, meta as containerMeta } from './components/Container';\r\nimport { TextBlock, meta as textBlockMeta } from './components/TextBlock';\r\n\r\nimport { Navbar } from './layout/Navbar';\r\nimport { Footer, footerFields, footerDefaults } from './layout/Footer';\r\n\r\nexport default createTheme({\r\n name: 'default',\r\n label: 'Default Theme',\r\n components: [\r\n { component: Container, meta: containerMeta },\r\n { component: TextBlock, meta: textBlockMeta },\r\n ],\r\n layout: {\r\n navbar: { component: Navbar },\r\n footer: { component: Footer, fields: footerFields, defaults: footerDefaults },\r\n },\r\n});\r\n`,\r\n\r\n 'src/themes/default/layout/Navbar.tsx': `import type { NavbarConfig, NavItem } from '@infuro/cms-core/theme';\r\n\r\nfunction NavLink({ item }: { item: NavItem }) {\r\n return (\r\n <li className=\"list-none\">\r\n <a\r\n href={item.url}\r\n target={item.openInNewTab ? '_blank' : undefined}\r\n rel={item.openInNewTab ? 'noopener noreferrer' : undefined}\r\n className=\"text-sm font-medium text-gray-700 hover:text-gray-900 px-3 py-2 inline-block\"\r\n >\r\n {item.label}\r\n </a>\r\n </li>\r\n );\r\n}\r\n\r\nexport function Navbar({ logo, items, ctaLabel, ctaUrl }: NavbarConfig) {\r\n return (\r\n <nav className=\"bg-white sticky top-0 z-40 border-b\">\r\n <div className=\"max-w-7xl mx-auto px-4 sm:px-6 lg:px-8\">\r\n <div className=\"flex items-center justify-between h-16\">\r\n <a href=\"/\" className=\"flex-shrink-0\">\r\n {logo ? (\r\n <img src={logo} alt=\"Logo\" className=\"h-8\" />\r\n ) : (\r\n <span className=\"text-xl font-bold text-gray-900\">Logo</span>\r\n )}\r\n </a>\r\n <ul className=\"flex items-center gap-1 list-none m-0 p-0\">\r\n {items.map((item) => (\r\n <NavLink key={item.id} item={item} />\r\n ))}\r\n </ul>\r\n {ctaLabel && (\r\n <a href={ctaUrl || '#'} className=\"text-sm font-medium text-gray-900 hover:underline\">\r\n {ctaLabel}\r\n </a>\r\n )}\r\n </div>\r\n </div>\r\n </nav>\r\n );\r\n}\r\n`,\r\n\r\n 'src/themes/default/layout/Footer.tsx': `import type { FooterConfig, PropDefinition } from '@infuro/cms-core/theme';\r\n\r\nexport const footerFields: PropDefinition[] = [\r\n { name: 'copyright', label: 'Copyright Text', type: 'text' },\r\n];\r\n\r\nexport const footerDefaults: Record<string, any> = {\r\n copyright: '© 2025 Your Site. All rights reserved.',\r\n columns: [],\r\n socialLinks: [],\r\n};\r\n\r\nexport function Footer({ copyright, columns = [], socialLinks = [] }: FooterConfig) {\r\n return (\r\n <footer className=\"bg-gray-900 text-gray-400 py-8 px-8\">\r\n <div className=\"max-w-7xl mx-auto\">\r\n {columns.length > 0 && (\r\n <div className=\"grid grid-cols-2 md:grid-cols-4 gap-8 mb-6\">\r\n {columns.map((col, i) => (\r\n <div key={i}>\r\n <h4 className=\"text-white font-semibold mb-3 text-sm\">{col.title}</h4>\r\n <ul className=\"space-y-2\">\r\n {col.links.map((link, j) => (\r\n <li key={j}>\r\n <a href={link.url} className=\"text-sm hover:text-white transition-colors\">\r\n {link.label}\r\n </a>\r\n </li>\r\n ))}\r\n </ul>\r\n </div>\r\n ))}\r\n </div>\r\n )}\r\n <div className=\"border-t border-gray-800 pt-6\">\r\n <p className=\"text-sm\">{copyright}</p>\r\n </div>\r\n </div>\r\n </footer>\r\n );\r\n}\r\n`,\r\n\r\n 'src/themes/default/components/Container.tsx': `import type { ComponentMeta } from '@infuro/cms-core/theme';\r\n\r\nexport const meta: ComponentMeta = {\r\n name: 'Container',\r\n label: 'Container',\r\n category: 'layout',\r\n icon: 'LayoutDashboard',\r\n description: 'A layout container that holds other components',\r\n defaultProps: { background: '#ffffff' },\r\n props: [{ name: 'background', label: 'Background', type: 'color' }],\r\n canContainChildren: true,\r\n};\r\n\r\nexport function Container({\r\n background = '#ffffff',\r\n children,\r\n}: {\r\n background?: string;\r\n children?: React.ReactNode;\r\n}) {\r\n return (\r\n <div style={{ backgroundColor: background, minHeight: '48px', padding: '1rem' }}>\r\n {children}\r\n </div>\r\n );\r\n}\r\n`,\r\n\r\n 'src/themes/default/components/TextBlock.tsx': `import type { ComponentMeta } from '@infuro/cms-core/theme';\r\n\r\nexport const meta: ComponentMeta = {\r\n name: 'TextBlock',\r\n label: 'Text Block',\r\n category: 'content',\r\n icon: 'Type',\r\n description: 'Rich text content block',\r\n defaultProps: { content: '<p>Enter your text here...</p>' },\r\n props: [{ name: 'content', label: 'Content', type: 'richtext' }],\r\n};\r\n\r\nexport function TextBlock({ content }: { content?: string }) {\r\n return (\r\n <div\r\n className=\"prose prose-gray max-w-none py-4 px-2\"\r\n dangerouslySetInnerHTML={{ __html: content || '' }}\r\n />\r\n );\r\n}\r\n`,\r\n\r\n 'src/lib/theme-registry.ts': `import defaultTheme from '@/themes/default';\r\nimport type { ThemeConfig } from '@infuro/cms-core/theme';\r\n\r\nexport const defaultThemeConfig = defaultTheme;\r\n\r\nexport interface ThemeRegistryItem {\r\n id: string;\r\n label: string;\r\n config: ThemeConfig;\r\n description?: string;\r\n}\r\n\r\nexport const THEME_REGISTRY: ThemeRegistryItem[] = [\r\n {\r\n id: 'default',\r\n label: 'Default',\r\n config: defaultTheme,\r\n description: 'Default theme with standard layout and components.',\r\n },\r\n];\r\n\r\nexport function getThemeById(id: string | undefined): ThemeConfig {\r\n const theme = THEME_REGISTRY.find((t) => t.id === (id || '')) ?? THEME_REGISTRY[0];\r\n return theme?.config ?? defaultTheme;\r\n}\r\n`,\r\n\r\n 'src/app/page.tsx': `export default function HomePage() {\r\n return (\r\n <main className=\"min-h-screen flex flex-col items-center justify-center p-8\">\r\n <h1 className=\"text-3xl font-bold text-gray-900 mb-4\">Welcome</h1>\r\n <p className=\"text-gray-600 mb-6\">Your CMS is set up. Manage content at the admin panel.</p>\r\n <a\r\n href=\"/admin\"\r\n className=\"text-white bg-gray-900 hover:bg-gray-800 px-4 py-2 rounded-lg font-medium transition-colors\"\r\n >\r\n Open Admin\r\n </a>\r\n </main>\r\n );\r\n}\r\n`,\r\n\r\n 'src/app/contact/page.tsx': `export default function ContactPage() {\r\n return (\r\n <main className=\"min-h-screen p-8 max-w-2xl mx-auto\">\r\n <h1 className=\"text-3xl font-bold text-gray-900 mb-4\">Contact</h1>\r\n <p className=\"text-gray-600\">\r\n Add a contact form or wire this page to your CMS form. Use the admin panel to manage forms and submissions.\r\n </p>\r\n </main>\r\n );\r\n}\r\n`,\r\n};\r\n\r\nfunction findRoot(cwd: string): string | null {\r\n let dir = path.resolve(cwd);\r\n for (let i = 0; i < 20; i++) {\r\n const pkgPath = path.join(dir, 'package.json');\r\n if (fs.existsSync(pkgPath)) {\r\n try {\r\n const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));\r\n if (pkg.dependencies?.next || pkg.devDependencies?.next) return dir;\r\n } catch {\r\n // ignore\r\n }\r\n }\r\n const parent = path.dirname(dir);\r\n if (parent === dir) break;\r\n dir = parent;\r\n }\r\n return null;\r\n}\r\n\r\nfunction writeFile(\r\n root: string,\r\n filePath: string,\r\n content: string,\r\n force: boolean,\r\n dryRun: boolean,\r\n log: (msg: string) => void\r\n): boolean {\r\n const full = path.join(root, filePath);\r\n if (fs.existsSync(full) && !force) {\r\n log(` skip (exists): ${filePath}`);\r\n return false;\r\n }\r\n if (dryRun) {\r\n log(` would create: ${filePath}`);\r\n return true;\r\n }\r\n const dir = path.dirname(full);\r\n fs.mkdirSync(dir, { recursive: true });\r\n fs.writeFileSync(full, content, 'utf8');\r\n log(` created: ${filePath}`);\r\n return true;\r\n}\r\n\r\nfunction patchNextConfig(root: string, dryRun: boolean, log: (msg: string) => void): boolean {\r\n const candidates = ['next.config.js', 'next.config.mjs', 'next.config.cjs'];\r\n let configPath: string | null = null;\r\n for (const name of candidates) {\r\n const p = path.join(root, name);\r\n if (fs.existsSync(p)) {\r\n configPath = p;\r\n break;\r\n }\r\n }\r\n if (!configPath) {\r\n log(' skip next.config: not found');\r\n return false;\r\n }\r\n let content = fs.readFileSync(configPath, 'utf8');\r\n if (content.includes(\"'@infuro/cms-core'\") || content.includes('\"@infuro/cms-core\"')) {\r\n log(` skip (already has core): ${path.basename(configPath)}`);\r\n return false;\r\n }\r\n if (content.includes('serverExternalPackages')) {\r\n content = content.replace(\r\n /(serverExternalPackages:\\s*\\[)/,\r\n \"$1'@infuro/cms-core', 'typeorm', \"\r\n );\r\n } else {\r\n content = content.replace(\r\n /(const nextConfig\\s*=\\s*\\{|module\\.exports\\s*=\\s*\\{)/,\r\n \"$1\\n serverExternalPackages: ['@infuro/cms-core', 'typeorm'],\"\r\n );\r\n }\r\n if (dryRun) {\r\n log(` would patch: ${path.basename(configPath)}`);\r\n return true;\r\n }\r\n fs.writeFileSync(configPath, content, 'utf8');\r\n log(` patched: ${path.basename(configPath)}`);\r\n return true;\r\n}\r\n\r\nfunction patchTailwind(root: string, dryRun: boolean, log: (msg: string) => void): boolean {\r\n const candidates = ['tailwind.config.js', 'tailwind.config.mjs', 'tailwind.config.ts'];\r\n let configPath: string | null = null;\r\n for (const name of candidates) {\r\n const p = path.join(root, name);\r\n if (fs.existsSync(p)) {\r\n configPath = p;\r\n break;\r\n }\r\n }\r\n if (!configPath) {\r\n log(' skip tailwind: config not found');\r\n return false;\r\n }\r\n let content = fs.readFileSync(configPath, 'utf8');\r\n const coreContent = \"./node_modules/@infuro/cms-core/dist/**/*.{js,cjs}\";\r\n if (content.includes('@infuro/cms-core')) {\r\n log(` skip (already has core): ${path.basename(configPath)}`);\r\n return false;\r\n }\r\n if (content.includes('content:')) {\r\n content = content.replace(\r\n /(content:\\s*\\[)/,\r\n `$1\\n \"${coreContent}\",`\r\n );\r\n }\r\n if (dryRun) {\r\n log(` would patch: ${path.basename(configPath)}`);\r\n return true;\r\n }\r\n fs.writeFileSync(configPath, content, 'utf8');\r\n log(` patched: ${path.basename(configPath)}`);\r\n return true;\r\n}\r\n\r\nfunction patchLayout(root: string, dryRun: boolean, log: (msg: string) => void): boolean {\r\n const layoutPath = path.join(root, 'src/app/layout.tsx');\r\n if (!fs.existsSync(layoutPath)) {\r\n log(' skip layout: src/app/layout.tsx not found');\r\n return false;\r\n }\r\n let content = fs.readFileSync(layoutPath, 'utf8');\r\n if (content.includes('<Providers>')) {\r\n log(' skip layout: already uses Providers');\r\n return false;\r\n }\r\n const bodyMatch = content.match(/<body([^>]*)>\\s*(\\{children\\})\\s*<\\/body>/s);\r\n if (!bodyMatch) {\r\n log(' skip layout: unexpected structure (add <Providers> manually)');\r\n return false;\r\n }\r\n if (dryRun) {\r\n log(' would patch: src/app/layout.tsx');\r\n return true;\r\n }\r\n const [, bodyAttrs, children] = bodyMatch;\r\n const newBody = `<body${bodyAttrs}>\\n <Providers>${children}</Providers>\\n </body>`;\r\n content = content.replace(/<body[^>]*>\\s*\\{children\\}\\s*<\\/body>/s, newBody);\r\n if (!content.includes(\"from './providers'\") && !content.includes('from \"./providers\"')) {\r\n const firstImport = content.match(/^import .+ from .+;\\n/m);\r\n content = firstImport\r\n ? content.replace(firstImport[0], firstImport[0] + \"import { Providers } from './providers';\\n\")\r\n : \"import { Providers } from './providers';\\n\" + content;\r\n }\r\n if (content.includes('<html') && !content.includes('suppressHydrationWarning')) {\r\n content = content.replace(/<html(\\s)/, '<html suppressHydrationWarning$1');\r\n }\r\n fs.writeFileSync(layoutPath, content, 'utf8');\r\n log(' patched: src/app/layout.tsx');\r\n return true;\r\n}\r\n\r\nfunction patchPackageJson(root: string, dryRun: boolean, log: (msg: string) => void): boolean {\r\n const pkgPath = path.join(root, 'package.json');\r\n if (!fs.existsSync(pkgPath)) return false;\r\n const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));\r\n const scripts = pkg.scripts || {};\r\n let changed = false;\r\n if (!scripts.seed) {\r\n scripts.seed = 'tsx src/lib/seed.ts';\r\n changed = true;\r\n }\r\n if (!scripts['migration:run']) {\r\n scripts['migration:run'] = 'tsx scripts/run-migrations.ts';\r\n changed = true;\r\n }\r\n const dev = pkg.devDependencies || {};\r\n const deps = pkg.dependencies || {};\r\n if (!deps['@infuro/cms-core']) {\r\n deps['@infuro/cms-core'] = '^1.0.6';\r\n changed = true;\r\n }\r\n if (!dev.tsx) {\r\n dev.tsx = '^4.0.0';\r\n changed = true;\r\n }\r\n if (!dev.dotenv) {\r\n dev.dotenv = '^16.0.0';\r\n changed = true;\r\n }\r\n if (!changed) {\r\n log(' skip package.json: scripts/devDeps already present');\r\n return false;\r\n }\r\n pkg.scripts = scripts;\r\n pkg.dependencies = { ...pkg.dependencies, ...deps };\r\n pkg.devDependencies = { ...pkg.devDependencies, ...dev };\r\n if (dryRun) {\r\n log(' would patch: package.json (scripts + devDependencies)');\r\n return true;\r\n }\r\n fs.writeFileSync(pkgPath, JSON.stringify(pkg, null, 2), 'utf8');\r\n log(' patched: package.json');\r\n return true;\r\n}\r\n\r\nasync function runNpmInstall(root: string, log: (msg: string) => void): Promise<void> {\r\n const { spawnSync } = await import('child_process');\r\n log(' running: npm install (deps)...');\r\n spawnSync('npm', ['install', '@infuro/cms-core', 'typeorm', 'reflect-metadata', 'bcryptjs', 'next-auth', 'next-themes', 'sonner'], {\r\n cwd: root,\r\n stdio: 'inherit',\r\n shell: true,\r\n });\r\n log(' running: npm install -D tsx dotenv @types/node...');\r\n spawnSync('npm', ['install', '-D', 'tsx', 'dotenv', '@types/node'], {\r\n cwd: root,\r\n stdio: 'inherit',\r\n shell: true,\r\n });\r\n}\r\n\r\nasync function runInit(opts: {\r\n force: boolean;\r\n dryRun: boolean;\r\n noDeps: boolean;\r\n noPatchConfig: boolean;\r\n}) {\r\n const log = (msg: string) => console.log(msg);\r\n const cwd = process.cwd();\r\n const root = findRoot(cwd);\r\n if (!root) {\r\n console.error('Not a Next.js project (no package.json with next dependency found from ' + cwd + ')');\r\n process.exit(1);\r\n }\r\n const appDir = path.join(root, 'src/app');\r\n if (!fs.existsSync(appDir)) {\r\n console.error('Expected src/app directory not found. Use a Next.js app with src directory (e.g. create-next-app --src-dir).');\r\n process.exit(1);\r\n }\r\n\r\n log('Infuro CMS init @ ' + root);\r\n if (opts.dryRun) log('(dry run)');\r\n\r\n for (const [filePath, content] of Object.entries(TEMPLATES)) {\r\n writeFile(root, filePath, content, opts.force, opts.dryRun, log);\r\n }\r\n\r\n if (!opts.noPatchConfig) {\r\n log('Config patches:');\r\n patchNextConfig(root, opts.dryRun, log);\r\n patchTailwind(root, opts.dryRun, log);\r\n patchLayout(root, opts.dryRun, log);\r\n patchPackageJson(root, opts.dryRun, log);\r\n }\r\n\r\n if (!opts.noDeps && !opts.dryRun) {\r\n log('Dependencies:');\r\n await runNpmInstall(root, log);\r\n } else if (!opts.noDeps && opts.dryRun) {\r\n log(' would run: npm install @infuro/cms-core typeorm reflect-metadata bcryptjs next-auth next-themes sonner');\r\n log(' would run: npm install -D tsx dotenv @types/node');\r\n }\r\n\r\n log('');\r\n log('Done. Next steps:');\r\n log(' 1. Copy .env.example to .env and set DATABASE_URL, NEXTAUTH_SECRET, NEXTAUTH_URL, ADMIN_EMAIL, ADMIN_PASSWORD');\r\n log(' 2. Run npm run migration:run then npm run seed (creates admin from ADMIN_EMAIL/ADMIN_PASSWORD)');\r\n log(' 3. npm run dev');\r\n}\r\n\r\nconst args = process.argv.slice(2);\r\nconst force = args.includes('--force');\r\nconst dryRun = args.includes('--dry-run');\r\nconst noDeps = args.includes('--no-deps');\r\nconst noPatchConfig = args.includes('--no-patch-config');\r\n\r\nif (args[0] === 'init' || args.includes('--init') || (args.length === 0 && !args.some((a) => a.startsWith('--')))) {\r\n runInit({ force, dryRun, noDeps, noPatchConfig }).catch((e) => {\r\n console.error(e);\r\n process.exit(1);\r\n });\r\n} else {\r\n console.log('Usage: npx @infuro/cms-core init [--force] [--dry-run] [--no-deps] [--no-patch-config]');\r\n process.exit(args[0] === '--help' || args[0] === '-h' ? 0 : 1);\r\n}\r\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAKA,gBAAe;AACf,kBAAiB;AAEjB,IAAM,YAAY;AAAA,EAChB,0BAA0B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAsC1B,2BAA2B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAmB3B,kBAAkB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAuBlB,oCAAoC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAsGpC,2CAA2C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAuC3C,4BAA4B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAkB5B,sCAAsC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQtC,qBAAqB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAoCrB,yBAAyB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAkBzB,gBAAgB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAShB,mBAAmB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA+BnB,oCAAoC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAmBpC,6BAA6B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAsB7B,4BAA4B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAe5B,+BAA+B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAsB/B,wCAAwC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA8CxC,wCAAwC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA2CxC,+CAA+C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA4B/C,+CAA+C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAsB/C,6BAA6B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA2B7B,oBAAoB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBpB,4BAA4B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAW9B;AAEA,SAAS,SAAS,KAA4B;AAC5C,MAAI,MAAM,YAAAA,QAAK,QAAQ,GAAG;AAC1B,WAAS,IAAI,GAAG,IAAI,IAAI,KAAK;AAC3B,UAAM,UAAU,YAAAA,QAAK,KAAK,KAAK,cAAc;AAC7C,QAAI,UAAAC,QAAG,WAAW,OAAO,GAAG;AAC1B,UAAI;AACF,cAAM,MAAM,KAAK,MAAM,UAAAA,QAAG,aAAa,SAAS,MAAM,CAAC;AACvD,YAAI,IAAI,cAAc,QAAQ,IAAI,iBAAiB,KAAM,QAAO;AAAA,MAClE,QAAQ;AAAA,MAER;AAAA,IACF;AACA,UAAM,SAAS,YAAAD,QAAK,QAAQ,GAAG;AAC/B,QAAI,WAAW,IAAK;AACpB,UAAM;AAAA,EACR;AACA,SAAO;AACT;AAEA,SAAS,UACP,MACA,UACA,SACAE,QACAC,SACA,KACS;AACT,QAAM,OAAO,YAAAH,QAAK,KAAK,MAAM,QAAQ;AACrC,MAAI,UAAAC,QAAG,WAAW,IAAI,KAAK,CAACC,QAAO;AACjC,QAAI,oBAAoB,QAAQ,EAAE;AAClC,WAAO;AAAA,EACT;AACA,MAAIC,SAAQ;AACV,QAAI,mBAAmB,QAAQ,EAAE;AACjC,WAAO;AAAA,EACT;AACA,QAAM,MAAM,YAAAH,QAAK,QAAQ,IAAI;AAC7B,YAAAC,QAAG,UAAU,KAAK,EAAE,WAAW,KAAK,CAAC;AACrC,YAAAA,QAAG,cAAc,MAAM,SAAS,MAAM;AACtC,MAAI,cAAc,QAAQ,EAAE;AAC5B,SAAO;AACT;AAEA,SAAS,gBAAgB,MAAcE,SAAiB,KAAqC;AAC3F,QAAM,aAAa,CAAC,kBAAkB,mBAAmB,iBAAiB;AAC1E,MAAI,aAA4B;AAChC,aAAW,QAAQ,YAAY;AAC7B,UAAM,IAAI,YAAAH,QAAK,KAAK,MAAM,IAAI;AAC9B,QAAI,UAAAC,QAAG,WAAW,CAAC,GAAG;AACpB,mBAAa;AACb;AAAA,IACF;AAAA,EACF;AACA,MAAI,CAAC,YAAY;AACf,QAAI,+BAA+B;AACnC,WAAO;AAAA,EACT;AACA,MAAI,UAAU,UAAAA,QAAG,aAAa,YAAY,MAAM;AAChD,MAAI,QAAQ,SAAS,oBAAoB,KAAK,QAAQ,SAAS,oBAAoB,GAAG;AACpF,QAAI,8BAA8B,YAAAD,QAAK,SAAS,UAAU,CAAC,EAAE;AAC7D,WAAO;AAAA,EACT;AACA,MAAI,QAAQ,SAAS,wBAAwB,GAAG;AAC9C,cAAU,QAAQ;AAAA,MAChB;AAAA,MACA;AAAA,IACF;AAAA,EACF,OAAO;AACL,cAAU,QAAQ;AAAA,MAChB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACA,MAAIG,SAAQ;AACV,QAAI,kBAAkB,YAAAH,QAAK,SAAS,UAAU,CAAC,EAAE;AACjD,WAAO;AAAA,EACT;AACA,YAAAC,QAAG,cAAc,YAAY,SAAS,MAAM;AAC5C,MAAI,cAAc,YAAAD,QAAK,SAAS,UAAU,CAAC,EAAE;AAC7C,SAAO;AACT;AAEA,SAAS,cAAc,MAAcG,SAAiB,KAAqC;AACzF,QAAM,aAAa,CAAC,sBAAsB,uBAAuB,oBAAoB;AACrF,MAAI,aAA4B;AAChC,aAAW,QAAQ,YAAY;AAC7B,UAAM,IAAI,YAAAH,QAAK,KAAK,MAAM,IAAI;AAC9B,QAAI,UAAAC,QAAG,WAAW,CAAC,GAAG;AACpB,mBAAa;AACb;AAAA,IACF;AAAA,EACF;AACA,MAAI,CAAC,YAAY;AACf,QAAI,mCAAmC;AACvC,WAAO;AAAA,EACT;AACA,MAAI,UAAU,UAAAA,QAAG,aAAa,YAAY,MAAM;AAChD,QAAM,cAAc;AACpB,MAAI,QAAQ,SAAS,kBAAkB,GAAG;AACxC,QAAI,8BAA8B,YAAAD,QAAK,SAAS,UAAU,CAAC,EAAE;AAC7D,WAAO;AAAA,EACT;AACA,MAAI,QAAQ,SAAS,UAAU,GAAG;AAChC,cAAU,QAAQ;AAAA,MAChB;AAAA,MACA;AAAA,OAAY,WAAW;AAAA,IACzB;AAAA,EACF;AACA,MAAIG,SAAQ;AACV,QAAI,kBAAkB,YAAAH,QAAK,SAAS,UAAU,CAAC,EAAE;AACjD,WAAO;AAAA,EACT;AACA,YAAAC,QAAG,cAAc,YAAY,SAAS,MAAM;AAC5C,MAAI,cAAc,YAAAD,QAAK,SAAS,UAAU,CAAC,EAAE;AAC7C,SAAO;AACT;AAEA,SAAS,YAAY,MAAcG,SAAiB,KAAqC;AACvF,QAAM,aAAa,YAAAH,QAAK,KAAK,MAAM,oBAAoB;AACvD,MAAI,CAAC,UAAAC,QAAG,WAAW,UAAU,GAAG;AAC9B,QAAI,6CAA6C;AACjD,WAAO;AAAA,EACT;AACA,MAAI,UAAU,UAAAA,QAAG,aAAa,YAAY,MAAM;AAChD,MAAI,QAAQ,SAAS,aAAa,GAAG;AACnC,QAAI,uCAAuC;AAC3C,WAAO;AAAA,EACT;AACA,QAAM,YAAY,QAAQ,MAAM,4CAA4C;AAC5E,MAAI,CAAC,WAAW;AACd,QAAI,gEAAgE;AACpE,WAAO;AAAA,EACT;AACA,MAAIE,SAAQ;AACV,QAAI,mCAAmC;AACvC,WAAO;AAAA,EACT;AACA,QAAM,CAAC,EAAE,WAAW,QAAQ,IAAI;AAChC,QAAM,UAAU,QAAQ,SAAS;AAAA,qBAAyB,QAAQ;AAAA;AAClE,YAAU,QAAQ,QAAQ,0CAA0C,OAAO;AAC3E,MAAI,CAAC,QAAQ,SAAS,oBAAoB,KAAK,CAAC,QAAQ,SAAS,oBAAoB,GAAG;AACtF,UAAM,cAAc,QAAQ,MAAM,wBAAwB;AAC1D,cAAU,cACN,QAAQ,QAAQ,YAAY,CAAC,GAAG,YAAY,CAAC,IAAI,4CAA4C,IAC7F,+CAA+C;AAAA,EACrD;AACA,MAAI,QAAQ,SAAS,OAAO,KAAK,CAAC,QAAQ,SAAS,0BAA0B,GAAG;AAC9E,cAAU,QAAQ,QAAQ,aAAa,kCAAkC;AAAA,EAC3E;AACA,YAAAF,QAAG,cAAc,YAAY,SAAS,MAAM;AAC5C,MAAI,+BAA+B;AACnC,SAAO;AACT;AAEA,SAAS,iBAAiB,MAAcE,SAAiB,KAAqC;AAC5F,QAAM,UAAU,YAAAH,QAAK,KAAK,MAAM,cAAc;AAC9C,MAAI,CAAC,UAAAC,QAAG,WAAW,OAAO,EAAG,QAAO;AACpC,QAAM,MAAM,KAAK,MAAM,UAAAA,QAAG,aAAa,SAAS,MAAM,CAAC;AACvD,QAAM,UAAU,IAAI,WAAW,CAAC;AAChC,MAAI,UAAU;AACd,MAAI,CAAC,QAAQ,MAAM;AACjB,YAAQ,OAAO;AACf,cAAU;AAAA,EACZ;AACA,MAAI,CAAC,QAAQ,eAAe,GAAG;AAC7B,YAAQ,eAAe,IAAI;AAC3B,cAAU;AAAA,EACZ;AACA,QAAM,MAAM,IAAI,mBAAmB,CAAC;AACpC,QAAM,OAAO,IAAI,gBAAgB,CAAC;AAClC,MAAI,CAAC,KAAK,kBAAkB,GAAG;AAC7B,SAAK,kBAAkB,IAAI;AAC3B,cAAU;AAAA,EACZ;AACA,MAAI,CAAC,IAAI,KAAK;AACZ,QAAI,MAAM;AACV,cAAU;AAAA,EACZ;AACA,MAAI,CAAC,IAAI,QAAQ;AACf,QAAI,SAAS;AACb,cAAU;AAAA,EACZ;AACA,MAAI,CAAC,SAAS;AACZ,QAAI,sDAAsD;AAC1D,WAAO;AAAA,EACT;AACA,MAAI,UAAU;AACd,MAAI,eAAe,EAAE,GAAG,IAAI,cAAc,GAAG,KAAK;AAClD,MAAI,kBAAkB,EAAE,GAAG,IAAI,iBAAiB,GAAG,IAAI;AACvD,MAAIE,SAAQ;AACV,QAAI,yDAAyD;AAC7D,WAAO;AAAA,EACT;AACA,YAAAF,QAAG,cAAc,SAAS,KAAK,UAAU,KAAK,MAAM,CAAC,GAAG,MAAM;AAC9D,MAAI,yBAAyB;AAC7B,SAAO;AACT;AAEA,eAAe,cAAc,MAAc,KAA2C;AACpF,QAAM,EAAE,UAAU,IAAI,MAAM,OAAO,eAAe;AAClD,MAAI,kCAAkC;AACtC,YAAU,OAAO,CAAC,WAAW,oBAAoB,WAAW,oBAAoB,YAAY,aAAa,eAAe,QAAQ,GAAG;AAAA,IACjI,KAAK;AAAA,IACL,OAAO;AAAA,IACP,OAAO;AAAA,EACT,CAAC;AACD,MAAI,qDAAqD;AACzD,YAAU,OAAO,CAAC,WAAW,MAAM,OAAO,UAAU,aAAa,GAAG;AAAA,IAClE,KAAK;AAAA,IACL,OAAO;AAAA,IACP,OAAO;AAAA,EACT,CAAC;AACH;AAEA,eAAe,QAAQ,MAKpB;AACD,QAAM,MAAM,CAAC,QAAgB,QAAQ,IAAI,GAAG;AAC5C,QAAM,MAAM,QAAQ,IAAI;AACxB,QAAM,OAAO,SAAS,GAAG;AACzB,MAAI,CAAC,MAAM;AACT,YAAQ,MAAM,4EAA4E,MAAM,GAAG;AACnG,YAAQ,KAAK,CAAC;AAAA,EAChB;AACA,QAAM,SAAS,YAAAD,QAAK,KAAK,MAAM,SAAS;AACxC,MAAI,CAAC,UAAAC,QAAG,WAAW,MAAM,GAAG;AAC1B,YAAQ,MAAM,8GAA8G;AAC5H,YAAQ,KAAK,CAAC;AAAA,EAChB;AAEA,MAAI,uBAAuB,IAAI;AAC/B,MAAI,KAAK,OAAQ,KAAI,WAAW;AAEhC,aAAW,CAAC,UAAU,OAAO,KAAK,OAAO,QAAQ,SAAS,GAAG;AAC3D,cAAU,MAAM,UAAU,SAAS,KAAK,OAAO,KAAK,QAAQ,GAAG;AAAA,EACjE;AAEA,MAAI,CAAC,KAAK,eAAe;AACvB,QAAI,iBAAiB;AACrB,oBAAgB,MAAM,KAAK,QAAQ,GAAG;AACtC,kBAAc,MAAM,KAAK,QAAQ,GAAG;AACpC,gBAAY,MAAM,KAAK,QAAQ,GAAG;AAClC,qBAAiB,MAAM,KAAK,QAAQ,GAAG;AAAA,EACzC;AAEA,MAAI,CAAC,KAAK,UAAU,CAAC,KAAK,QAAQ;AAChC,QAAI,eAAe;AACnB,UAAM,cAAc,MAAM,GAAG;AAAA,EAC/B,WAAW,CAAC,KAAK,UAAU,KAAK,QAAQ;AACtC,QAAI,0GAA0G;AAC9G,QAAI,oDAAoD;AAAA,EAC1D;AAEA,MAAI,EAAE;AACN,MAAI,mBAAmB;AACvB,MAAI,iHAAiH;AACrH,MAAI,kGAAkG;AACtG,MAAI,kBAAkB;AACxB;AAEA,IAAM,OAAO,QAAQ,KAAK,MAAM,CAAC;AACjC,IAAM,QAAQ,KAAK,SAAS,SAAS;AACrC,IAAM,SAAS,KAAK,SAAS,WAAW;AACxC,IAAM,SAAS,KAAK,SAAS,WAAW;AACxC,IAAM,gBAAgB,KAAK,SAAS,mBAAmB;AAEvD,IAAI,KAAK,CAAC,MAAM,UAAU,KAAK,SAAS,QAAQ,KAAM,KAAK,WAAW,KAAK,CAAC,KAAK,KAAK,CAAC,MAAM,EAAE,WAAW,IAAI,CAAC,GAAI;AACjH,UAAQ,EAAE,OAAO,QAAQ,QAAQ,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM;AAC7D,YAAQ,MAAM,CAAC;AACf,YAAQ,KAAK,CAAC;AAAA,EAChB,CAAC;AACH,OAAO;AACL,UAAQ,IAAI,wFAAwF;AACpG,UAAQ,KAAK,KAAK,CAAC,MAAM,YAAY,KAAK,CAAC,MAAM,OAAO,IAAI,CAAC;AAC/D;","names":["path","fs","force","dryRun"]}
1
+ {"version":3,"sources":["../src/cli.ts"],"sourcesContent":["#!/usr/bin/env node\r\n/**\r\n * @infuro/cms-core init CLI\r\n * Usage: npx @infuro/cms-core init [--force] [--dry-run] [--no-deps] [--no-patch-config]\r\n */\r\nimport fs from 'fs';\r\nimport path from 'path';\r\n\r\nconst TEMPLATES = {\r\n 'src/lib/data-source.ts': `import 'reflect-metadata';\r\nimport path from 'path';\r\nimport { createRequire } from 'module';\r\nimport { DataSource } from 'typeorm';\r\nimport { CMS_ENTITY_MAP } from '@infuro/cms-core';\r\n\r\nconst require = createRequire(import.meta.url);\r\nconst coreDir = path.dirname(require.resolve('@infuro/cms-core'));\r\n\r\nlet dataSource: DataSource | null = null;\r\n\r\nexport function getDataSource(): DataSource {\r\n if (!dataSource) {\r\n dataSource = new DataSource({\r\n type: 'postgres',\r\n url: process.env.DATABASE_URL,\r\n entities: Object.values(CMS_ENTITY_MAP),\r\n synchronize: false,\r\n ...(process.env.TYPEORM_CLI && {\r\n migrations: [\r\n path.join(coreDir, 'migrations', '*.ts'),\r\n path.join(process.cwd(), 'src', 'migrations', '*.ts'),\r\n ],\r\n }),\r\n });\r\n }\r\n return dataSource;\r\n}\r\n\r\nexport async function getDataSourceInitialized(): Promise<DataSource> {\r\n const ds = getDataSource();\r\n if (!ds.isInitialized) await ds.initialize();\r\n return ds;\r\n}\r\n\r\nexport default getDataSource;\r\n`,\r\n\r\n 'src/lib/auth-helpers.ts': `import { getServerSession } from 'next-auth';\r\nimport { NextResponse } from 'next/server';\r\nimport { createAuthHelpers } from '@infuro/cms-core/auth';\r\n\r\nconst helpers = createAuthHelpers(\r\n async () => {\r\n const s = await getServerSession();\r\n return s ? { user: s.user } : null;\r\n },\r\n NextResponse\r\n);\r\n\r\nexport const requireAuth = helpers.requireAuth;\r\nexport const requirePermission = helpers.requirePermission;\r\nexport const requireEntityPermission = helpers.requireEntityPermission;\r\nexport const requireAdminAccess = helpers.requireAdminAccess;\r\nexport const getAuthenticatedUser = helpers.getAuthenticatedUser;\r\n`,\r\n\r\n 'src/lib/cms.ts': `import {\r\n createCmsApp,\r\n localStoragePlugin,\r\n type CmsApp,\r\n} from '@infuro/cms-core';\r\nimport { getDataSourceInitialized } from './data-source';\r\n\r\nlet cmsPromise: Promise<CmsApp> | null = null;\r\n\r\nexport async function getCms(): Promise<CmsApp> {\r\n if (cmsPromise) return cmsPromise;\r\n const dataSource = await getDataSourceInitialized();\r\n cmsPromise = createCmsApp({\r\n dataSource,\r\n config: process.env as unknown as Record<string, string>,\r\n plugins: [\r\n localStoragePlugin({ dir: 'public/uploads' }),\r\n ],\r\n });\r\n return cmsPromise;\r\n}\r\n`,\r\n\r\n 'src/app/api/[[...path]]/route.ts': `import { NextResponse } from 'next/server';\r\nimport { getServerSession } from 'next-auth';\r\nimport { createCmsApiHandler } from '@infuro/cms-core/api';\r\nimport { CMS_ENTITY_MAP } from '@infuro/cms-core';\r\nimport { getDataSourceInitialized } from '@/lib/data-source';\r\nimport {\r\n requireAuth,\r\n requireAdminAccess,\r\n requireEntityPermission,\r\n getAuthenticatedUser,\r\n} from '@/lib/auth-helpers';\r\nimport { getCms } from '@/lib/cms';\r\nimport bcrypt from 'bcryptjs';\r\n\r\nconst baseUrl = process.env.NEXTAUTH_URL || 'http://localhost:3000';\r\n\r\nasync function requireAdminApiAuth(req: Request) {\r\n const a = await requireAuth(req);\r\n if (a) return a;\r\n return requireAdminAccess(req);\r\n}\r\n\r\nlet handlerPromise: Promise<ReturnType<typeof createCmsApiHandler>> | null = null;\r\n\r\nasync function getHandler() {\r\n if (!handlerPromise) {\r\n const dataSource = await getDataSourceInitialized();\r\n handlerPromise = Promise.resolve(\r\n createCmsApiHandler({\r\n dataSource,\r\n entityMap: CMS_ENTITY_MAP,\r\n requireAuth: requireAdminApiAuth,\r\n requireEntityPermission,\r\n getSessionUser: getAuthenticatedUser,\r\n json: NextResponse.json.bind(NextResponse),\r\n getCms,\r\n userAuth: {\r\n dataSource,\r\n entityMap: CMS_ENTITY_MAP,\r\n json: NextResponse.json.bind(NextResponse),\r\n baseUrl,\r\n hashPassword: (p) => Promise.resolve(bcrypt.hashSync(p, 12)),\r\n comparePassword: (p, h) => Promise.resolve(bcrypt.compareSync(p, h)),\r\n resetExpiryHours: 1,\r\n getSession: () =>\r\n getServerSession().then((s) => (s ? { user: s.user } : null)),\r\n },\r\n dashboard: {\r\n dataSource,\r\n entityMap: CMS_ENTITY_MAP,\r\n json: NextResponse.json.bind(NextResponse),\r\n requireAuth: requireAdminApiAuth,\r\n requirePermission: requireAdminApiAuth,\r\n },\r\n upload: {\r\n json: NextResponse.json.bind(NextResponse),\r\n requireAuth: requireAdminApiAuth,\r\n storage: () => getCms().then((cms) => cms.getPlugin('storage')),\r\n localUploadDir: 'public/uploads',\r\n },\r\n blogBySlug: {\r\n dataSource,\r\n entityMap: CMS_ENTITY_MAP,\r\n json: NextResponse.json.bind(NextResponse),\r\n requireAuth: async () => null,\r\n },\r\n formBySlug: {\r\n dataSource,\r\n entityMap: CMS_ENTITY_MAP,\r\n json: NextResponse.json.bind(NextResponse),\r\n requireAuth: async () => null,\r\n },\r\n usersApi: {\r\n dataSource,\r\n entityMap: CMS_ENTITY_MAP,\r\n json: NextResponse.json.bind(NextResponse),\r\n requireAuth: requireAdminApiAuth,\r\n baseUrl,\r\n },\r\n userProfile: {\r\n dataSource,\r\n entityMap: CMS_ENTITY_MAP,\r\n json: NextResponse.json.bind(NextResponse),\r\n getSession: () =>\r\n getServerSession().then((s) => (s ? { user: s.user } : null)),\r\n },\r\n })\r\n );\r\n }\r\n return handlerPromise;\r\n}\r\n\r\nasync function handle(method: string, req: Request, context: { params: Promise<{ path?: string[] }> }) {\r\n try {\r\n const handler = await getHandler();\r\n const { path: pathSegments = [] } = await context.params;\r\n return handler.handle(method, pathSegments, req);\r\n } catch {\r\n return NextResponse.json({ error: 'Server Error' }, { status: 500 });\r\n }\r\n}\r\n\r\nexport async function GET(req: Request, ctx: { params: Promise<{ path?: string[] }> }) { return handle('GET', req, ctx); }\r\nexport async function POST(req: Request, ctx: { params: Promise<{ path?: string[] }> }) { return handle('POST', req, ctx); }\r\nexport async function PUT(req: Request, ctx: { params: Promise<{ path?: string[] }> }) { return handle('PUT', req, ctx); }\r\nexport async function PATCH(req: Request, ctx: { params: Promise<{ path?: string[] }> }) { return handle('PATCH', req, ctx); }\r\nexport async function DELETE(req: Request, ctx: { params: Promise<{ path?: string[] }> }) { return handle('DELETE', req, ctx); }\r\n`,\r\n\r\n 'src/app/api/auth/[...nextauth]/route.ts': `import NextAuth from 'next-auth';\r\nimport { getNextAuthOptions } from '@infuro/cms-core/auth';\r\nimport { getDataSourceInitialized } from '@/lib/data-source';\r\nimport { CMS_ENTITY_MAP } from '@infuro/cms-core';\r\nimport bcrypt from 'bcryptjs';\r\n\r\nasync function getOptions() {\r\n const dataSource = await getDataSourceInitialized();\r\n const userRepo = dataSource.getRepository(CMS_ENTITY_MAP.users);\r\n return getNextAuthOptions({\r\n getUserByEmail: async (email: string) => {\r\n return userRepo.findOne({\r\n where: { email },\r\n relations: ['group', 'group.permissions'],\r\n select: ['id', 'email', 'name', 'password', 'blocked', 'deleted', 'groupId', 'adminAccess'],\r\n }) as any;\r\n },\r\n comparePassword: (plain, hash) => Promise.resolve(bcrypt.compareSync(plain, hash)),\r\n signInPage: '/admin/signin',\r\n });\r\n}\r\n\r\nlet handler: ReturnType<typeof NextAuth> | null = null;\r\n\r\nasync function getHandler() {\r\n if (!handler) handler = NextAuth(await getOptions());\r\n return handler;\r\n}\r\n\r\ntype NextAuthContext = { params: Promise<{ nextauth?: string[] }> };\r\n\r\nexport async function GET(req: Request, context: NextAuthContext) {\r\n return (await getHandler())(req, context);\r\n}\r\nexport async function POST(req: Request, context: NextAuthContext) {\r\n return (await getHandler())(req, context);\r\n}\r\n`,\r\n\r\n 'src/app/admin/layout.tsx': `'use client';\r\n\r\nimport '@infuro/cms-core/admin.css';\r\nimport AdminLayout from '@infuro/cms-core/admin';\r\n\r\nexport default function AdminLayoutWrapper({ children }: { children: React.ReactNode }) {\r\n return (\r\n <AdminLayout\r\n customNavItems={[]}\r\n customNavSections={[]}\r\n customCrudConfigs={{}}\r\n >\r\n {children}\r\n </AdminLayout>\r\n );\r\n}\r\n`,\r\n\r\n 'src/app/admin/[[...slug]]/page.tsx': `import { AdminPageResolver } from '@infuro/cms-core/admin';\r\n\r\nexport default async function AdminPage({ params }: { params: Promise<{ slug?: string[] }> }) {\r\n const { slug } = await params;\r\n return <AdminPageResolver slug={slug} />;\r\n}\r\n`,\r\n\r\n 'src/middleware.ts': `import { NextResponse } from 'next/server';\r\nimport type { NextRequest } from 'next/server';\r\nimport { createCmsMiddleware } from '@infuro/cms-core/auth';\r\n\r\nconst cmsMiddleware = createCmsMiddleware({\r\n publicApiMethods: {\r\n '/api/contacts': ['POST'],\r\n '/api/form-submissions': ['POST'],\r\n '/api/blogs': ['GET'],\r\n '/api/forms': ['GET'],\r\n '/api/auth': ['GET', 'POST'],\r\n '/api/users/forgot-password': ['POST'],\r\n '/api/users/set-password': ['POST'],\r\n '/api/users/invite': ['POST'],\r\n },\r\n});\r\n\r\nexport function middleware(request: NextRequest) {\r\n const result = cmsMiddleware({\r\n nextUrl: request.nextUrl,\r\n url: request.url,\r\n method: request.method,\r\n cookies: request.cookies,\r\n });\r\n\r\n if (result.type === 'next') return NextResponse.next();\r\n if (result.type === 'redirect') return NextResponse.redirect(result.url);\r\n if (result.type === 'json') return NextResponse.json(result.body, { status: result.status });\r\n return NextResponse.next();\r\n}\r\n\r\nexport const config = {\r\n matcher: ['/admin/:path*', '/api/:path*'],\r\n};\r\n`,\r\n\r\n 'src/app/providers.tsx': `\"use client\";\r\n\r\nimport { ThemeProvider } from \"next-themes\";\r\nimport { SessionProvider } from \"next-auth/react\";\r\nimport { Toaster } from \"sonner\";\r\n\r\nexport function Providers({ children }: { children: React.ReactNode }) {\r\n return (\r\n <SessionProvider>\r\n <ThemeProvider attribute=\"class\" defaultTheme=\"system\" enableSystem>\r\n {children}\r\n <Toaster position=\"top-right\" />\r\n </ThemeProvider>\r\n </SessionProvider>\r\n );\r\n}\r\n`,\r\n\r\n '.env.example': `DATABASE_URL=postgres://user:password@localhost:5432/mydb\r\nNEXTAUTH_SECRET=your-random-secret\r\nNEXTAUTH_URL=http://localhost:3000\r\n\r\n# Admin user (for npm run seed)\r\nADMIN_EMAIL=admin@example.com\r\nADMIN_PASSWORD=changeme\r\n`,\r\n\r\n 'src/lib/seed.ts': `try { require('dotenv/config'); } catch {}\r\nimport 'reflect-metadata';\r\nimport { getDataSourceInitialized } from './data-source';\r\nimport { CMS_ENTITY_MAP } from '@infuro/cms-core';\r\nimport bcrypt from 'bcryptjs';\r\n\r\nasync function main() {\r\n const ds = await getDataSourceInitialized();\r\n const userRepo = ds.getRepository(CMS_ENTITY_MAP.users);\r\n\r\n const email = process.env.ADMIN_EMAIL || 'admin@example.com';\r\n const password = process.env.ADMIN_PASSWORD || 'changeme';\r\n\r\n const existing = await userRepo.findOne({ where: { email } });\r\n if (!existing) {\r\n const hashedPassword = await bcrypt.hash(password, 10);\r\n await userRepo.save(userRepo.create({ name: 'Admin', email, password: hashedPassword }));\r\n console.log('Default admin user created');\r\n } else {\r\n console.log('Default admin user already exists');\r\n }\r\n\r\n await ds.destroy();\r\n}\r\n\r\nmain().catch((e) => {\r\n console.error(e);\r\n process.exit(1);\r\n});\r\n`,\r\n\r\n 'scripts/migration-datasource.cjs': `/**\r\n * Data source for TypeORM CLI (migration:generate). Resolves @infuro/cms-core from project root (works with npm link).\r\n */\r\nrequire('reflect-metadata');\r\nrequire('dotenv/config');\r\nconst path = require('path');\r\nconst { DataSource } = require('typeorm');\r\nconst coreEntry = path.resolve(__dirname, '..', 'node_modules', '@infuro', 'cms-core', 'dist', 'index.cjs');\r\nconst { CMS_ENTITY_MAP } = require(coreEntry);\r\n\r\nmodule.exports = new DataSource({\r\n type: 'postgres',\r\n url: process.env.DATABASE_URL,\r\n entities: Object.values(CMS_ENTITY_MAP),\r\n synchronize: false,\r\n migrations: ['src/migrations/*.ts'],\r\n});\r\n`,\r\n\r\n 'scripts/run-migrations.ts': `/**\r\n * Run TypeORM migrations. Loads .env so DATABASE_URL is set.\r\n * Usage: npm run migration:run\r\n */\r\ntry { require('dotenv/config'); } catch {}\r\nimport 'reflect-metadata';\r\n\r\nasync function main() {\r\n process.env.TYPEORM_CLI = '1';\r\n const { getDataSourceInitialized } = await import('../src/lib/data-source');\r\n const ds = await getDataSourceInitialized();\r\n const run = await ds.runMigrations();\r\n console.log(run.length ? \\`Ran \\${run.length} migration(s).\\` : 'No pending migrations.');\r\n await ds.destroy();\r\n}\r\n\r\nmain().catch((e) => {\r\n console.error(e);\r\n process.exit(1);\r\n});\r\n`,\r\n\r\n 'src/migrations/README.md': `# TypeORM migrations\r\n\r\nGenerate a new migration (after changing entities):\r\n\r\n\\`\\`\\`bash\r\nnpm run migration:generate -- MyMigrationName\r\n\\`\\`\\`\r\n\r\nRun pending migrations:\r\n\r\n\\`\\`\\`bash\r\nnpm run migration:run\r\n\\`\\`\\`\r\n`,\r\n\r\n 'src/themes/default/index.ts': `import { createTheme } from '@infuro/cms-core/theme';\r\n\r\nimport { Container, meta as containerMeta } from './components/Container';\r\nimport { TextBlock, meta as textBlockMeta } from './components/TextBlock';\r\n\r\nimport { Navbar } from './layout/Navbar';\r\nimport { Footer, footerFields, footerDefaults } from './layout/Footer';\r\n\r\nexport default createTheme({\r\n name: 'default',\r\n label: 'Default Theme',\r\n components: [\r\n { component: Container, meta: containerMeta },\r\n { component: TextBlock, meta: textBlockMeta },\r\n ],\r\n layout: {\r\n navbar: { component: Navbar },\r\n footer: { component: Footer, fields: footerFields, defaults: footerDefaults },\r\n },\r\n});\r\n`,\r\n\r\n 'src/themes/default/layout/Navbar.tsx': `import type { NavbarConfig, NavItem } from '@infuro/cms-core/theme';\r\n\r\nfunction NavLink({ item }: { item: NavItem }) {\r\n return (\r\n <li className=\"list-none\">\r\n <a\r\n href={item.url}\r\n target={item.openInNewTab ? '_blank' : undefined}\r\n rel={item.openInNewTab ? 'noopener noreferrer' : undefined}\r\n className=\"text-sm font-medium text-gray-700 hover:text-gray-900 px-3 py-2 inline-block\"\r\n >\r\n {item.label}\r\n </a>\r\n </li>\r\n );\r\n}\r\n\r\nexport function Navbar({ logo, items, ctaLabel, ctaUrl }: NavbarConfig) {\r\n return (\r\n <nav className=\"bg-white sticky top-0 z-40 border-b\">\r\n <div className=\"max-w-7xl mx-auto px-4 sm:px-6 lg:px-8\">\r\n <div className=\"flex items-center justify-between h-16\">\r\n <a href=\"/\" className=\"flex-shrink-0\">\r\n {logo ? (\r\n <img src={logo} alt=\"Logo\" className=\"h-8\" />\r\n ) : (\r\n <span className=\"text-xl font-bold text-gray-900\">Logo</span>\r\n )}\r\n </a>\r\n <ul className=\"flex items-center gap-1 list-none m-0 p-0\">\r\n {items.map((item) => (\r\n <NavLink key={item.id} item={item} />\r\n ))}\r\n </ul>\r\n {ctaLabel && (\r\n <a href={ctaUrl || '#'} className=\"text-sm font-medium text-gray-900 hover:underline\">\r\n {ctaLabel}\r\n </a>\r\n )}\r\n </div>\r\n </div>\r\n </nav>\r\n );\r\n}\r\n`,\r\n\r\n 'src/themes/default/layout/Footer.tsx': `import type { FooterConfig, PropDefinition } from '@infuro/cms-core/theme';\r\n\r\nexport const footerFields: PropDefinition[] = [\r\n { name: 'copyright', label: 'Copyright Text', type: 'text' },\r\n];\r\n\r\nexport const footerDefaults: Record<string, any> = {\r\n copyright: '© 2025 Your Site. All rights reserved.',\r\n columns: [],\r\n socialLinks: [],\r\n};\r\n\r\nexport function Footer({ copyright, columns = [], socialLinks = [] }: FooterConfig) {\r\n return (\r\n <footer className=\"bg-gray-900 text-gray-400 py-8 px-8\">\r\n <div className=\"max-w-7xl mx-auto\">\r\n {columns.length > 0 && (\r\n <div className=\"grid grid-cols-2 md:grid-cols-4 gap-8 mb-6\">\r\n {columns.map((col, i) => (\r\n <div key={i}>\r\n <h4 className=\"text-white font-semibold mb-3 text-sm\">{col.title}</h4>\r\n <ul className=\"space-y-2\">\r\n {col.links.map((link, j) => (\r\n <li key={j}>\r\n <a href={link.url} className=\"text-sm hover:text-white transition-colors\">\r\n {link.label}\r\n </a>\r\n </li>\r\n ))}\r\n </ul>\r\n </div>\r\n ))}\r\n </div>\r\n )}\r\n <div className=\"border-t border-gray-800 pt-6\">\r\n <p className=\"text-sm\">{copyright}</p>\r\n </div>\r\n </div>\r\n </footer>\r\n );\r\n}\r\n`,\r\n\r\n 'src/themes/default/components/Container.tsx': `import type { ComponentMeta } from '@infuro/cms-core/theme';\r\n\r\nexport const meta: ComponentMeta = {\r\n name: 'Container',\r\n label: 'Container',\r\n category: 'layout',\r\n icon: 'LayoutDashboard',\r\n description: 'A layout container that holds other components',\r\n defaultProps: { background: '#ffffff' },\r\n props: [{ name: 'background', label: 'Background', type: 'color' }],\r\n canContainChildren: true,\r\n};\r\n\r\nexport function Container({\r\n background = '#ffffff',\r\n children,\r\n}: {\r\n background?: string;\r\n children?: React.ReactNode;\r\n}) {\r\n return (\r\n <div style={{ backgroundColor: background, minHeight: '48px', padding: '1rem' }}>\r\n {children}\r\n </div>\r\n );\r\n}\r\n`,\r\n\r\n 'src/themes/default/components/TextBlock.tsx': `import type { ComponentMeta } from '@infuro/cms-core/theme';\r\n\r\nexport const meta: ComponentMeta = {\r\n name: 'TextBlock',\r\n label: 'Text Block',\r\n category: 'content',\r\n icon: 'Type',\r\n description: 'Rich text content block',\r\n defaultProps: { content: '<p>Enter your text here...</p>' },\r\n props: [{ name: 'content', label: 'Content', type: 'richtext' }],\r\n};\r\n\r\nexport function TextBlock({ content }: { content?: string }) {\r\n return (\r\n <div\r\n className=\"prose prose-gray max-w-none py-4 px-2\"\r\n dangerouslySetInnerHTML={{ __html: content || '' }}\r\n />\r\n );\r\n}\r\n`,\r\n\r\n 'src/lib/theme-registry.ts': `import defaultTheme from '@/themes/default';\r\nimport type { ThemeConfig } from '@infuro/cms-core/theme';\r\n\r\nexport const defaultThemeConfig = defaultTheme;\r\n\r\nexport interface ThemeRegistryItem {\r\n id: string;\r\n label: string;\r\n config: ThemeConfig;\r\n description?: string;\r\n}\r\n\r\nexport const THEME_REGISTRY: ThemeRegistryItem[] = [\r\n {\r\n id: 'default',\r\n label: 'Default',\r\n config: defaultTheme,\r\n description: 'Default theme with standard layout and components.',\r\n },\r\n];\r\n\r\nexport function getThemeById(id: string | undefined): ThemeConfig {\r\n const theme = THEME_REGISTRY.find((t) => t.id === (id || '')) ?? THEME_REGISTRY[0];\r\n return theme?.config ?? defaultTheme;\r\n}\r\n`,\r\n\r\n 'src/app/page.tsx': `export default function HomePage() {\r\n return (\r\n <main className=\"min-h-screen flex flex-col items-center justify-center p-8\">\r\n <h1 className=\"text-3xl font-bold text-gray-900 mb-4\">Welcome</h1>\r\n <p className=\"text-gray-600 mb-6\">Your CMS is set up. Manage content at the admin panel.</p>\r\n <a\r\n href=\"/admin\"\r\n className=\"text-white bg-gray-900 hover:bg-gray-800 px-4 py-2 rounded-lg font-medium transition-colors\"\r\n >\r\n Open Admin\r\n </a>\r\n </main>\r\n );\r\n}\r\n`,\r\n\r\n 'src/app/contact/page.tsx': `export default function ContactPage() {\r\n return (\r\n <main className=\"min-h-screen p-8 max-w-2xl mx-auto\">\r\n <h1 className=\"text-3xl font-bold text-gray-900 mb-4\">Contact</h1>\r\n <p className=\"text-gray-600\">\r\n Add a contact form or wire this page to your CMS form. Use the admin panel to manage forms and submissions.\r\n </p>\r\n </main>\r\n );\r\n}\r\n`,\r\n};\r\n\r\nfunction findRoot(cwd: string): string | null {\r\n let dir = path.resolve(cwd);\r\n for (let i = 0; i < 20; i++) {\r\n const pkgPath = path.join(dir, 'package.json');\r\n if (fs.existsSync(pkgPath)) {\r\n try {\r\n const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));\r\n if (pkg.dependencies?.next || pkg.devDependencies?.next) return dir;\r\n } catch {\r\n // ignore\r\n }\r\n }\r\n const parent = path.dirname(dir);\r\n if (parent === dir) break;\r\n dir = parent;\r\n }\r\n return null;\r\n}\r\n\r\nfunction writeFile(\r\n root: string,\r\n filePath: string,\r\n content: string,\r\n force: boolean,\r\n dryRun: boolean,\r\n log: (msg: string) => void\r\n): boolean {\r\n const full = path.join(root, filePath);\r\n if (fs.existsSync(full) && !force) {\r\n log(` skip (exists): ${filePath}`);\r\n return false;\r\n }\r\n if (dryRun) {\r\n log(` would create: ${filePath}`);\r\n return true;\r\n }\r\n const dir = path.dirname(full);\r\n fs.mkdirSync(dir, { recursive: true });\r\n fs.writeFileSync(full, content, 'utf8');\r\n log(` created: ${filePath}`);\r\n return true;\r\n}\r\n\r\nfunction patchNextConfig(root: string, dryRun: boolean, log: (msg: string) => void): boolean {\r\n const candidates = ['next.config.js', 'next.config.mjs', 'next.config.cjs'];\r\n let configPath: string | null = null;\r\n for (const name of candidates) {\r\n const p = path.join(root, name);\r\n if (fs.existsSync(p)) {\r\n configPath = p;\r\n break;\r\n }\r\n }\r\n if (!configPath) {\r\n log(' skip next.config: not found');\r\n return false;\r\n }\r\n let content = fs.readFileSync(configPath, 'utf8');\r\n if (content.includes(\"'@infuro/cms-core'\") || content.includes('\"@infuro/cms-core\"')) {\r\n log(` skip (already has core): ${path.basename(configPath)}`);\r\n return false;\r\n }\r\n if (content.includes('serverExternalPackages')) {\r\n content = content.replace(\r\n /(serverExternalPackages:\\s*\\[)/,\r\n \"$1'@infuro/cms-core', 'typeorm', \"\r\n );\r\n } else {\r\n content = content.replace(\r\n /(const nextConfig\\s*=\\s*\\{|module\\.exports\\s*=\\s*\\{)/,\r\n \"$1\\n serverExternalPackages: ['@infuro/cms-core', 'typeorm'],\"\r\n );\r\n }\r\n if (dryRun) {\r\n log(` would patch: ${path.basename(configPath)}`);\r\n return true;\r\n }\r\n fs.writeFileSync(configPath, content, 'utf8');\r\n log(` patched: ${path.basename(configPath)}`);\r\n return true;\r\n}\r\n\r\nfunction patchTailwind(root: string, dryRun: boolean, log: (msg: string) => void): boolean {\r\n const candidates = ['tailwind.config.js', 'tailwind.config.mjs', 'tailwind.config.ts'];\r\n let configPath: string | null = null;\r\n for (const name of candidates) {\r\n const p = path.join(root, name);\r\n if (fs.existsSync(p)) {\r\n configPath = p;\r\n break;\r\n }\r\n }\r\n if (!configPath) {\r\n log(' skip tailwind: config not found');\r\n return false;\r\n }\r\n let content = fs.readFileSync(configPath, 'utf8');\r\n const coreContent = \"./node_modules/@infuro/cms-core/dist/**/*.{js,cjs}\";\r\n if (content.includes('@infuro/cms-core')) {\r\n log(` skip (already has core): ${path.basename(configPath)}`);\r\n return false;\r\n }\r\n if (content.includes('content:')) {\r\n content = content.replace(\r\n /(content:\\s*\\[)/,\r\n `$1\\n \"${coreContent}\",`\r\n );\r\n }\r\n if (dryRun) {\r\n log(` would patch: ${path.basename(configPath)}`);\r\n return true;\r\n }\r\n fs.writeFileSync(configPath, content, 'utf8');\r\n log(` patched: ${path.basename(configPath)}`);\r\n return true;\r\n}\r\n\r\nfunction patchLayout(root: string, dryRun: boolean, log: (msg: string) => void): boolean {\r\n const layoutPath = path.join(root, 'src/app/layout.tsx');\r\n if (!fs.existsSync(layoutPath)) {\r\n log(' skip layout: src/app/layout.tsx not found');\r\n return false;\r\n }\r\n let content = fs.readFileSync(layoutPath, 'utf8');\r\n if (content.includes('<Providers>')) {\r\n log(' skip layout: already uses Providers');\r\n return false;\r\n }\r\n const bodyMatch = content.match(/<body([^>]*)>\\s*(\\{children\\})\\s*<\\/body>/s);\r\n if (!bodyMatch) {\r\n log(' skip layout: unexpected structure (add <Providers> manually)');\r\n return false;\r\n }\r\n if (dryRun) {\r\n log(' would patch: src/app/layout.tsx');\r\n return true;\r\n }\r\n const [, bodyAttrs, children] = bodyMatch;\r\n const newBody = `<body${bodyAttrs}>\\n <Providers>${children}</Providers>\\n </body>`;\r\n content = content.replace(/<body[^>]*>\\s*\\{children\\}\\s*<\\/body>/s, newBody);\r\n if (!content.includes(\"from './providers'\") && !content.includes('from \"./providers\"')) {\r\n const firstImport = content.match(/^import .+ from .+;\\n/m);\r\n content = firstImport\r\n ? content.replace(firstImport[0], firstImport[0] + \"import { Providers } from './providers';\\n\")\r\n : \"import { Providers } from './providers';\\n\" + content;\r\n }\r\n if (content.includes('<html') && !content.includes('suppressHydrationWarning')) {\r\n content = content.replace(/<html(\\s)/, '<html suppressHydrationWarning$1');\r\n }\r\n fs.writeFileSync(layoutPath, content, 'utf8');\r\n log(' patched: src/app/layout.tsx');\r\n return true;\r\n}\r\n\r\nfunction patchPackageJson(root: string, dryRun: boolean, log: (msg: string) => void): boolean {\r\n const pkgPath = path.join(root, 'package.json');\r\n if (!fs.existsSync(pkgPath)) return false;\r\n const pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));\r\n const scripts = pkg.scripts || {};\r\n let changed = false;\r\n if (!scripts.seed) {\r\n scripts.seed = 'tsx src/lib/seed.ts';\r\n changed = true;\r\n }\r\n if (!scripts['migration:run']) {\r\n scripts['migration:run'] = 'tsx scripts/run-migrations.ts';\r\n changed = true;\r\n }\r\n const dev = pkg.devDependencies || {};\r\n const deps = pkg.dependencies || {};\r\n if (!deps['@infuro/cms-core']) {\r\n deps['@infuro/cms-core'] = '^1.0.6';\r\n changed = true;\r\n }\r\n if (!dev.tsx) {\r\n dev.tsx = '^4.0.0';\r\n changed = true;\r\n }\r\n if (!dev.dotenv) {\r\n dev.dotenv = '^16.0.0';\r\n changed = true;\r\n }\r\n if (!changed) {\r\n log(' skip package.json: scripts/devDeps already present');\r\n return false;\r\n }\r\n pkg.scripts = scripts;\r\n pkg.dependencies = { ...pkg.dependencies, ...deps };\r\n pkg.devDependencies = { ...pkg.devDependencies, ...dev };\r\n if (dryRun) {\r\n log(' would patch: package.json (scripts + devDependencies)');\r\n return true;\r\n }\r\n fs.writeFileSync(pkgPath, JSON.stringify(pkg, null, 2), 'utf8');\r\n log(' patched: package.json');\r\n return true;\r\n}\r\n\r\nasync function runNpmInstall(root: string, log: (msg: string) => void): Promise<void> {\r\n const { spawnSync } = await import('child_process');\r\n log(' running: npm install (deps)...');\r\n spawnSync('npm', ['install', '@infuro/cms-core', 'typeorm', 'reflect-metadata', 'bcryptjs', 'next-auth', 'next-themes', 'sonner'], {\r\n cwd: root,\r\n stdio: 'inherit',\r\n shell: true,\r\n });\r\n log(' running: npm install -D tsx dotenv @types/node...');\r\n spawnSync('npm', ['install', '-D', 'tsx', 'dotenv', '@types/node'], {\r\n cwd: root,\r\n stdio: 'inherit',\r\n shell: true,\r\n });\r\n}\r\n\r\nasync function runInit(opts: {\r\n force: boolean;\r\n dryRun: boolean;\r\n noDeps: boolean;\r\n noPatchConfig: boolean;\r\n}) {\r\n const log = (msg: string) => console.log(msg);\r\n const cwd = process.cwd();\r\n const root = findRoot(cwd);\r\n if (!root) {\r\n console.error('Not a Next.js project (no package.json with next dependency found from ' + cwd + ')');\r\n process.exit(1);\r\n }\r\n const appDir = path.join(root, 'src/app');\r\n if (!fs.existsSync(appDir)) {\r\n console.error('Expected src/app directory not found. Use a Next.js app with src directory (e.g. create-next-app --src-dir).');\r\n process.exit(1);\r\n }\r\n\r\n log('Infuro CMS init @ ' + root);\r\n if (opts.dryRun) log('(dry run)');\r\n\r\n for (const [filePath, content] of Object.entries(TEMPLATES)) {\r\n writeFile(root, filePath, content, opts.force, opts.dryRun, log);\r\n }\r\n\r\n if (!opts.noPatchConfig) {\r\n log('Config patches:');\r\n patchNextConfig(root, opts.dryRun, log);\r\n patchTailwind(root, opts.dryRun, log);\r\n patchLayout(root, opts.dryRun, log);\r\n patchPackageJson(root, opts.dryRun, log);\r\n }\r\n\r\n if (!opts.noDeps && !opts.dryRun) {\r\n log('Dependencies:');\r\n await runNpmInstall(root, log);\r\n } else if (!opts.noDeps && opts.dryRun) {\r\n log(' would run: npm install @infuro/cms-core typeorm reflect-metadata bcryptjs next-auth next-themes sonner');\r\n log(' would run: npm install -D tsx dotenv @types/node');\r\n }\r\n\r\n log('');\r\n log('Done. Next steps:');\r\n log(' 1. Copy .env.example to .env and set DATABASE_URL, NEXTAUTH_SECRET, NEXTAUTH_URL, ADMIN_EMAIL, ADMIN_PASSWORD');\r\n log(' 2. Run npm run migration:run then npm run seed (creates admin from ADMIN_EMAIL/ADMIN_PASSWORD)');\r\n log(' 3. npm run dev');\r\n}\r\n\r\nconst args = process.argv.slice(2);\r\nconst force = args.includes('--force');\r\nconst dryRun = args.includes('--dry-run');\r\nconst noDeps = args.includes('--no-deps');\r\nconst noPatchConfig = args.includes('--no-patch-config');\r\n\r\nif (args[0] === 'init' || args.includes('--init') || (args.length === 0 && !args.some((a) => a.startsWith('--')))) {\r\n runInit({ force, dryRun, noDeps, noPatchConfig }).catch((e) => {\r\n console.error(e);\r\n process.exit(1);\r\n });\r\n} else {\r\n console.log('Usage: npx @infuro/cms-core init [--force] [--dry-run] [--no-deps] [--no-patch-config]');\r\n process.exit(args[0] === '--help' || args[0] === '-h' ? 0 : 1);\r\n}\r\n"],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;AAKA,gBAAe;AACf,kBAAiB;AAEjB,IAAM,YAAY;AAAA,EAChB,0BAA0B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAsC1B,2BAA2B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAmB3B,kBAAkB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAuBlB,oCAAoC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA6GpC,2CAA2C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAuC3C,4BAA4B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAkB5B,sCAAsC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAQtC,qBAAqB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAoCrB,yBAAyB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAkBzB,gBAAgB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAShB,mBAAmB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA+BnB,oCAAoC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAmBpC,6BAA6B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAsB7B,4BAA4B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAe5B,+BAA+B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAsB/B,wCAAwC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA8CxC,wCAAwC;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA2CxC,+CAA+C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA4B/C,+CAA+C;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAsB/C,6BAA6B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EA2B7B,oBAAoB;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,EAgBpB,4BAA4B;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAW9B;AAEA,SAAS,SAAS,KAA4B;AAC5C,MAAI,MAAM,YAAAA,QAAK,QAAQ,GAAG;AAC1B,WAAS,IAAI,GAAG,IAAI,IAAI,KAAK;AAC3B,UAAM,UAAU,YAAAA,QAAK,KAAK,KAAK,cAAc;AAC7C,QAAI,UAAAC,QAAG,WAAW,OAAO,GAAG;AAC1B,UAAI;AACF,cAAM,MAAM,KAAK,MAAM,UAAAA,QAAG,aAAa,SAAS,MAAM,CAAC;AACvD,YAAI,IAAI,cAAc,QAAQ,IAAI,iBAAiB,KAAM,QAAO;AAAA,MAClE,QAAQ;AAAA,MAER;AAAA,IACF;AACA,UAAM,SAAS,YAAAD,QAAK,QAAQ,GAAG;AAC/B,QAAI,WAAW,IAAK;AACpB,UAAM;AAAA,EACR;AACA,SAAO;AACT;AAEA,SAAS,UACP,MACA,UACA,SACAE,QACAC,SACA,KACS;AACT,QAAM,OAAO,YAAAH,QAAK,KAAK,MAAM,QAAQ;AACrC,MAAI,UAAAC,QAAG,WAAW,IAAI,KAAK,CAACC,QAAO;AACjC,QAAI,oBAAoB,QAAQ,EAAE;AAClC,WAAO;AAAA,EACT;AACA,MAAIC,SAAQ;AACV,QAAI,mBAAmB,QAAQ,EAAE;AACjC,WAAO;AAAA,EACT;AACA,QAAM,MAAM,YAAAH,QAAK,QAAQ,IAAI;AAC7B,YAAAC,QAAG,UAAU,KAAK,EAAE,WAAW,KAAK,CAAC;AACrC,YAAAA,QAAG,cAAc,MAAM,SAAS,MAAM;AACtC,MAAI,cAAc,QAAQ,EAAE;AAC5B,SAAO;AACT;AAEA,SAAS,gBAAgB,MAAcE,SAAiB,KAAqC;AAC3F,QAAM,aAAa,CAAC,kBAAkB,mBAAmB,iBAAiB;AAC1E,MAAI,aAA4B;AAChC,aAAW,QAAQ,YAAY;AAC7B,UAAM,IAAI,YAAAH,QAAK,KAAK,MAAM,IAAI;AAC9B,QAAI,UAAAC,QAAG,WAAW,CAAC,GAAG;AACpB,mBAAa;AACb;AAAA,IACF;AAAA,EACF;AACA,MAAI,CAAC,YAAY;AACf,QAAI,+BAA+B;AACnC,WAAO;AAAA,EACT;AACA,MAAI,UAAU,UAAAA,QAAG,aAAa,YAAY,MAAM;AAChD,MAAI,QAAQ,SAAS,oBAAoB,KAAK,QAAQ,SAAS,oBAAoB,GAAG;AACpF,QAAI,8BAA8B,YAAAD,QAAK,SAAS,UAAU,CAAC,EAAE;AAC7D,WAAO;AAAA,EACT;AACA,MAAI,QAAQ,SAAS,wBAAwB,GAAG;AAC9C,cAAU,QAAQ;AAAA,MAChB;AAAA,MACA;AAAA,IACF;AAAA,EACF,OAAO;AACL,cAAU,QAAQ;AAAA,MAChB;AAAA,MACA;AAAA,IACF;AAAA,EACF;AACA,MAAIG,SAAQ;AACV,QAAI,kBAAkB,YAAAH,QAAK,SAAS,UAAU,CAAC,EAAE;AACjD,WAAO;AAAA,EACT;AACA,YAAAC,QAAG,cAAc,YAAY,SAAS,MAAM;AAC5C,MAAI,cAAc,YAAAD,QAAK,SAAS,UAAU,CAAC,EAAE;AAC7C,SAAO;AACT;AAEA,SAAS,cAAc,MAAcG,SAAiB,KAAqC;AACzF,QAAM,aAAa,CAAC,sBAAsB,uBAAuB,oBAAoB;AACrF,MAAI,aAA4B;AAChC,aAAW,QAAQ,YAAY;AAC7B,UAAM,IAAI,YAAAH,QAAK,KAAK,MAAM,IAAI;AAC9B,QAAI,UAAAC,QAAG,WAAW,CAAC,GAAG;AACpB,mBAAa;AACb;AAAA,IACF;AAAA,EACF;AACA,MAAI,CAAC,YAAY;AACf,QAAI,mCAAmC;AACvC,WAAO;AAAA,EACT;AACA,MAAI,UAAU,UAAAA,QAAG,aAAa,YAAY,MAAM;AAChD,QAAM,cAAc;AACpB,MAAI,QAAQ,SAAS,kBAAkB,GAAG;AACxC,QAAI,8BAA8B,YAAAD,QAAK,SAAS,UAAU,CAAC,EAAE;AAC7D,WAAO;AAAA,EACT;AACA,MAAI,QAAQ,SAAS,UAAU,GAAG;AAChC,cAAU,QAAQ;AAAA,MAChB;AAAA,MACA;AAAA,OAAY,WAAW;AAAA,IACzB;AAAA,EACF;AACA,MAAIG,SAAQ;AACV,QAAI,kBAAkB,YAAAH,QAAK,SAAS,UAAU,CAAC,EAAE;AACjD,WAAO;AAAA,EACT;AACA,YAAAC,QAAG,cAAc,YAAY,SAAS,MAAM;AAC5C,MAAI,cAAc,YAAAD,QAAK,SAAS,UAAU,CAAC,EAAE;AAC7C,SAAO;AACT;AAEA,SAAS,YAAY,MAAcG,SAAiB,KAAqC;AACvF,QAAM,aAAa,YAAAH,QAAK,KAAK,MAAM,oBAAoB;AACvD,MAAI,CAAC,UAAAC,QAAG,WAAW,UAAU,GAAG;AAC9B,QAAI,6CAA6C;AACjD,WAAO;AAAA,EACT;AACA,MAAI,UAAU,UAAAA,QAAG,aAAa,YAAY,MAAM;AAChD,MAAI,QAAQ,SAAS,aAAa,GAAG;AACnC,QAAI,uCAAuC;AAC3C,WAAO;AAAA,EACT;AACA,QAAM,YAAY,QAAQ,MAAM,4CAA4C;AAC5E,MAAI,CAAC,WAAW;AACd,QAAI,gEAAgE;AACpE,WAAO;AAAA,EACT;AACA,MAAIE,SAAQ;AACV,QAAI,mCAAmC;AACvC,WAAO;AAAA,EACT;AACA,QAAM,CAAC,EAAE,WAAW,QAAQ,IAAI;AAChC,QAAM,UAAU,QAAQ,SAAS;AAAA,qBAAyB,QAAQ;AAAA;AAClE,YAAU,QAAQ,QAAQ,0CAA0C,OAAO;AAC3E,MAAI,CAAC,QAAQ,SAAS,oBAAoB,KAAK,CAAC,QAAQ,SAAS,oBAAoB,GAAG;AACtF,UAAM,cAAc,QAAQ,MAAM,wBAAwB;AAC1D,cAAU,cACN,QAAQ,QAAQ,YAAY,CAAC,GAAG,YAAY,CAAC,IAAI,4CAA4C,IAC7F,+CAA+C;AAAA,EACrD;AACA,MAAI,QAAQ,SAAS,OAAO,KAAK,CAAC,QAAQ,SAAS,0BAA0B,GAAG;AAC9E,cAAU,QAAQ,QAAQ,aAAa,kCAAkC;AAAA,EAC3E;AACA,YAAAF,QAAG,cAAc,YAAY,SAAS,MAAM;AAC5C,MAAI,+BAA+B;AACnC,SAAO;AACT;AAEA,SAAS,iBAAiB,MAAcE,SAAiB,KAAqC;AAC5F,QAAM,UAAU,YAAAH,QAAK,KAAK,MAAM,cAAc;AAC9C,MAAI,CAAC,UAAAC,QAAG,WAAW,OAAO,EAAG,QAAO;AACpC,QAAM,MAAM,KAAK,MAAM,UAAAA,QAAG,aAAa,SAAS,MAAM,CAAC;AACvD,QAAM,UAAU,IAAI,WAAW,CAAC;AAChC,MAAI,UAAU;AACd,MAAI,CAAC,QAAQ,MAAM;AACjB,YAAQ,OAAO;AACf,cAAU;AAAA,EACZ;AACA,MAAI,CAAC,QAAQ,eAAe,GAAG;AAC7B,YAAQ,eAAe,IAAI;AAC3B,cAAU;AAAA,EACZ;AACA,QAAM,MAAM,IAAI,mBAAmB,CAAC;AACpC,QAAM,OAAO,IAAI,gBAAgB,CAAC;AAClC,MAAI,CAAC,KAAK,kBAAkB,GAAG;AAC7B,SAAK,kBAAkB,IAAI;AAC3B,cAAU;AAAA,EACZ;AACA,MAAI,CAAC,IAAI,KAAK;AACZ,QAAI,MAAM;AACV,cAAU;AAAA,EACZ;AACA,MAAI,CAAC,IAAI,QAAQ;AACf,QAAI,SAAS;AACb,cAAU;AAAA,EACZ;AACA,MAAI,CAAC,SAAS;AACZ,QAAI,sDAAsD;AAC1D,WAAO;AAAA,EACT;AACA,MAAI,UAAU;AACd,MAAI,eAAe,EAAE,GAAG,IAAI,cAAc,GAAG,KAAK;AAClD,MAAI,kBAAkB,EAAE,GAAG,IAAI,iBAAiB,GAAG,IAAI;AACvD,MAAIE,SAAQ;AACV,QAAI,yDAAyD;AAC7D,WAAO;AAAA,EACT;AACA,YAAAF,QAAG,cAAc,SAAS,KAAK,UAAU,KAAK,MAAM,CAAC,GAAG,MAAM;AAC9D,MAAI,yBAAyB;AAC7B,SAAO;AACT;AAEA,eAAe,cAAc,MAAc,KAA2C;AACpF,QAAM,EAAE,UAAU,IAAI,MAAM,OAAO,eAAe;AAClD,MAAI,kCAAkC;AACtC,YAAU,OAAO,CAAC,WAAW,oBAAoB,WAAW,oBAAoB,YAAY,aAAa,eAAe,QAAQ,GAAG;AAAA,IACjI,KAAK;AAAA,IACL,OAAO;AAAA,IACP,OAAO;AAAA,EACT,CAAC;AACD,MAAI,qDAAqD;AACzD,YAAU,OAAO,CAAC,WAAW,MAAM,OAAO,UAAU,aAAa,GAAG;AAAA,IAClE,KAAK;AAAA,IACL,OAAO;AAAA,IACP,OAAO;AAAA,EACT,CAAC;AACH;AAEA,eAAe,QAAQ,MAKpB;AACD,QAAM,MAAM,CAAC,QAAgB,QAAQ,IAAI,GAAG;AAC5C,QAAM,MAAM,QAAQ,IAAI;AACxB,QAAM,OAAO,SAAS,GAAG;AACzB,MAAI,CAAC,MAAM;AACT,YAAQ,MAAM,4EAA4E,MAAM,GAAG;AACnG,YAAQ,KAAK,CAAC;AAAA,EAChB;AACA,QAAM,SAAS,YAAAD,QAAK,KAAK,MAAM,SAAS;AACxC,MAAI,CAAC,UAAAC,QAAG,WAAW,MAAM,GAAG;AAC1B,YAAQ,MAAM,8GAA8G;AAC5H,YAAQ,KAAK,CAAC;AAAA,EAChB;AAEA,MAAI,uBAAuB,IAAI;AAC/B,MAAI,KAAK,OAAQ,KAAI,WAAW;AAEhC,aAAW,CAAC,UAAU,OAAO,KAAK,OAAO,QAAQ,SAAS,GAAG;AAC3D,cAAU,MAAM,UAAU,SAAS,KAAK,OAAO,KAAK,QAAQ,GAAG;AAAA,EACjE;AAEA,MAAI,CAAC,KAAK,eAAe;AACvB,QAAI,iBAAiB;AACrB,oBAAgB,MAAM,KAAK,QAAQ,GAAG;AACtC,kBAAc,MAAM,KAAK,QAAQ,GAAG;AACpC,gBAAY,MAAM,KAAK,QAAQ,GAAG;AAClC,qBAAiB,MAAM,KAAK,QAAQ,GAAG;AAAA,EACzC;AAEA,MAAI,CAAC,KAAK,UAAU,CAAC,KAAK,QAAQ;AAChC,QAAI,eAAe;AACnB,UAAM,cAAc,MAAM,GAAG;AAAA,EAC/B,WAAW,CAAC,KAAK,UAAU,KAAK,QAAQ;AACtC,QAAI,0GAA0G;AAC9G,QAAI,oDAAoD;AAAA,EAC1D;AAEA,MAAI,EAAE;AACN,MAAI,mBAAmB;AACvB,MAAI,iHAAiH;AACrH,MAAI,kGAAkG;AACtG,MAAI,kBAAkB;AACxB;AAEA,IAAM,OAAO,QAAQ,KAAK,MAAM,CAAC;AACjC,IAAM,QAAQ,KAAK,SAAS,SAAS;AACrC,IAAM,SAAS,KAAK,SAAS,WAAW;AACxC,IAAM,SAAS,KAAK,SAAS,WAAW;AACxC,IAAM,gBAAgB,KAAK,SAAS,mBAAmB;AAEvD,IAAI,KAAK,CAAC,MAAM,UAAU,KAAK,SAAS,QAAQ,KAAM,KAAK,WAAW,KAAK,CAAC,KAAK,KAAK,CAAC,MAAM,EAAE,WAAW,IAAI,CAAC,GAAI;AACjH,UAAQ,EAAE,OAAO,QAAQ,QAAQ,cAAc,CAAC,EAAE,MAAM,CAAC,MAAM;AAC7D,YAAQ,MAAM,CAAC;AACf,YAAQ,KAAK,CAAC;AAAA,EAChB,CAAC;AACH,OAAO;AACL,UAAQ,IAAI,wFAAwF;AACpG,UAAQ,KAAK,KAAK,CAAC,MAAM,YAAY,KAAK,CAAC,MAAM,OAAO,IAAI,CAAC;AAC/D;","names":["path","fs","force","dryRun"]}
package/dist/cli.js CHANGED
@@ -160,6 +160,13 @@ async function getHandler() {
160
160
  requireAuth: requireAdminApiAuth,
161
161
  baseUrl,
162
162
  },
163
+ userProfile: {
164
+ dataSource,
165
+ entityMap: CMS_ENTITY_MAP,
166
+ json: NextResponse.json.bind(NextResponse),
167
+ getSession: () =>
168
+ getServerSession().then((s) => (s ? { user: s.user } : null)),
169
+ },
163
170
  })
164
171
  );
165
172
  }