@infuro/cms-core 1.0.8 → 1.0.10

package/dist/helpers-dlrF_49e.d.ts

@@ -0,0 +1,60 @@
+/** Canonical name for new installs / migrations */
+declare const ADMIN_GROUP_NAME = "Administrator";
+/** System administrator group (roles UI + users / user_groups / permissions bypass). */
+declare function isSuperAdminGroupName(name: string | null | undefined): boolean;
+type EntityCrudAction = 'create' | 'read' | 'update' | 'delete';
+type EntityPermissionFlags = {
+    c: boolean;
+    r: boolean;
+    u: boolean;
+    d: boolean;
+};
+declare function getPermissionableEntityKeys(entityMap: Record<string, unknown>): string[];
+declare function permissionRowsToRecord(rows: Array<{
+    entity: string;
+    canCreate: boolean;
+    canRead: boolean;
+    canUpdate: boolean;
+    canDelete: boolean;
+}> | undefined): Record<string, EntityPermissionFlags>;
+declare function hasEntityPermission(record: Record<string, EntityPermissionFlags> | undefined, entity: string, action: EntityCrudAction): boolean;
+
+/** isRBACAdmin bypasses entity checks only for these (users / roles plumbing). */
+declare const RBAC_ADMIN_ONLY_ENTITIES: Set<string>;
+interface SessionUser {
+    id?: string;
+    email?: string | null;
+    name?: string | null;
+    groupId?: number;
+    /** @deprecated use entityPerms / isRBACAdmin */
+    permissions?: string[];
+    /** Administrator group: full access only for users, user_groups, permissions */
+    isRBACAdmin?: boolean;
+    entityPerms?: Record<string, EntityPermissionFlags>;
+    /** When false and not isRBACAdmin, admin API/UI is denied. */
+    adminAccess?: boolean;
+}
+declare function sessionHasEntityAccess(user: SessionUser | null | undefined, entity: string, action: EntityCrudAction): boolean;
+declare function canManageRoles(user: SessionUser | null | undefined): boolean;
+type GetSession = () => Promise<{
+    user?: SessionUser;
+} | null>;
+declare const OPEN_ENDPOINTS: Array<Record<string, string[]>>;
+declare const PERMISSION_REQUIRED_ENDPOINTS: Record<string, string[]>;
+declare function isOpenEndpoint(pathname: string): boolean;
+declare function getRequiredPermission(pathname: string): string[] | null;
+declare function isPublicMethod(pathname: string, method: string): boolean;
+interface AuthHelpers {
+    requireAuth(req: Request): Promise<Response | null>;
+    requirePermission(req: Request, permission: string): Promise<Response | null>;
+    requireEntityPermission(req: Request, entity: string, action: EntityCrudAction): Promise<Response | null>;
+    requireAdminAccess(req: Request): Promise<Response | null>;
+    getAuthenticatedUser(): Promise<SessionUser | null>;
+}
+declare function createAuthHelpers(getSession: GetSession, NextResponse: {
+    json: (body: unknown, init?: {
+        status?: number;
+    }) => Response;
+}): AuthHelpers;
+
+export { ADMIN_GROUP_NAME as A, type EntityCrudAction as E, type GetSession as G, OPEN_ENDPOINTS as O, PERMISSION_REQUIRED_ENDPOINTS as P, RBAC_ADMIN_ONLY_ENTITIES as R, type SessionUser as S, type AuthHelpers as a, type EntityPermissionFlags as b, canManageRoles as c, createAuthHelpers as d, getRequiredPermission as e, isPublicMethod as f, getPermissionableEntityKeys as g, hasEntityPermission as h, isOpenEndpoint as i, isSuperAdminGroupName as j, permissionRowsToRecord as p, sessionHasEntityAccess as s };

package/dist/{index-P5ajDo8-.d.ts → index-C_CZLmHD.d.cts}

@@ -1,5 +1,45 @@
 import * as typeorm from 'typeorm';
 import { DataSource } from 'typeorm';
+import { E as EntityCrudAction, S as SessionUser } from './helpers-dlrF_49e.cjs';
+
+/** Social entry: use `iconUrl` for an image, or `icon` (emoji/text) as fallback when no image. */
+interface SocialLinkItem {
+    url: string;
+    iconUrl?: string;
+    icon?: string;
+}
+interface CompanyDetails {
+    logoUrl?: string;
+    companyName?: string;
+    supportEmail?: string;
+    supportPhone?: string;
+    socialLinks?: SocialLinkItem[];
+    /** Shown below footer rows; from email plugin settings */
+    footerDisclaimer?: string;
+    /** Heading above social icons (default "Follow Us") */
+    followUsTitle?: string;
+}
+/** One row in order-placed transactional emails */
+interface OrderPlacedLineItem {
+    productName: string;
+    quantity: number;
+    unitPrice: number | string;
+    lineTotal: number | string;
+    sku?: string | null;
+}
+/** Merge branding + email plugin settings for layout (email overrides when set). */
+declare function mergeEmailLayoutCompanyDetails(branding: Record<string, string>, emailSettings: Record<string, string>): CompanyDetails;
+interface EmailTemplateResult {
+    subject: string;
+    bodyHtml: string;
+    text?: string;
+}
+type TemplateContext<T = unknown> = T & {
+    companyDetails: CompanyDetails;
+};
+declare const EMAIL_TEMPLATE_NAMES: readonly ["signup", "passwordReset", "passwordChange", "orderPlaced", "returnInitiated", "shippingUpdate", "invite", "formSubmission"];
+type EmailTemplateName = (typeof EMAIL_TEMPLATE_NAMES)[number];
+declare function getCompanyDetailsFromSettings(settingsGroup: Record<string, string>): CompanyDetails;
 
 /**
  * Storage plugin contract: upload a file and return its public URL.
@@ -14,6 +54,7 @@ interface CrudHandlerOptions {
     json: (body: unknown, init?: {
         status?: number;
     }) => Response;
+    requireEntityPermission?: (req: Request, entity: string, action: EntityCrudAction) => Promise<Response | null>;
 }
 declare function createCrudHandler(dataSource: DataSource, entityMap: EntityMap, options: CrudHandlerOptions): {
     GET(req: Request, resource: string): Promise<Response>;
@@ -48,6 +89,8 @@ interface ForgotPasswordConfig extends AuthHandlersConfig {
         subject: string;
         html: string;
         text?: string;
+        /** Plain reset URL for templated emails (preferred over parsing html). */
+        resetLink?: string;
     }) => Promise<void>;
     resetExpiryHours?: number;
     afterCreateToken?: (email: string, resetLink: string) => Promise<void>;
@@ -101,11 +144,13 @@ declare function createUserAuthApiRouter(config: UserAuthApiConfig): {
  * All accept injectable deps; upload supports S3 or local.
  */
 
+type RequireEntityPermissionFn = (req: Request, entity: string, action: EntityCrudAction) => Promise<Response | null>;
 interface CmsHandlersBase {
     json: (body: unknown, init?: {
         status?: number;
     }) => Response;
     requireAuth: (req: Request) => Promise<Response | null>;
+    requireEntityPermission?: RequireEntityPermissionFn;
 }
 interface DashboardStatsConfig extends CmsHandlersBase {
     dataSource: DataSource;
@@ -160,6 +205,12 @@ interface FormSubmissionHandlerConfig {
     json: (body: unknown, init?: {
         status?: number;
     }) => Response;
+    /** When set, form submission notification email is queued (CRM recipient). */
+    getCms?: () => Promise<{
+        getPlugin: (name: string) => unknown;
+    }>;
+    getCompanyDetails?: () => Promise<CompanyDetails>;
+    getRecipientForChannel?: (channel: 'crm' | 'sales' | 'fulfilment') => Promise<string | null>;
 }
 interface FormSubmissionGetByIdConfig extends CmsHandlersBase {
     dataSource: DataSource;
@@ -172,6 +223,11 @@ interface UsersApiConfig extends CmsHandlersBase {
     dataSource: DataSource;
     entityMap: EntityMap;
     baseUrl: string;
+    /** When set with email queue/plugin, invite emails are sent on user create and regenerate-invite. */
+    getCms?: () => Promise<{
+        getPlugin: (name: string) => unknown;
+    }>;
+    getCompanyDetails?: () => Promise<CompanyDetails>;
 }
 declare function createUsersApiHandlers(config: UsersApiConfig): {
     list(req: Request): Promise<Response>;
@@ -240,6 +296,10 @@ interface CmsApiHandlerConfig {
     crudResources?: string[];
     /** When set, analytics and userAuth.sendEmail can be derived from getPlugin('analytics') and getPlugin('email') when not provided. */
     getCms?: CmsGetter;
+    /** Optional: used when deriving userAuth.sendEmail to pass company details into email templates (e.g. from settings). */
+    getCompanyDetails?: () => Promise<CompanyDetails>;
+    /** Optional: used for form submission and other channel-based email recipients (from settings group "email"). */
+    getRecipientForChannel?: (channel: 'crm' | 'sales' | 'fulfilment') => Promise<string | null>;
     userAuth?: UserAuthApiConfig;
     /** GET /api/dashboard/stats */
     dashboard?: DashboardStatsConfig;
@@ -267,9 +327,36 @@ interface CmsApiHandlerConfig {
     settings?: SettingsApiConfig;
     /** POST /api/chat/identify, GET /api/chat/conversations/:id/messages, POST /api/chat/messages */
     chat?: ChatApiConfig;
+    /** When set, CRUD and admin routes enforce entity-level permissions from session */
+    requireEntityPermission?: (req: Request, entity: string, action: EntityCrudAction) => Promise<Response | null>;
+    /** Required for GET/POST/PATCH/DELETE /api/admin/roles */
+    getSessionUser?: () => Promise<SessionUser | null>;
 }
 declare function createCmsApiHandler(config: CmsApiHandlerConfig): {
     handle(method: string, path: string[], req: Request): Promise<Response>;
 };
 
-export { type AnalyticsHandlerConfig as A, type BlogBySlugConfig as B, type ChangePasswordConfig as C, type DashboardStatsConfig as D, type EntityMap as E, type ForgotPasswordConfig as F, createUserProfileHandler as G, createUsersApiHandlers as H, type InviteAcceptConfig as I, type StorageService as S, type UploadHandlerConfig as U, type AuthHandlersConfig as a, type CmsApiHandlerConfig as b, type CmsGetter as c, type CrudHandlerOptions as d, type FormBySlugConfig as e, type SetPasswordConfig as f, type SettingsApiConfig as g, type UserAuthApiConfig as h, type UserAvatarConfig as i, type UserProfileConfig as j, type UsersApiConfig as k, createAnalyticsHandlers as l, createBlogBySlugHandler as m, createChangePasswordHandler as n, createCmsApiHandler as o, createCrudByIdHandler as p, createCrudHandler as q, createDashboardStatsHandler as r, createForgotPasswordHandler as s, createFormBySlugHandler as t, createInviteAcceptHandler as u, createSetPasswordHandler as v, createSettingsApiHandlers as w, createUploadHandler as x, createUserAuthApiRouter as y, createUserAvatarHandler as z };
+interface StorefrontApiConfig {
+    dataSource: DataSource;
+    entityMap: EntityMap;
+    json: (body: unknown, init?: {
+        status?: number;
+        headers?: HeadersInit;
+    }) => Response;
+    getSessionUser: () => Promise<SessionUser | null>;
+    guestCookieName?: string;
+    /** Required for POST storefront/register */
+    hashPassword?: (plain: string) => Promise<string>;
+    /** When set, new registrations are blocked until email is verified and a signup email is sent. */
+    getCms?: () => Promise<{
+        getPlugin: (name: string) => unknown;
+    }>;
+    getCompanyDetails?: () => Promise<CompanyDetails>;
+    /** Origin for verify links (e.g. process.env.NEXTAUTH_URL). Required with getCms for verification URLs. */
+    publicSiteUrl?: string;
+}
+declare function createStorefrontApiHandler(config: StorefrontApiConfig): {
+    handle(method: string, path: string[], req: Request): Promise<Response>;
+};
+
+export { type AnalyticsHandlerConfig as A, type BlogBySlugConfig as B, type CompanyDetails as C, type DashboardStatsConfig as D, type EmailTemplateResult as E, type ForgotPasswordConfig as F, createSetPasswordHandler as G, createSettingsApiHandlers as H, type InviteAcceptConfig as I, createStorefrontApiHandler as J, createUploadHandler as K, createUserAuthApiRouter as L, createUserAvatarHandler as M, createUserProfileHandler as N, type OrderPlacedLineItem as O, createUsersApiHandlers as P, getCompanyDetailsFromSettings as Q, mergeEmailLayoutCompanyDetails as R, type StorageService as S, type TemplateContext as T, type UploadHandlerConfig as U, type EmailTemplateName as a, type AuthHandlersConfig as b, type ChangePasswordConfig as c, type CmsApiHandlerConfig as d, type CmsGetter as e, type CrudHandlerOptions as f, type EntityMap as g, type FormBySlugConfig as h, type SetPasswordConfig as i, type SettingsApiConfig as j, type SocialLinkItem as k, type StorefrontApiConfig as l, type UserAuthApiConfig as m, type UserAvatarConfig as n, type UserProfileConfig as o, type UsersApiConfig as p, createAnalyticsHandlers as q, createBlogBySlugHandler as r, createChangePasswordHandler as s, createCmsApiHandler as t, createCrudByIdHandler as u, createCrudHandler as v, createDashboardStatsHandler as w, createForgotPasswordHandler as x, createFormBySlugHandler as y, createInviteAcceptHandler as z };

package/dist/{index-P5ajDo8-.d.cts → index-DeO4AnAj.d.ts}

@@ -1,5 +1,45 @@
 import * as typeorm from 'typeorm';
 import { DataSource } from 'typeorm';
+import { E as EntityCrudAction, S as SessionUser } from './helpers-dlrF_49e.js';
+
+/** Social entry: use `iconUrl` for an image, or `icon` (emoji/text) as fallback when no image. */
+interface SocialLinkItem {
+    url: string;
+    iconUrl?: string;
+    icon?: string;
+}
+interface CompanyDetails {
+    logoUrl?: string;
+    companyName?: string;
+    supportEmail?: string;
+    supportPhone?: string;
+    socialLinks?: SocialLinkItem[];
+    /** Shown below footer rows; from email plugin settings */
+    footerDisclaimer?: string;
+    /** Heading above social icons (default "Follow Us") */
+    followUsTitle?: string;
+}
+/** One row in order-placed transactional emails */
+interface OrderPlacedLineItem {
+    productName: string;
+    quantity: number;
+    unitPrice: number | string;
+    lineTotal: number | string;
+    sku?: string | null;
+}
+/** Merge branding + email plugin settings for layout (email overrides when set). */
+declare function mergeEmailLayoutCompanyDetails(branding: Record<string, string>, emailSettings: Record<string, string>): CompanyDetails;
+interface EmailTemplateResult {
+    subject: string;
+    bodyHtml: string;
+    text?: string;
+}
+type TemplateContext<T = unknown> = T & {
+    companyDetails: CompanyDetails;
+};
+declare const EMAIL_TEMPLATE_NAMES: readonly ["signup", "passwordReset", "passwordChange", "orderPlaced", "returnInitiated", "shippingUpdate", "invite", "formSubmission"];
+type EmailTemplateName = (typeof EMAIL_TEMPLATE_NAMES)[number];
+declare function getCompanyDetailsFromSettings(settingsGroup: Record<string, string>): CompanyDetails;
 
 /**
  * Storage plugin contract: upload a file and return its public URL.
@@ -14,6 +54,7 @@ interface CrudHandlerOptions {
     json: (body: unknown, init?: {
         status?: number;
     }) => Response;
+    requireEntityPermission?: (req: Request, entity: string, action: EntityCrudAction) => Promise<Response | null>;
 }
 declare function createCrudHandler(dataSource: DataSource, entityMap: EntityMap, options: CrudHandlerOptions): {
     GET(req: Request, resource: string): Promise<Response>;
@@ -48,6 +89,8 @@ interface ForgotPasswordConfig extends AuthHandlersConfig {
         subject: string;
         html: string;
         text?: string;
+        /** Plain reset URL for templated emails (preferred over parsing html). */
+        resetLink?: string;
     }) => Promise<void>;
     resetExpiryHours?: number;
     afterCreateToken?: (email: string, resetLink: string) => Promise<void>;
@@ -101,11 +144,13 @@ declare function createUserAuthApiRouter(config: UserAuthApiConfig): {
  * All accept injectable deps; upload supports S3 or local.
  */
 
+type RequireEntityPermissionFn = (req: Request, entity: string, action: EntityCrudAction) => Promise<Response | null>;
 interface CmsHandlersBase {
     json: (body: unknown, init?: {
         status?: number;
     }) => Response;
     requireAuth: (req: Request) => Promise<Response | null>;
+    requireEntityPermission?: RequireEntityPermissionFn;
 }
 interface DashboardStatsConfig extends CmsHandlersBase {
     dataSource: DataSource;
@@ -160,6 +205,12 @@ interface FormSubmissionHandlerConfig {
     json: (body: unknown, init?: {
         status?: number;
     }) => Response;
+    /** When set, form submission notification email is queued (CRM recipient). */
+    getCms?: () => Promise<{
+        getPlugin: (name: string) => unknown;
+    }>;
+    getCompanyDetails?: () => Promise<CompanyDetails>;
+    getRecipientForChannel?: (channel: 'crm' | 'sales' | 'fulfilment') => Promise<string | null>;
 }
 interface FormSubmissionGetByIdConfig extends CmsHandlersBase {
     dataSource: DataSource;
@@ -172,6 +223,11 @@ interface UsersApiConfig extends CmsHandlersBase {
     dataSource: DataSource;
     entityMap: EntityMap;
     baseUrl: string;
+    /** When set with email queue/plugin, invite emails are sent on user create and regenerate-invite. */
+    getCms?: () => Promise<{
+        getPlugin: (name: string) => unknown;
+    }>;
+    getCompanyDetails?: () => Promise<CompanyDetails>;
 }
 declare function createUsersApiHandlers(config: UsersApiConfig): {
     list(req: Request): Promise<Response>;
@@ -240,6 +296,10 @@ interface CmsApiHandlerConfig {
     crudResources?: string[];
     /** When set, analytics and userAuth.sendEmail can be derived from getPlugin('analytics') and getPlugin('email') when not provided. */
     getCms?: CmsGetter;
+    /** Optional: used when deriving userAuth.sendEmail to pass company details into email templates (e.g. from settings). */
+    getCompanyDetails?: () => Promise<CompanyDetails>;
+    /** Optional: used for form submission and other channel-based email recipients (from settings group "email"). */
+    getRecipientForChannel?: (channel: 'crm' | 'sales' | 'fulfilment') => Promise<string | null>;
     userAuth?: UserAuthApiConfig;
     /** GET /api/dashboard/stats */
     dashboard?: DashboardStatsConfig;
@@ -267,9 +327,36 @@ interface CmsApiHandlerConfig {
     settings?: SettingsApiConfig;
     /** POST /api/chat/identify, GET /api/chat/conversations/:id/messages, POST /api/chat/messages */
     chat?: ChatApiConfig;
+    /** When set, CRUD and admin routes enforce entity-level permissions from session */
+    requireEntityPermission?: (req: Request, entity: string, action: EntityCrudAction) => Promise<Response | null>;
+    /** Required for GET/POST/PATCH/DELETE /api/admin/roles */
+    getSessionUser?: () => Promise<SessionUser | null>;
 }
 declare function createCmsApiHandler(config: CmsApiHandlerConfig): {
     handle(method: string, path: string[], req: Request): Promise<Response>;
 };
 
-export { type AnalyticsHandlerConfig as A, type BlogBySlugConfig as B, type ChangePasswordConfig as C, type DashboardStatsConfig as D, type EntityMap as E, type ForgotPasswordConfig as F, createUserProfileHandler as G, createUsersApiHandlers as H, type InviteAcceptConfig as I, type StorageService as S, type UploadHandlerConfig as U, type AuthHandlersConfig as a, type CmsApiHandlerConfig as b, type CmsGetter as c, type CrudHandlerOptions as d, type FormBySlugConfig as e, type SetPasswordConfig as f, type SettingsApiConfig as g, type UserAuthApiConfig as h, type UserAvatarConfig as i, type UserProfileConfig as j, type UsersApiConfig as k, createAnalyticsHandlers as l, createBlogBySlugHandler as m, createChangePasswordHandler as n, createCmsApiHandler as o, createCrudByIdHandler as p, createCrudHandler as q, createDashboardStatsHandler as r, createForgotPasswordHandler as s, createFormBySlugHandler as t, createInviteAcceptHandler as u, createSetPasswordHandler as v, createSettingsApiHandlers as w, createUploadHandler as x, createUserAuthApiRouter as y, createUserAvatarHandler as z };
+interface StorefrontApiConfig {
+    dataSource: DataSource;
+    entityMap: EntityMap;
+    json: (body: unknown, init?: {
+        status?: number;
+        headers?: HeadersInit;
+    }) => Response;
+    getSessionUser: () => Promise<SessionUser | null>;
+    guestCookieName?: string;
+    /** Required for POST storefront/register */
+    hashPassword?: (plain: string) => Promise<string>;
+    /** When set, new registrations are blocked until email is verified and a signup email is sent. */
+    getCms?: () => Promise<{
+        getPlugin: (name: string) => unknown;
+    }>;
+    getCompanyDetails?: () => Promise<CompanyDetails>;
+    /** Origin for verify links (e.g. process.env.NEXTAUTH_URL). Required with getCms for verification URLs. */
+    publicSiteUrl?: string;
+}
+declare function createStorefrontApiHandler(config: StorefrontApiConfig): {
+    handle(method: string, path: string[], req: Request): Promise<Response>;
+};
+
+export { type AnalyticsHandlerConfig as A, type BlogBySlugConfig as B, type CompanyDetails as C, type DashboardStatsConfig as D, type EmailTemplateResult as E, type ForgotPasswordConfig as F, createSetPasswordHandler as G, createSettingsApiHandlers as H, type InviteAcceptConfig as I, createStorefrontApiHandler as J, createUploadHandler as K, createUserAuthApiRouter as L, createUserAvatarHandler as M, createUserProfileHandler as N, type OrderPlacedLineItem as O, createUsersApiHandlers as P, getCompanyDetailsFromSettings as Q, mergeEmailLayoutCompanyDetails as R, type StorageService as S, type TemplateContext as T, type UploadHandlerConfig as U, type EmailTemplateName as a, type AuthHandlersConfig as b, type ChangePasswordConfig as c, type CmsApiHandlerConfig as d, type CmsGetter as e, type CrudHandlerOptions as f, type EntityMap as g, type FormBySlugConfig as h, type SetPasswordConfig as i, type SettingsApiConfig as j, type SocialLinkItem as k, type StorefrontApiConfig as l, type UserAuthApiConfig as m, type UserAvatarConfig as n, type UserProfileConfig as o, type UsersApiConfig as p, createAnalyticsHandlers as q, createBlogBySlugHandler as r, createChangePasswordHandler as s, createCmsApiHandler as t, createCrudByIdHandler as u, createCrudHandler as v, createDashboardStatsHandler as w, createForgotPasswordHandler as x, createFormBySlugHandler as y, createInviteAcceptHandler as z };