npm - @intranefr/superbackend - Versions diffs - 1.4.4 → 1.5.1 - Mend

@intranefr/superbackend 1.4.4 → 1.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (195) hide show

package/.env.example +5 -0
package/README.md +11 -0
package/index.js +39 -1
package/package.json +11 -3
package/public/sdk/ui-components.iife.js +191 -0
package/sdk/ui-components/browser/src/index.js +228 -0
package/src/admin/endpointRegistry.js +120 -0
package/src/controllers/admin.controller.js +111 -5
package/src/controllers/adminBlockDefinitions.controller.js +127 -0
package/src/controllers/adminBlockDefinitionsAi.controller.js +54 -0
package/src/controllers/adminCache.controller.js +342 -0
package/src/controllers/adminContextBlockDefinitions.controller.js +141 -0
package/src/controllers/adminCrons.controller.js +388 -0
package/src/controllers/adminDbBrowser.controller.js +124 -0
package/src/controllers/adminEjsVirtual.controller.js +13 -3
package/src/controllers/adminHeadless.controller.js +91 -2
package/src/controllers/adminHealthChecks.controller.js +570 -0
package/src/controllers/adminI18n.controller.js +51 -29
package/src/controllers/adminLlm.controller.js +126 -2
package/src/controllers/adminPages.controller.js +720 -0
package/src/controllers/adminPagesContextBlocksAi.controller.js +54 -0
package/src/controllers/adminProxy.controller.js +113 -0
package/src/controllers/adminRateLimits.controller.js +138 -0
package/src/controllers/adminRbac.controller.js +803 -0
package/src/controllers/adminScripts.controller.js +320 -0
package/src/controllers/adminSeoConfig.controller.js +71 -48
package/src/controllers/adminTerminals.controller.js +39 -0
package/src/controllers/adminUiComponents.controller.js +315 -0
package/src/controllers/adminUiComponentsAi.controller.js +34 -0
package/src/controllers/blogAdmin.controller.js +279 -0
package/src/controllers/blogAiAdmin.controller.js +224 -0
package/src/controllers/blogAutomationAdmin.controller.js +141 -0
package/src/controllers/blogInternal.controller.js +26 -0
package/src/controllers/blogPublic.controller.js +89 -0
package/src/controllers/fileManager.controller.js +190 -0
package/src/controllers/fileManagerStoragePolicy.controller.js +23 -0
package/src/controllers/healthChecksPublic.controller.js +196 -0
package/src/controllers/metrics.controller.js +64 -4
package/src/controllers/orgAdmin.controller.js +366 -0
package/src/controllers/uiComponentsPublic.controller.js +118 -0
package/src/middleware/auth.js +7 -0
package/src/middleware/internalCronAuth.js +29 -0
package/src/middleware/rbac.js +62 -0
package/src/middleware.js +879 -56
package/src/models/BlockDefinition.js +27 -0
package/src/models/BlogAutomationLock.js +14 -0
package/src/models/BlogAutomationRun.js +39 -0
package/src/models/BlogPost.js +42 -0
package/src/models/CacheEntry.js +26 -0
package/src/models/ConsoleEntry.js +32 -0
package/src/models/ConsoleLog.js +23 -0
package/src/models/ContextBlockDefinition.js +33 -0
package/src/models/CronExecution.js +47 -0
package/src/models/CronJob.js +70 -0
package/src/models/ExternalDbConnection.js +49 -0
package/src/models/FileEntry.js +22 -0
package/src/models/HeadlessModelDefinition.js +10 -0
package/src/models/HealthAutoHealAttempt.js +57 -0
package/src/models/HealthCheck.js +132 -0
package/src/models/HealthCheckRun.js +51 -0
package/src/models/HealthIncident.js +49 -0
package/src/models/Page.js +95 -0
package/src/models/PageCollection.js +42 -0
package/src/models/ProxyEntry.js +66 -0
package/src/models/RateLimitCounter.js +19 -0
package/src/models/RateLimitMetricBucket.js +20 -0
package/src/models/RbacGrant.js +25 -0
package/src/models/RbacGroup.js +16 -0
package/src/models/RbacGroupMember.js +13 -0
package/src/models/RbacGroupRole.js +13 -0
package/src/models/RbacRole.js +25 -0
package/src/models/RbacUserRole.js +13 -0
package/src/models/ScriptDefinition.js +42 -0
package/src/models/ScriptRun.js +22 -0
package/src/models/UiComponent.js +29 -0
package/src/models/UiComponentProject.js +26 -0
package/src/models/UiComponentProjectComponent.js +18 -0
package/src/routes/admin.routes.js +1 -0
package/src/routes/adminBlog.routes.js +21 -0
package/src/routes/adminBlogAi.routes.js +16 -0
package/src/routes/adminBlogAutomation.routes.js +27 -0
package/src/routes/adminCache.routes.js +20 -0
package/src/routes/adminConsoleManager.routes.js +302 -0
package/src/routes/adminCrons.routes.js +25 -0
package/src/routes/adminDbBrowser.routes.js +65 -0
package/src/routes/adminEjsVirtual.routes.js +2 -1
package/src/routes/adminHeadless.routes.js +8 -1
package/src/routes/adminHealthChecks.routes.js +28 -0
package/src/routes/adminI18n.routes.js +4 -3
package/src/routes/adminLlm.routes.js +4 -2
package/src/routes/adminPages.routes.js +55 -0
package/src/routes/adminProxy.routes.js +15 -0
package/src/routes/adminRateLimits.routes.js +17 -0
package/src/routes/adminRbac.routes.js +38 -0
package/src/routes/adminScripts.routes.js +21 -0
package/src/routes/adminSeoConfig.routes.js +5 -4
package/src/routes/adminTerminals.routes.js +13 -0
package/src/routes/adminUiComponents.routes.js +30 -0
package/src/routes/blogInternal.routes.js +14 -0
package/src/routes/blogPublic.routes.js +9 -0
package/src/routes/fileManager.routes.js +62 -0
package/src/routes/fileManagerStoragePolicy.routes.js +9 -0
package/src/routes/healthChecksPublic.routes.js +9 -0
package/src/routes/log.routes.js +43 -60
package/src/routes/metrics.routes.js +4 -2
package/src/routes/orgAdmin.routes.js +6 -0
package/src/routes/pages.routes.js +123 -0
package/src/routes/proxy.routes.js +46 -0
package/src/routes/rbac.routes.js +47 -0
package/src/routes/uiComponentsPublic.routes.js +9 -0
package/src/routes/webhook.routes.js +2 -1
package/src/routes/workflows.routes.js +4 -0
package/src/services/blockDefinitionsAi.service.js +247 -0
package/src/services/blog.service.js +99 -0
package/src/services/blogAutomation.service.js +978 -0
package/src/services/blogCronsBootstrap.service.js +184 -0
package/src/services/blogPublishing.service.js +58 -0
package/src/services/cacheLayer.service.js +696 -0
package/src/services/consoleManager.service.js +700 -0
package/src/services/consoleOverride.service.js +6 -1
package/src/services/cronScheduler.service.js +350 -0
package/src/services/dbBrowser.service.js +536 -0
package/src/services/ejsVirtual.service.js +102 -32
package/src/services/fileManager.service.js +475 -0
package/src/services/fileManagerStoragePolicy.service.js +285 -0
package/src/services/headlessExternalModels.service.js +292 -0
package/src/services/headlessModels.service.js +26 -6
package/src/services/healthChecks.service.js +650 -0
package/src/services/healthChecksBootstrap.service.js +109 -0
package/src/services/healthChecksScheduler.service.js +106 -0
package/src/services/llmDefaults.service.js +190 -0
package/src/services/migrationAssets/s3.js +2 -2
package/src/services/pages.service.js +602 -0
package/src/services/pagesContext.service.js +331 -0
package/src/services/pagesContextBlocksAi.service.js +349 -0
package/src/services/proxy.service.js +535 -0
package/src/services/rateLimiter.service.js +623 -0
package/src/services/rbac.service.js +212 -0
package/src/services/scriptsRunner.service.js +259 -0
package/src/services/terminals.service.js +152 -0
package/src/services/terminalsWs.service.js +100 -0
package/src/services/uiComponentsAi.service.js +299 -0
package/src/services/uiComponentsCrypto.service.js +39 -0
package/src/services/workflow.service.js +23 -8
package/src/utils/orgRoles.js +14 -0
package/src/utils/rbac/engine.js +60 -0
package/src/utils/rbac/rightsRegistry.js +29 -0
package/views/admin-blog-automation.ejs +877 -0
package/views/admin-blog-edit.ejs +542 -0
package/views/admin-blog.ejs +399 -0
package/views/admin-cache.ejs +681 -0
package/views/admin-console-manager.ejs +680 -0
package/views/admin-crons.ejs +645 -0
package/views/admin-db-browser.ejs +445 -0
package/views/admin-ejs-virtual.ejs +16 -10
package/views/admin-file-manager.ejs +942 -0
package/views/admin-headless.ejs +294 -24
package/views/admin-health-checks.ejs +725 -0
package/views/admin-i18n.ejs +59 -5
package/views/admin-llm.ejs +99 -1
package/views/admin-organizations.ejs +528 -10
package/views/admin-pages.ejs +2424 -0
package/views/admin-proxy.ejs +491 -0
package/views/admin-rate-limiter.ejs +625 -0
package/views/admin-rbac.ejs +1331 -0
package/views/admin-scripts.ejs +497 -0
package/views/admin-seo-config.ejs +61 -7
package/views/admin-terminals.ejs +328 -0
package/views/admin-ui-components.ejs +741 -0
package/views/admin-users.ejs +261 -4
package/views/admin-workflows.ejs +7 -7
package/views/file-manager.ejs +866 -0
package/views/pages/blocks/contact.ejs +27 -0
package/views/pages/blocks/cta.ejs +18 -0
package/views/pages/blocks/faq.ejs +20 -0
package/views/pages/blocks/features.ejs +19 -0
package/views/pages/blocks/hero.ejs +13 -0
package/views/pages/blocks/html.ejs +5 -0
package/views/pages/blocks/image.ejs +14 -0
package/views/pages/blocks/testimonials.ejs +26 -0
package/views/pages/blocks/text.ejs +10 -0
package/views/pages/layouts/default.ejs +51 -0
package/views/pages/layouts/minimal.ejs +42 -0
package/views/pages/layouts/sidebar.ejs +54 -0
package/views/pages/partials/footer.ejs +13 -0
package/views/pages/partials/header.ejs +12 -0
package/views/pages/partials/sidebar.ejs +8 -0
package/views/pages/runtime/page.ejs +10 -0
package/views/pages/templates/article.ejs +20 -0
package/views/pages/templates/default.ejs +12 -0
package/views/pages/templates/landing.ejs +14 -0
package/views/pages/templates/listing.ejs +15 -0
package/views/partials/admin-image-upload-modal.ejs +221 -0
package/views/partials/dashboard/nav-items.ejs +14 -0
package/views/partials/llm-provider-model-picker.ejs +183 -0

package/src/controllers/adminPages.controller.js ADDED Viewed

@@ -0,0 +1,720 @@
+const Page = require('../models/Page');
+const PageCollection = require('../models/PageCollection');
+const VirtualEjsFile = require('../models/VirtualEjsFile');
+const pagesService = require('../services/pages.service');
+const pagesContextService = require('../services/pagesContext.service');
+const { getBasicAuthActor, createAuditEvent } = require('../services/audit.service');
+exports.listCollections = async (req, res) => {
+  try {
+    const { tenantId, status, isGlobal, limit, offset, search } = req.query;
+    const result = await pagesService.listCollections({
+      tenantId: tenantId || undefined,
+      status: status || undefined,
+      isGlobal: isGlobal === 'true' ? true : isGlobal === 'false' ? false : undefined,
+      limit: parseInt(limit, 10) || 50,
+      offset: parseInt(offset, 10) || 0,
+      search: search || undefined,
+    });
+    res.json(result);
+  } catch (err) {
+    console.error('[adminPages] listCollections error:', err);
+    res.status(500).json({ error: 'Failed to list collections' });
+  }
+};
+exports.getCollection = async (req, res) => {
+  try {
+    const { id } = req.params;
+    const collection = await PageCollection.findById(id).lean();
+    if (!collection) {
+      return res.status(404).json({ error: 'Collection not found' });
+    }
+    res.json({ collection });
+  } catch (err) {
+    console.error('[adminPages] getCollection error:', err);
+    res.status(500).json({ error: 'Failed to get collection' });
+  }
+};
+exports.createCollection = async (req, res) => {
+  try {
+    const actor = getBasicAuthActor(req);
+    const { slug, name, description, tenantId, isGlobal, status } = req.body;
+    const pagesPrefix = req.app.get('pagesPrefix') || '/';
+    const adminPath = req.app.get('adminPath') || '/admin';
+    const validatedSlug = pagesService.validateCollectionSlug(slug, pagesPrefix, adminPath);
+    const existing = await PageCollection.findOne({
+      slug: validatedSlug,
+      tenantId: tenantId || null,
+    });
+    if (existing) {
+      return res.status(409).json({ error: 'Collection with this slug already exists' });
+    }
+    const collection = await PageCollection.create({
+      slug: validatedSlug,
+      name: name || validatedSlug,
+      description: description || '',
+      tenantId: tenantId || null,
+      isGlobal: isGlobal !== false,
+      status: status || 'active',
+    });
+    await createAuditEvent({
+      ...actor,
+      action: 'pageCollection.create',
+      entityType: 'PageCollection',
+      entityId: String(collection._id),
+      before: null,
+      after: collection.toObject(),
+      meta: null,
+    });
+    res.status(201).json({ collection: collection.toObject() });
+  } catch (err) {
+    if (err.code === 'VALIDATION') {
+      return res.status(400).json({ error: err.message });
+    }
+    console.error('[adminPages] createCollection error:', err);
+    res.status(500).json({ error: 'Failed to create collection' });
+  }
+};
+exports.updateCollection = async (req, res) => {
+  try {
+    const actor = getBasicAuthActor(req);
+    const { id } = req.params;
+    const { slug, name, description, tenantId, isGlobal, status } = req.body;
+    const existing = await PageCollection.findById(id);
+    if (!existing) {
+      return res.status(404).json({ error: 'Collection not found' });
+    }
+    const before = existing.toObject();
+    const pagesPrefix = req.app.get('pagesPrefix') || '/';
+    const adminPath = req.app.get('adminPath') || '/admin';
+    if (slug !== undefined) {
+      const validatedSlug = pagesService.validateCollectionSlug(slug, pagesPrefix, adminPath);
+      const duplicate = await PageCollection.findOne({
+        _id: { $ne: id },
+        slug: validatedSlug,
+        tenantId: existing.tenantId,
+      });
+      if (duplicate) {
+        return res.status(409).json({ error: 'Another collection with this slug already exists' });
+      }
+      existing.slug = validatedSlug;
+    }
+    if (name !== undefined) existing.name = name;
+    if (description !== undefined) existing.description = description;
+    if (tenantId !== undefined) existing.tenantId = tenantId || null;
+    if (isGlobal !== undefined) existing.isGlobal = isGlobal;
+    if (status !== undefined) existing.status = status;
+    await existing.save();
+    await createAuditEvent({
+      ...actor,
+      action: 'pageCollection.update',
+      entityType: 'PageCollection',
+      entityId: String(existing._id),
+      before,
+      after: existing.toObject(),
+      meta: null,
+    });
+    res.json({ collection: existing.toObject() });
+  } catch (err) {
+    if (err.code === 'VALIDATION') {
+      return res.status(400).json({ error: err.message });
+    }
+    console.error('[adminPages] updateCollection error:', err);
+    res.status(500).json({ error: 'Failed to update collection' });
+  }
+};
+exports.deleteCollection = async (req, res) => {
+  try {
+    const actor = getBasicAuthActor(req);
+    const { id } = req.params;
+    const existing = await PageCollection.findById(id);
+    if (!existing) {
+      return res.status(404).json({ error: 'Collection not found' });
+    }
+    const pagesInCollection = await Page.countDocuments({ collectionId: id });
+    if (pagesInCollection > 0) {
+      return res.status(400).json({
+        error: `Cannot delete collection with ${pagesInCollection} page(s). Move or delete pages first.`
+      });
+    }
+    const before = existing.toObject();
+    await PageCollection.deleteOne({ _id: id });
+    await createAuditEvent({
+      ...actor,
+      action: 'pageCollection.delete',
+      entityType: 'PageCollection',
+      entityId: String(id),
+      before,
+      after: null,
+      meta: null,
+    });
+    res.json({ success: true });
+  } catch (err) {
+    console.error('[adminPages] deleteCollection error:', err);
+    res.status(500).json({ error: 'Failed to delete collection' });
+  }
+};
+exports.listPages = async (req, res) => {
+  try {
+    const { tenantId, collectionId, status, isGlobal, limit, offset, search } = req.query;
+    const result = await pagesService.listPages({
+      tenantId: tenantId || undefined,
+      collectionId: collectionId || undefined,
+      status: status || undefined,
+      isGlobal: isGlobal === 'true' ? true : isGlobal === 'false' ? false : undefined,
+      limit: parseInt(limit, 10) || 50,
+      offset: parseInt(offset, 10) || 0,
+      search: search || undefined,
+    });
+    res.json(result);
+  } catch (err) {
+    console.error('[adminPages] listPages error:', err);
+    res.status(500).json({ error: 'Failed to list pages' });
+  }
+};
+exports.getPage = async (req, res) => {
+  try {
+    const { id } = req.params;
+    const page = await Page.findById(id).populate('collectionId', 'slug name').lean();
+    if (!page) {
+      return res.status(404).json({ error: 'Page not found' });
+    }
+    res.json({ page });
+  } catch (err) {
+    console.error('[adminPages] getPage error:', err);
+    res.status(500).json({ error: 'Failed to get page' });
+  }
+};
+exports.createPage = async (req, res) => {
+  try {
+    const actor = getBasicAuthActor(req);
+    const {
+      slug,
+      collectionId,
+      title,
+      templateKey,
+      layoutKey,
+      blocks,
+      repeat,
+      customCss,
+      customJs,
+      seoMeta,
+      tenantId,
+      isGlobal,
+      status,
+    } = req.body;
+    const pagesPrefix = req.app.get('pagesPrefix') || '/';
+    const adminPath = req.app.get('adminPath') || '/admin';
+    let collection = null;
+    if (collectionId) {
+      collection = await PageCollection.findById(collectionId).lean();
+      if (!collection) {
+        return res.status(400).json({ error: 'Collection not found' });
+      }
+    }
+    const validatedSlug = pagesService.validatePageSlug(
+      slug,
+      collection?.slug,
+      pagesPrefix,
+      adminPath,
+    );
+    const blocksSchema = await pagesService.getBlocksSchema();
+    pagesService.validateBlocks(blocks || [], blocksSchema);
+    const existing = await Page.findOne({
+      slug: validatedSlug,
+      collectionId: collectionId || null,
+      tenantId: tenantId || null,
+    });
+    if (existing) {
+      return res.status(409).json({ error: 'Page with this slug already exists in this collection' });
+    }
+    const page = await Page.create({
+      slug: validatedSlug,
+      collectionId: collectionId || null,
+      title: title || validatedSlug,
+      templateKey: templateKey || 'default',
+      layoutKey: layoutKey || 'default',
+      blocks: blocks || [],
+      repeat: repeat === undefined ? null : repeat,
+      customCss: customCss || '',
+      customJs: customJs || '',
+      seoMeta: seoMeta || {},
+      tenantId: tenantId || null,
+      isGlobal: isGlobal !== false,
+      status: status || 'draft',
+    });
+    await createAuditEvent({
+      ...actor,
+      action: 'page.create',
+      entityType: 'Page',
+      entityId: String(page._id),
+      before: null,
+      after: page.toObject(),
+      meta: null,
+    });
+    res.status(201).json({ page: page.toObject() });
+  } catch (err) {
+    if (err.code === 'VALIDATION') {
+      return res.status(400).json({ error: err.message });
+    }
+    console.error('[adminPages] createPage error:', err);
+    res.status(500).json({ error: 'Failed to create page' });
+  }
+};
+exports.updatePage = async (req, res) => {
+  try {
+    const actor = getBasicAuthActor(req);
+    const { id } = req.params;
+    const {
+      slug,
+      collectionId,
+      title,
+      templateKey,
+      layoutKey,
+      blocks,
+      repeat,
+      customCss,
+      customJs,
+      seoMeta,
+      tenantId,
+      isGlobal,
+      status,
+    } = req.body;
+    const existing = await Page.findById(id);
+    if (!existing) {
+      return res.status(404).json({ error: 'Page not found' });
+    }
+    const before = existing.toObject();
+    const pagesPrefix = req.app.get('pagesPrefix') || '/';
+    const adminPath = req.app.get('adminPath') || '/admin';
+    let collection = null;
+    const newCollectionId = collectionId !== undefined ? collectionId : existing.collectionId;
+    if (newCollectionId) {
+      collection = await PageCollection.findById(newCollectionId).lean();
+      if (!collection) {
+        return res.status(400).json({ error: 'Collection not found' });
+      }
+    }
+    if (slug !== undefined) {
+      const validatedSlug = pagesService.validatePageSlug(
+        slug,
+        collection?.slug,
+        pagesPrefix,
+        adminPath,
+      );
+      const duplicate = await Page.findOne({
+        _id: { $ne: id },
+        slug: validatedSlug,
+        collectionId: newCollectionId || null,
+        tenantId: existing.tenantId,
+      });
+      if (duplicate) {
+        return res.status(409).json({ error: 'Another page with this slug already exists in this collection' });
+      }
+      existing.slug = validatedSlug;
+    }
+    if (collectionId !== undefined) existing.collectionId = collectionId || null;
+    if (title !== undefined) existing.title = title;
+    if (templateKey !== undefined) existing.templateKey = templateKey;
+    if (layoutKey !== undefined) existing.layoutKey = layoutKey;
+    if (blocks !== undefined) {
+      const blocksSchema = await pagesService.getBlocksSchema();
+      pagesService.validateBlocks(blocks || [], blocksSchema);
+      existing.blocks = blocks;
+    }
+    if (repeat !== undefined) existing.repeat = repeat;
+    if (customCss !== undefined) existing.customCss = customCss;
+    if (customJs !== undefined) existing.customJs = customJs;
+    if (seoMeta !== undefined) existing.seoMeta = seoMeta;
+    if (tenantId !== undefined) existing.tenantId = tenantId || null;
+    if (isGlobal !== undefined) existing.isGlobal = isGlobal;
+    if (status !== undefined) {
+      if (status === 'published' && existing.status !== 'published') {
+        existing.publishedAt = new Date();
+      }
+      existing.status = status;
+    }
+    await existing.save();
+    await createAuditEvent({
+      ...actor,
+      action: 'page.update',
+      entityType: 'Page',
+      entityId: String(existing._id),
+      before,
+      after: existing.toObject(),
+      meta: null,
+    });
+    res.json({ page: existing.toObject() });
+  } catch (err) {
+    if (err.code === 'VALIDATION') {
+      return res.status(400).json({ error: err.message });
+    }
+    console.error('[adminPages] updatePage error:', err);
+    res.status(500).json({ error: 'Failed to update page' });
+  }
+};
+exports.deletePage = async (req, res) => {
+  try {
+    const actor = getBasicAuthActor(req);
+    const { id } = req.params;
+    const existing = await Page.findById(id);
+    if (!existing) {
+      return res.status(404).json({ error: 'Page not found' });
+    }
+    const before = existing.toObject();
+    await Page.deleteOne({ _id: id });
+    await createAuditEvent({
+      ...actor,
+      action: 'page.delete',
+      entityType: 'Page',
+      entityId: String(id),
+      before,
+      after: null,
+      meta: null,
+    });
+    res.json({ success: true });
+  } catch (err) {
+    console.error('[adminPages] deletePage error:', err);
+    res.status(500).json({ error: 'Failed to delete page' });
+  }
+};
+exports.publishPage = async (req, res) => {
+  try {
+    const actor = getBasicAuthActor(req);
+    const { id } = req.params;
+    const existing = await Page.findById(id);
+    if (!existing) {
+      return res.status(404).json({ error: 'Page not found' });
+    }
+    const before = existing.toObject();
+    existing.status = 'published';
+    existing.publishedAt = new Date();
+    await existing.save();
+    await createAuditEvent({
+      ...actor,
+      action: 'page.publish',
+      entityType: 'Page',
+      entityId: String(existing._id),
+      before,
+      after: existing.toObject(),
+      meta: null,
+    });
+    res.json({ page: existing.toObject() });
+  } catch (err) {
+    console.error('[adminPages] publishPage error:', err);
+    res.status(500).json({ error: 'Failed to publish page' });
+  }
+};
+exports.unpublishPage = async (req, res) => {
+  try {
+    const actor = getBasicAuthActor(req);
+    const { id } = req.params;
+    const existing = await Page.findById(id);
+    if (!existing) {
+      return res.status(404).json({ error: 'Page not found' });
+    }
+    const before = existing.toObject();
+    existing.status = 'draft';
+    await existing.save();
+    await createAuditEvent({
+      ...actor,
+      action: 'page.unpublish',
+      entityType: 'Page',
+      entityId: String(existing._id),
+      before,
+      after: existing.toObject(),
+      meta: null,
+    });
+    res.json({ page: existing.toObject() });
+  } catch (err) {
+    console.error('[adminPages] unpublishPage error:', err);
+    res.status(500).json({ error: 'Failed to unpublish page' });
+  }
+};
+exports.getAvailableTemplates = async (req, res) => {
+  try {
+    const base = [
+      { key: 'default', name: 'Default Template', description: 'Basic page template' },
+      { key: 'landing', name: 'Landing Page', description: 'Marketing landing page with hero and CTA sections' },
+      { key: 'article', name: 'Article', description: 'Blog post or article layout' },
+      { key: 'listing', name: 'Listing', description: 'Grid or list of items' },
+    ];
+    let dbFiles = [];
+    try {
+      dbFiles = await VirtualEjsFile.find({ path: /^pages\/templates\/[^/]+\.ejs$/ }).select('path updatedAt enabled').lean();
+    } catch (_) {
+      dbFiles = [];
+    }
+    const byKey = new Map(base.map((t) => [t.key, t]));
+    for (const f of dbFiles) {
+      const m = String(f.path || '').match(/^pages\/templates\/([^/]+)\.ejs$/);
+      if (!m) continue;
+      const key = String(m[1] || '').trim();
+      if (!key) continue;
+      if (byKey.has(key)) continue;
+      byKey.set(key, { key, name: key, description: '' });
+    }
+    const templates = Array.from(byKey.values()).sort((a, b) => String(a.key).localeCompare(String(b.key)));
+    res.json({ templates });
+  } catch (err) {
+    console.error('[adminPages] getAvailableTemplates error:', err);
+    res.status(500).json({ error: 'Failed to get templates' });
+  }
+};
+exports.getAvailableLayouts = async (req, res) => {
+  try {
+    const base = [
+      { key: 'default', name: 'Default Layout', description: 'Standard layout with header and footer' },
+      { key: 'minimal', name: 'Minimal', description: 'Clean layout without navigation' },
+      { key: 'sidebar', name: 'Sidebar', description: 'Layout with sidebar navigation' },
+    ];
+    let dbFiles = [];
+    try {
+      dbFiles = await VirtualEjsFile.find({ path: /^pages\/layouts\/[^/]+\.ejs$/ }).select('path updatedAt enabled').lean();
+    } catch (_) {
+      dbFiles = [];
+    }
+    const byKey = new Map(base.map((l) => [l.key, l]));
+    for (const f of dbFiles) {
+      const m = String(f.path || '').match(/^pages\/layouts\/([^/]+)\.ejs$/);
+      if (!m) continue;
+      const key = String(m[1] || '').trim();
+      if (!key) continue;
+      if (byKey.has(key)) continue;
+      byKey.set(key, { key, name: key, description: '' });
+    }
+    const layouts = Array.from(byKey.values()).sort((a, b) => String(a.key).localeCompare(String(b.key)));
+    res.json({ layouts });
+  } catch (err) {
+    console.error('[adminPages] getAvailableLayouts error:', err);
+    res.status(500).json({ error: 'Failed to get layouts' });
+  }
+};
+exports.getAvailableBlocks = async (req, res) => {
+  try {
+    const schema = await pagesService.getBlocksSchema();
+    const defs = schema?.blocks || {};
+    const blocks = Object.keys(defs).map((type) => ({
+      type,
+      name: defs[type]?.label || type,
+      description: defs[type]?.description || '',
+    }));
+    res.json({ blocks });
+  } catch (err) {
+    console.error('[adminPages] getAvailableBlocks error:', err);
+    res.status(500).json({ error: 'Failed to get available blocks' });
+  }
+};
+exports.getBlocksSchema = async (req, res) => {
+  try {
+    const schema = await pagesService.getBlocksSchema();
+    res.json({ schema, alias: pagesService.BLOCKS_SCHEMA_JSON_CONFIG_ALIAS });
+  } catch (err) {
+    console.error('[adminPages] getBlocksSchema error:', err);
+    res.status(500).json({ error: 'Failed to get blocks schema' });
+  }
+};
+function toSafeJsonError(error) {
+  const msg = error?.message || 'Operation failed';
+  const code = error?.code;
+  if (code === 'VALIDATION') return { status: 400, body: { error: msg } };
+  if (code === 'NOT_FOUND') return { status: 404, body: { error: msg } };
+  if (code === 'TIMEOUT') return { status: 408, body: { error: msg } };
+  return { status: 500, body: { error: msg } };
+}
+exports.testPageContextPhase = async (req, res) => {
+  try {
+    const { id } = req.params;
+    const page = await Page.findById(id).lean();
+    if (!page) return res.status(404).json({ error: 'Page not found' });
+    const routePath = req.body?.routePath || (page.collectionId ? '/_test' : '/_test');
+    const params = req.body?.params || (page._params || {});
+    const mockContext = req.body?.mockContext || null;
+    const startedAt = Date.now();
+    const { pageContext, contextBlocks } = await pagesContextService.resolvePageContext({
+      page,
+      req,
+      res,
+      routePath,
+      params,
+      mockContext,
+    });
+    res.json({
+      ok: true,
+      elapsedMs: Date.now() - startedAt,
+      contextBlocksCount: contextBlocks.length,
+      vars: pageContext.vars,
+    });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};
+exports.testPageContextBlock = async (req, res) => {
+  try {
+    const { id } = req.params;
+    const page = await Page.findById(id).lean();
+    if (!page) return res.status(404).json({ error: 'Page not found' });
+    const block = req.body?.block;
+    if (!block || typeof block !== 'object') {
+      return res.status(400).json({ error: 'block is required' });
+    }
+    const type = String(block.type || '').trim();
+    if (!type.startsWith('context.')) {
+      return res.status(400).json({ error: 'Only context.* blocks can be tested with this endpoint' });
+    }
+    const routePath = req.body?.routePath || (page.collectionId ? '/_test' : '/_test');
+    const params = req.body?.params || (page._params || {});
+    const mockContext = req.body?.mockContext || null;
+    const startedAt = Date.now();
+    const synthetic = { ...page, blocks: [block] };
+    const { pageContext, contextBlocks } = await pagesContextService.resolvePageContext({
+      page: synthetic,
+      req,
+      res,
+      routePath,
+      params,
+      mockContext,
+    });
+    res.json({
+      ok: true,
+      elapsedMs: Date.now() - startedAt,
+      contextBlocksCount: contextBlocks.length,
+      vars: pageContext.vars,
+    });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};
+exports.testContextBlockAdhoc = async (req, res) => {
+  try {
+    const block = req.body?.block;
+    if (!block || typeof block !== 'object') {
+      return res.status(400).json({ error: 'block is required' });
+    }
+    const type = String(block.type || '').trim();
+    if (!type.startsWith('context.')) {
+      return res.status(400).json({ error: 'Only context.* blocks can be tested with this endpoint' });
+    }
+    const mockContext = req.body?.mockContext || null;
+    const routePath = req.body?.routePath || '/_test';
+    const params = req.body?.params || {};
+    const startedAt = Date.now();
+    const syntheticPage = {
+      slug: '_test',
+      title: 'Test',
+      templateKey: 'default',
+      layoutKey: 'default',
+      blocks: [block],
+      repeat: null,
+      seoMeta: {},
+      customCss: '',
+      customJs: '',
+    };
+    const { pageContext, contextBlocks } = await pagesContextService.resolvePageContext({
+      page: syntheticPage,
+      req,
+      res,
+      routePath,
+      params,
+      mockContext,
+    });
+    res.json({
+      ok: true,
+      elapsedMs: Date.now() - startedAt,
+      contextBlocksCount: contextBlocks.length,
+      vars: pageContext.vars,
+    });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};