npm - @intranefr/superbackend - Versions diffs - 1.5.0 → 1.5.1 - Mend

@intranefr/superbackend 1.5.0 → 1.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (171) hide show

package/.env.example +5 -0
package/README.md +11 -0
package/index.js +23 -0
package/package.json +7 -2
package/src/admin/endpointRegistry.js +120 -0
package/src/controllers/admin.controller.js +22 -5
package/src/controllers/adminBlockDefinitions.controller.js +127 -0
package/src/controllers/adminBlockDefinitionsAi.controller.js +54 -0
package/src/controllers/adminCache.controller.js +342 -0
package/src/controllers/adminContextBlockDefinitions.controller.js +141 -0
package/src/controllers/adminCrons.controller.js +388 -0
package/src/controllers/adminDbBrowser.controller.js +124 -0
package/src/controllers/adminEjsVirtual.controller.js +13 -3
package/src/controllers/adminHeadless.controller.js +9 -2
package/src/controllers/adminHealthChecks.controller.js +570 -0
package/src/controllers/adminI18n.controller.js +51 -29
package/src/controllers/adminLlm.controller.js +126 -2
package/src/controllers/adminPages.controller.js +720 -0
package/src/controllers/adminPagesContextBlocksAi.controller.js +54 -0
package/src/controllers/adminProxy.controller.js +113 -0
package/src/controllers/adminRateLimits.controller.js +138 -0
package/src/controllers/adminRbac.controller.js +803 -0
package/src/controllers/adminScripts.controller.js +93 -2
package/src/controllers/adminSeoConfig.controller.js +71 -48
package/src/controllers/blogAdmin.controller.js +279 -0
package/src/controllers/blogAiAdmin.controller.js +224 -0
package/src/controllers/blogAutomationAdmin.controller.js +141 -0
package/src/controllers/blogInternal.controller.js +26 -0
package/src/controllers/blogPublic.controller.js +89 -0
package/src/controllers/fileManager.controller.js +190 -0
package/src/controllers/fileManagerStoragePolicy.controller.js +23 -0
package/src/controllers/healthChecksPublic.controller.js +196 -0
package/src/controllers/metrics.controller.js +64 -4
package/src/controllers/orgAdmin.controller.js +80 -0
package/src/middleware/internalCronAuth.js +29 -0
package/src/middleware/rbac.js +62 -0
package/src/middleware.js +756 -48
package/src/models/BlockDefinition.js +27 -0
package/src/models/BlogAutomationLock.js +14 -0
package/src/models/BlogAutomationRun.js +39 -0
package/src/models/BlogPost.js +42 -0
package/src/models/CacheEntry.js +26 -0
package/src/models/ConsoleEntry.js +32 -0
package/src/models/ConsoleLog.js +23 -0
package/src/models/ContextBlockDefinition.js +33 -0
package/src/models/CronExecution.js +47 -0
package/src/models/CronJob.js +70 -0
package/src/models/ExternalDbConnection.js +49 -0
package/src/models/FileEntry.js +22 -0
package/src/models/HealthAutoHealAttempt.js +57 -0
package/src/models/HealthCheck.js +132 -0
package/src/models/HealthCheckRun.js +51 -0
package/src/models/HealthIncident.js +49 -0
package/src/models/Page.js +95 -0
package/src/models/PageCollection.js +42 -0
package/src/models/ProxyEntry.js +66 -0
package/src/models/RateLimitCounter.js +19 -0
package/src/models/RateLimitMetricBucket.js +20 -0
package/src/models/RbacGrant.js +25 -0
package/src/models/RbacGroup.js +16 -0
package/src/models/RbacGroupMember.js +13 -0
package/src/models/RbacGroupRole.js +13 -0
package/src/models/RbacRole.js +25 -0
package/src/models/RbacUserRole.js +13 -0
package/src/routes/adminBlog.routes.js +21 -0
package/src/routes/adminBlogAi.routes.js +16 -0
package/src/routes/adminBlogAutomation.routes.js +27 -0
package/src/routes/adminCache.routes.js +20 -0
package/src/routes/adminConsoleManager.routes.js +302 -0
package/src/routes/adminCrons.routes.js +25 -0
package/src/routes/adminDbBrowser.routes.js +65 -0
package/src/routes/adminEjsVirtual.routes.js +2 -1
package/src/routes/adminHeadless.routes.js +2 -1
package/src/routes/adminHealthChecks.routes.js +28 -0
package/src/routes/adminI18n.routes.js +4 -3
package/src/routes/adminLlm.routes.js +4 -2
package/src/routes/adminPages.routes.js +55 -0
package/src/routes/adminProxy.routes.js +15 -0
package/src/routes/adminRateLimits.routes.js +17 -0
package/src/routes/adminRbac.routes.js +38 -0
package/src/routes/adminSeoConfig.routes.js +5 -4
package/src/routes/adminUiComponents.routes.js +2 -1
package/src/routes/blogInternal.routes.js +14 -0
package/src/routes/blogPublic.routes.js +9 -0
package/src/routes/fileManager.routes.js +62 -0
package/src/routes/fileManagerStoragePolicy.routes.js +9 -0
package/src/routes/healthChecksPublic.routes.js +9 -0
package/src/routes/log.routes.js +43 -60
package/src/routes/metrics.routes.js +4 -2
package/src/routes/orgAdmin.routes.js +1 -0
package/src/routes/pages.routes.js +123 -0
package/src/routes/proxy.routes.js +46 -0
package/src/routes/rbac.routes.js +47 -0
package/src/routes/webhook.routes.js +2 -1
package/src/routes/workflows.routes.js +4 -0
package/src/services/blockDefinitionsAi.service.js +247 -0
package/src/services/blog.service.js +99 -0
package/src/services/blogAutomation.service.js +978 -0
package/src/services/blogCronsBootstrap.service.js +184 -0
package/src/services/blogPublishing.service.js +58 -0
package/src/services/cacheLayer.service.js +696 -0
package/src/services/consoleManager.service.js +700 -0
package/src/services/consoleOverride.service.js +6 -1
package/src/services/cronScheduler.service.js +350 -0
package/src/services/dbBrowser.service.js +536 -0
package/src/services/ejsVirtual.service.js +102 -32
package/src/services/fileManager.service.js +475 -0
package/src/services/fileManagerStoragePolicy.service.js +285 -0
package/src/services/healthChecks.service.js +650 -0
package/src/services/healthChecksBootstrap.service.js +109 -0
package/src/services/healthChecksScheduler.service.js +106 -0
package/src/services/llmDefaults.service.js +190 -0
package/src/services/migrationAssets/s3.js +2 -2
package/src/services/pages.service.js +602 -0
package/src/services/pagesContext.service.js +331 -0
package/src/services/pagesContextBlocksAi.service.js +349 -0
package/src/services/proxy.service.js +535 -0
package/src/services/rateLimiter.service.js +623 -0
package/src/services/rbac.service.js +212 -0
package/src/services/scriptsRunner.service.js +1 -1
package/src/services/uiComponentsAi.service.js +6 -19
package/src/services/workflow.service.js +23 -8
package/src/utils/orgRoles.js +14 -0
package/src/utils/rbac/engine.js +60 -0
package/src/utils/rbac/rightsRegistry.js +29 -0
package/views/admin-blog-automation.ejs +877 -0
package/views/admin-blog-edit.ejs +542 -0
package/views/admin-blog.ejs +399 -0
package/views/admin-cache.ejs +681 -0
package/views/admin-console-manager.ejs +680 -0
package/views/admin-crons.ejs +645 -0
package/views/admin-db-browser.ejs +445 -0
package/views/admin-ejs-virtual.ejs +16 -10
package/views/admin-file-manager.ejs +942 -0
package/views/admin-health-checks.ejs +725 -0
package/views/admin-i18n.ejs +59 -5
package/views/admin-llm.ejs +99 -1
package/views/admin-organizations.ejs +163 -1
package/views/admin-pages.ejs +2424 -0
package/views/admin-proxy.ejs +491 -0
package/views/admin-rate-limiter.ejs +625 -0
package/views/admin-rbac.ejs +1331 -0
package/views/admin-scripts.ejs +1 -1
package/views/admin-seo-config.ejs +61 -7
package/views/admin-ui-components.ejs +57 -25
package/views/admin-workflows.ejs +7 -7
package/views/file-manager.ejs +866 -0
package/views/pages/blocks/contact.ejs +27 -0
package/views/pages/blocks/cta.ejs +18 -0
package/views/pages/blocks/faq.ejs +20 -0
package/views/pages/blocks/features.ejs +19 -0
package/views/pages/blocks/hero.ejs +13 -0
package/views/pages/blocks/html.ejs +5 -0
package/views/pages/blocks/image.ejs +14 -0
package/views/pages/blocks/testimonials.ejs +26 -0
package/views/pages/blocks/text.ejs +10 -0
package/views/pages/layouts/default.ejs +51 -0
package/views/pages/layouts/minimal.ejs +42 -0
package/views/pages/layouts/sidebar.ejs +54 -0
package/views/pages/partials/footer.ejs +13 -0
package/views/pages/partials/header.ejs +12 -0
package/views/pages/partials/sidebar.ejs +8 -0
package/views/pages/runtime/page.ejs +10 -0
package/views/pages/templates/article.ejs +20 -0
package/views/pages/templates/default.ejs +12 -0
package/views/pages/templates/landing.ejs +14 -0
package/views/pages/templates/listing.ejs +15 -0
package/views/partials/admin-image-upload-modal.ejs +221 -0
package/views/partials/dashboard/nav-items.ejs +11 -0
package/views/partials/llm-provider-model-picker.ejs +183 -0
package/src/routes/llmUi.routes.js +0 -26

package/src/controllers/adminCrons.controller.js ADDED Viewed

@@ -0,0 +1,388 @@
+const CronJob = require('../models/CronJob');
+const CronExecution = require('../models/CronExecution');
+const parser = require('cron-parser');
+const { startRun } = require('../services/scriptsRunner.service');
+const cronScheduler = require('../services/cronScheduler.service');
+function toSafeJsonError(error) {
+  const msg = error?.message || 'Operation failed';
+  const code = error?.code;
+  if (code === 'VALIDATION') return { status: 400, body: { error: msg } };
+  if (code === 'NOT_FOUND') return { status: 404, body: { error: msg } };
+  if (code === 'CONFLICT') return { status: 409, body: { error: msg } };
+  return { status: 500, body: { error: msg } };
+}
+function normalizeEnv(env) {
+  const items = Array.isArray(env) ? env : [];
+  const out = [];
+  for (const it of items) {
+    if (!it || typeof it !== 'object') continue;
+    const key = String(it.key || '').trim();
+    if (!key) continue;
+    out.push({ key, value: String(it.value || '') });
+  }
+  return out;
+}
+function normalizeHeaders(headers) {
+  const items = Array.isArray(headers) ? headers : [];
+  const out = [];
+  for (const it of items) {
+    if (!it || typeof it !== 'object') continue;
+    const key = String(it.key || '').trim();
+    if (!key) continue;
+    out.push({ key, value: String(it.value || '') });
+  }
+  return out;
+}
+function calculateNextRun(cronExpression, timezone = 'UTC') {
+  try {
+    const interval = parser.parseExpression(cronExpression, {
+      tz: timezone,
+    });
+    return interval.next().toDate();
+  } catch (err) {
+    throw new Error(`Invalid cron expression: ${err.message}`);
+  }
+}
+exports.listCronJobs = async (req, res) => {
+  try {
+    const items = await CronJob.find()
+      .populate('scriptId', 'name type runner')
+      .sort({ updatedAt: -1 })
+      .lean();
+    res.json({ items });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};
+exports.getCronJob = async (req, res) => {
+  try {
+    const doc = await CronJob.findById(req.params.id)
+      .populate('scriptId', 'name type runner')
+      .lean();
+    if (!doc) return res.status(404).json({ error: 'Not found' });
+    res.json({ item: doc });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};
+exports.createCronJob = async (req, res) => {
+  try {
+    const payload = req.body || {};
+    // Validate cron expression
+    const nextRunAt = calculateNextRun(payload.cronExpression, payload.timezone);
+    // Validate task type requirements
+    if (payload.taskType === 'script' && (!payload.scriptId || payload.scriptId === "")) {
+      return res.status(400).json({ error: 'Script ID is required for script-type cron jobs' });
+    }
+    if (payload.taskType === 'http' && (!payload.httpUrl || payload.httpUrl.trim() === "")) {
+      return res.status(400).json({ error: 'URL is required for HTTP-type cron jobs' });
+    }
+    // Handle scriptId - convert empty string to null for script jobs
+    let scriptId = payload.scriptId;
+    if (scriptId === "" || scriptId === null || scriptId === undefined) {
+      scriptId = undefined;
+    }
+    const doc = await CronJob.create({
+      name: String(payload.name || '').trim(),
+      description: String(payload.description || ''),
+      cronExpression: String(payload.cronExpression || '').trim(),
+      timezone: String(payload.timezone || 'UTC'),
+      enabled: payload.enabled === undefined ? true : Boolean(payload.enabled),
+      nextRunAt,
+      taskType: String(payload.taskType || '').trim(),
+      scriptId,
+      scriptEnv: normalizeEnv(payload.scriptEnv),
+      httpMethod: String(payload.httpMethod || 'GET'),
+      httpUrl: payload.taskType === 'http' ? String(payload.httpUrl || '').trim() : undefined,
+      httpHeaders: normalizeHeaders(payload.httpHeaders),
+      httpBody: String(payload.httpBody || ''),
+      httpBodyType: String(payload.httpBodyType || 'raw'),
+      httpAuth: {
+        type: String(payload.httpAuth?.type || 'none'),
+        token: String(payload.httpAuth?.token || ''),
+        username: String(payload.httpAuth?.username || ''),
+        password: String(payload.httpAuth?.password || ''),
+      },
+      timeoutMs: payload.timeoutMs === undefined ? 300000 : Number(payload.timeoutMs),
+      createdBy: req.user?.username || 'admin',
+    });
+    // Schedule the job if enabled
+    if (doc.enabled) {
+      await cronScheduler.scheduleJob(doc);
+    }
+    res.status(201).json({ item: doc.toObject() });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};
+exports.updateCronJob = async (req, res) => {
+  try {
+    const payload = req.body || {};
+    const doc = await CronJob.findById(req.params.id);
+    if (!doc) return res.status(404).json({ error: 'Not found' });
+    const wasEnabled = doc.enabled;
+    let needsReschedule = false;
+    if (payload.name !== undefined) doc.name = String(payload.name || '').trim();
+    if (payload.description !== undefined) doc.description = String(payload.description || '');
+    if (payload.cronExpression !== undefined) {
+      doc.cronExpression = String(payload.cronExpression || '').trim();
+      needsReschedule = true;
+    }
+    if (payload.timezone !== undefined) {
+      doc.timezone = String(payload.timezone || 'UTC');
+      needsReschedule = true;
+    }
+    if (payload.enabled !== undefined) {
+      doc.enabled = Boolean(payload.enabled);
+      needsReschedule = true;
+    }
+    if (payload.taskType !== undefined) {
+      const newTaskType = String(payload.taskType || '').trim();
+      // Validate task type requirements
+      if (newTaskType === 'script' && (!payload.scriptId || payload.scriptId === "")) {
+        return res.status(400).json({ error: 'Script ID is required for script-type cron jobs' });
+      }
+      if (newTaskType === 'http' && (!payload.httpUrl || payload.httpUrl.trim() === "")) {
+        return res.status(400).json({ error: 'URL is required for HTTP-type cron jobs' });
+      }
+      doc.taskType = newTaskType;
+    }
+    if (payload.scriptId !== undefined) {
+      // Handle scriptId - convert empty string to null
+      let scriptId = payload.scriptId;
+      if (scriptId === "" || scriptId === null || scriptId === undefined) {
+        doc.scriptId = undefined;
+      } else {
+        doc.scriptId = scriptId;
+      }
+    }
+    if (payload.scriptEnv !== undefined) doc.scriptEnv = normalizeEnv(payload.scriptEnv);
+    if (payload.httpMethod !== undefined) doc.httpMethod = String(payload.httpMethod || 'GET');
+    if (payload.httpUrl !== undefined) doc.httpUrl = String(payload.httpUrl || '').trim();
+    if (payload.httpHeaders !== undefined) doc.httpHeaders = normalizeHeaders(payload.httpHeaders);
+    if (payload.httpBody !== undefined) doc.httpBody = String(payload.httpBody || '');
+    if (payload.httpBodyType !== undefined) doc.httpBodyType = String(payload.httpBodyType || 'raw');
+    if (payload.httpAuth !== undefined) {
+      doc.httpAuth = {
+        type: String(payload.httpAuth?.type || 'none'),
+        token: String(payload.httpAuth?.token || ''),
+        username: String(payload.httpAuth?.username || ''),
+        password: String(payload.httpAuth?.password || ''),
+      };
+    }
+    if (payload.timeoutMs !== undefined) doc.timeoutMs = Number(payload.timeoutMs || 0);
+    // Recalculate next run time if schedule changed
+    if (needsReschedule) {
+      if (doc.enabled) {
+        doc.nextRunAt = calculateNextRun(doc.cronExpression, doc.timezone);
+      } else {
+        doc.nextRunAt = null;
+      }
+    }
+    await doc.save();
+    // Update scheduler
+    if (needsReschedule) {
+      if (wasEnabled && !doc.enabled) {
+        await cronScheduler.unscheduleJob(doc._id);
+      } else if (!wasEnabled && doc.enabled) {
+        await cronScheduler.scheduleJob(doc);
+      } else if (wasEnabled && doc.enabled) {
+        await cronScheduler.unscheduleJob(doc._id);
+        await cronScheduler.scheduleJob(doc);
+      }
+    }
+    res.json({ item: doc.toObject() });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};
+exports.deleteCronJob = async (req, res) => {
+  try {
+    const doc = await CronJob.findById(req.params.id);
+    if (!doc) return res.status(404).json({ error: 'Not found' });
+    // Unschedule before deleting
+    if (doc.enabled) {
+      await cronScheduler.unscheduleJob(doc._id);
+    }
+    await CronJob.deleteOne({ _id: doc._id });
+    res.json({ deleted: true });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};
+exports.enableCronJob = async (req, res) => {
+  try {
+    const doc = await CronJob.findById(req.params.id);
+    if (!doc) return res.status(404).json({ error: 'Not found' });
+    if (!doc.enabled) {
+      doc.enabled = true;
+      doc.nextRunAt = calculateNextRun(doc.cronExpression, doc.timezone);
+      await doc.save();
+      await cronScheduler.scheduleJob(doc);
+    }
+    res.json({ item: doc.toObject() });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};
+exports.disableCronJob = async (req, res) => {
+  try {
+    const doc = await CronJob.findById(req.params.id);
+    if (!doc) return res.status(404).json({ error: 'Not found' });
+    if (doc.enabled) {
+      doc.enabled = false;
+      doc.nextRunAt = null;
+      await doc.save();
+      await cronScheduler.unscheduleJob(doc._id);
+    }
+    res.json({ item: doc.toObject() });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};
+exports.triggerCronJob = async (req, res) => {
+  try {
+    const doc = await CronJob.findById(req.params.id);
+    if (!doc) return res.status(404).json({ error: 'Not found' });
+    // Execute immediately
+    const execution = await cronScheduler.executeJob(doc);
+    res.json({ executionId: execution._id });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};
+exports.getExecutionHistory = async (req, res) => {
+  try {
+    const { page = 1, limit = 50 } = req.query;
+    const skip = (page - 1) * limit;
+    const items = await CronExecution.find({ cronJobId: req.params.id })
+      .sort({ startedAt: -1 })
+      .skip(skip)
+      .limit(parseInt(limit))
+      .lean();
+    const total = await CronExecution.countDocuments({ cronJobId: req.params.id });
+    res.json({
+      items,
+      pagination: {
+        page: parseInt(page),
+        limit: parseInt(limit),
+        total,
+        pages: Math.ceil(total / limit),
+      },
+    });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};
+exports.getExecution = async (req, res) => {
+  try {
+    const doc = await CronExecution.findById(req.params.eid)
+      .populate('cronJobId', 'name taskType')
+      .lean();
+    if (!doc) return res.status(404).json({ error: 'Not found' });
+    res.json({ item: doc });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};
+exports.getCronPresets = async (req, res) => {
+  try {
+    const presets = [
+      { label: 'Every minute', expression: '* * * * *' },
+      { label: 'Every 5 minutes', expression: '*/5 * * * *' },
+      { label: 'Every 15 minutes', expression: '*/15 * * * *' },
+      { label: 'Every 30 minutes', expression: '*/30 * * * *' },
+      { label: 'Every hour', expression: '0 * * * *' },
+      { label: 'Every 2 hours', expression: '0 */2 * * *' },
+      { label: 'Every 6 hours', expression: '0 */6 * * *' },
+      { label: 'Every day at midnight', expression: '0 0 * * *' },
+      { label: 'Every day at 9 AM', expression: '0 9 * * *' },
+      { label: 'Every Monday at 9 AM', expression: '0 9 * * 1' },
+      { label: 'First day of month', expression: '0 0 1 * *' },
+      { label: 'Weekdays only', expression: '0 9 * * 1-5' },
+    ];
+    res.json({ presets });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};
+exports.previewNextRuns = async (req, res) => {
+  try {
+    const { cronExpression, timezone = 'UTC', count = 5 } = req.body;
+    if (!cronExpression) {
+      return res.status(400).json({ error: 'cronExpression is required' });
+    }
+    const runs = [];
+    const interval = parser.parseExpression(cronExpression, {
+      tz: timezone,
+    });
+    for (let i = 0; i < parseInt(count); i++) {
+      try {
+        runs.push(interval.next().toDate());
+      } catch (err) {
+        break;
+      }
+    }
+    res.json({ runs });
+  } catch (err) {
+    const safe = toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};

package/src/controllers/adminDbBrowser.controller.js ADDED Viewed

@@ -0,0 +1,124 @@
+const dbBrowser = require('../services/dbBrowser.service');
+exports.listConnections = async (req, res) => {
+  try {
+    const items = await dbBrowser.listConnections();
+    res.json({ items });
+  } catch (err) {
+    const safe = dbBrowser.toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};
+exports.getConnection = async (req, res) => {
+  try {
+    const item = await dbBrowser.getConnection(req.params.id);
+    res.json({ item });
+  } catch (err) {
+    const safe = dbBrowser.toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};
+exports.createConnection = async (req, res) => {
+  try {
+    const item = await dbBrowser.createConnection(req.body || {});
+    res.status(201).json({ item });
+  } catch (err) {
+    if (err?.code === 11000) {
+      return res.status(400).json({ error: 'Connection name must be unique' });
+    }
+    const safe = dbBrowser.toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};
+exports.updateConnection = async (req, res) => {
+  try {
+    const item = await dbBrowser.updateConnection(req.params.id, req.body || {});
+    res.json({ item });
+  } catch (err) {
+    if (err?.code === 11000) {
+      return res.status(400).json({ error: 'Connection name must be unique' });
+    }
+    const safe = dbBrowser.toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};
+exports.deleteConnection = async (req, res) => {
+  try {
+    const out = await dbBrowser.deleteConnection(req.params.id);
+    res.json(out);
+  } catch (err) {
+    const safe = dbBrowser.toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};
+exports.testConnection = async (req, res) => {
+  try {
+    const out = await dbBrowser.testConnection(req.params.id);
+    res.json(out);
+  } catch (err) {
+    const safe = dbBrowser.toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};
+exports.listDatabases = async (req, res) => {
+  try {
+    const items = await dbBrowser.listDatabases(req.params.id);
+    res.json({ items });
+  } catch (err) {
+    const safe = dbBrowser.toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};
+exports.listNamespaces = async (req, res) => {
+  try {
+    const items = await dbBrowser.listNamespaces(req.params.id, req.params.database);
+    res.json({ items });
+  } catch (err) {
+    const safe = dbBrowser.toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};
+exports.getSchema = async (req, res) => {
+  try {
+    const schema = await dbBrowser.getSchema(req.params.id, req.params.database, req.params.namespace);
+    res.json({ schema });
+  } catch (err) {
+    const safe = dbBrowser.toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};
+exports.listRecords = async (req, res) => {
+  try {
+    const out = await dbBrowser.listRecords(req.params.id, req.params.database, req.params.namespace, {
+      page: req.query.page,
+      pageSize: req.query.pageSize,
+      filterField: req.query.filterField,
+      filterValue: req.query.filterValue,
+      sortField: req.query.sortField,
+      sortOrder: req.query.sortOrder,
+    });
+    res.json(out);
+  } catch (err) {
+    const safe = dbBrowser.toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};
+exports.getRecord = async (req, res) => {
+  try {
+    const item = await dbBrowser.getRecord(req.params.id, req.params.database, req.params.namespace, req.params.recordId);
+    res.json({ item });
+  } catch (err) {
+    const safe = dbBrowser.toSafeJsonError(err);
+    res.status(safe.status).json(safe.body);
+  }
+};

package/src/controllers/adminEjsVirtual.controller.js CHANGED Viewed

@@ -83,10 +83,21 @@ exports.getFile = async (req, res) => {
     const viewsRoot = normalizeViewsRoot(req);
     const relPath = ejsVirtualService.normalizeRelPath(String(req.query.path || '').trim());
-    const fsContent = await ejsVirtualService.readFsView(viewsRoot, relPath);
+    let fsContent = '';
+    try {
+      fsContent = await ejsVirtualService.readFsView(viewsRoot, relPath);
+    } catch (_) {
+      fsContent = '';
+    }
     const override = await VirtualEjsFile.findOne({ path: relPath }).lean();
-    const effective = await ejsVirtualService.resolveTemplateSource({ viewsRoot, relPath, allowDb: true });
+    let effective;
+    try {
+      effective = await ejsVirtualService.resolveTemplateSource({ viewsRoot, relPath, allowDb: true });
+    } catch (_) {
+      effective = { source: override ? 'db' : 'none', content: override?.content || '' };
+    }
     res.json({
       path: relPath,
@@ -97,7 +108,6 @@ exports.getFile = async (req, res) => {
   } catch (err) {
     const code = err.code;
     if (code === 'VALIDATION') return res.status(400).json({ error: err.message });
-    if (code === 'NOT_FOUND') return res.status(404).json({ error: err.message });
     console.error('[adminEjsVirtual] getFile error', err);
     res.status(500).json({ error: 'Failed to load file' });
   }

package/src/controllers/adminHeadless.controller.js CHANGED Viewed

@@ -15,6 +15,7 @@ const {
 const llmService = require('../services/llm.service');
 const { getSettingValue } = require('../services/globalSettings.service');
+const { resolveLlmProviderModel } = require('../services/llmDefaults.service');
 const { createAuditEvent, getBasicAuthActor } = require('../services/audit.service');
 const axios = require('axios');
 const { logAudit, scrubObject } = require('../services/auditLogger');
@@ -698,8 +699,14 @@ exports.aiModelBuilderChat = async (req, res) => {
       { role: 'user', content: message },
     ];
-    const providerKey = (await getSettingValue('headless.aiProviderKey')) || process.env.HEADLESS_AI_PROVIDER_KEY || 'openrouter';
-    const model = (await getSettingValue('headless.aiModel')) || process.env.HEADLESS_AI_MODEL || 'google/gemini-2.5-flash-lite';
+    const resolved = await resolveLlmProviderModel({
+      systemKey: 'headless.modelBuilder.chat',
+      providerKey: await getSettingValue('headless.aiProviderKey'),
+      model: await getSettingValue('headless.aiModel'),
+    });
+    const providerKey = resolved.providerKey;
+    const model = resolved.model;
     console.log('[headless aiModelBuilder] Resolved providerKey:', providerKey);
     console.log('[headless aiModelBuilder] Resolved model:', model);