@kyro-cms/admin 0.1.6 → 0.1.8

package/src/lib/graphql/schema.ts

@@ -0,0 +1,443 @@
+import { buildSchema, graphql } from "graphql";
+import { dataStore } from "../dataStore";
+import { collections, globals } from "../config";
+import type { CollectionConfig, GlobalConfig } from "@kyro-cms/core";
+import jwt from "jsonwebtoken";
+
+const JWT_SECRET = process.env.JWT_SECRET || "change-me-in-production";
+
+function generateSchemaTypes() {
+  const queryLines: string[] = [
+    `_schema: SchemaInfo!`,
+    `ping: String!`,
+    `collections: [CollectionInfo!]!`,
+    `globals: [GlobalInfo!]!`,
+  ];
+
+  for (const [slug, collection] of Object.entries(collections)) {
+    if (slug === "roles") continue;
+    const safeSlug = slug.replace(/[^a-zA-Z0-9_]/g, "_");
+    queryLines.push(`${safeSlug}(page: Int, limit: Int): CollectionResult!`);
+    queryLines.push(`${safeSlug}ById(id: ID!): JSON`);
+    queryLines.push(`${safeSlug}BySlug(slug: String!): JSON`);
+  }
+
+  for (const slug of Object.keys(globals)) {
+    const safeSlug = slug.replace(/[^a-zA-Z0-9_]/g, "_");
+    queryLines.push(`${safeSlug}: GlobalResult!`);
+  }
+
+  const mutationLines: string[] = [];
+  mutationLines.push(`login(email: String!, password: String!): AuthPayload!`);
+  mutationLines.push(
+    `register(email: String!, password: String!): AuthPayload!`,
+  );
+
+  for (const slug of Object.keys(collections)) {
+    if (slug === "roles" || slug === "users") continue;
+    const safeSlug = slug.replace(/[^a-zA-Z0-9_]/g, "_");
+    const name = capitalize(safeSlug);
+    mutationLines.push(`create${name}(input: JSON!): JSON!`);
+    mutationLines.push(`update${name}(id: ID!, input: JSON!): JSON!`);
+    mutationLines.push(`delete${name}(id: ID!): Boolean!`);
+  }
+
+  for (const slug of Object.keys(globals)) {
+    const safeSlug = slug.replace(/[^a-zA-Z0-9_]/g, "_");
+    const name = capitalize(safeSlug);
+    mutationLines.push(`update${name}(input: JSON!): GlobalResult!`);
+  }
+
+  return `
+    scalar JSON
+
+    type Query {
+      ${queryLines.join("\n      ")}
+    }
+
+    type Mutation {
+      ${mutationLines.join("\n      ")}
+    }
+
+    type Meta {
+      page: Int!
+      limit: Int!
+      totalDocs: Int!
+      totalPages: Int!
+    }
+
+    type CollectionResult {
+      docs: [JSON!]!
+      totalDocs: Int!
+      totalPages: Int!
+      page: Int!
+    }
+
+    type GlobalResult {
+      data: JSON
+      success: Boolean!
+    }
+
+    type AuthPayload {
+      token: String
+      user: JSON
+      error: String
+    }
+
+    type SchemaInfo {
+      types: [TypeInfo!]!
+    }
+
+    type TypeInfo {
+      name: String!
+      fields: [FieldInfo!]!
+    }
+
+    type FieldInfo {
+      name: String!
+      type: String!
+      required: Boolean!
+    }
+
+    type CollectionInfo {
+      slug: String!
+      name: String
+      fields: [String!]!
+    }
+
+    type GlobalInfo {
+      slug: String!
+      name: String
+    }
+  `;
+}
+
+const schemaString = generateSchemaTypes();
+const typeDefs = buildSchema(schemaString);
+
+function capitalize(str: string): string {
+  return str.charAt(0).toUpperCase() + str.slice(1);
+}
+
+interface Context {
+  user?: {
+    id: string;
+    email: string;
+    role: string;
+  };
+  apiKeyId?: string;
+  permissions?: string[];
+}
+
+const rootValue = {
+  _schema: () => {
+    const types = Object.entries(collections).map(([slug, collection]) => ({
+      name: capitalize(slug),
+      fields: collection.fields.map((f: any) => ({
+        name: f.name,
+        type: getGraphQLType(f.type),
+        required: f.required || false,
+      })),
+    }));
+    return { types };
+  },
+
+  ping: () => "pong",
+
+  collections: () => {
+    return Object.entries(collections).map(([slug, collection]) => ({
+      slug,
+      name: (collection as CollectionConfig).label || slug,
+      fields: (collection as CollectionConfig).fields.map((f: any) => f.name),
+    }));
+  },
+
+  globals: () => {
+    return Object.entries(globals).map(([slug, global]) => ({
+      slug,
+      name: (global as GlobalConfig).label || slug,
+    }));
+  },
+
+  ...generateQueryResolvers(),
+
+  ...generateMutationResolvers(),
+};
+
+function getGraphQLType(fieldType: string): string {
+  const typeMap: Record<string, string> = {
+    text: "String",
+    richtext: "String",
+    email: "String",
+    password: "String",
+    url: "String",
+    number: "Float",
+    integer: "Int",
+    boolean: "Boolean",
+    select: "String",
+    multiselect: "[String!]!",
+    date: "String",
+    datetime: "String",
+    media: "String",
+    reference: "String",
+    array: "[String!]!",
+    json: "JSON",
+    code: "String",
+    markdown: "String",
+    slug: "String",
+  };
+  return typeMap[fieldType] || "String";
+}
+
+function generateQueryResolvers() {
+  const resolvers: Record<string, any> = {};
+
+  for (const slug of Object.keys(collections)) {
+    const safeSlug = slug.replace(/[^a-zA-Z0-9_]/g, "_");
+    resolvers[safeSlug] = async ({
+      page,
+      limit,
+    }: {
+      page?: number;
+      limit?: number;
+    }) => {
+      return await dataStore.find(slug, {
+        page: page || 1,
+        limit: limit || 25,
+      });
+    };
+
+    resolvers[`${safeSlug}ById`] = async ({ id }: { id: string }) => {
+      return await dataStore.findById(slug, id);
+    };
+
+    resolvers[`${safeSlug}BySlug`] = async ({
+      slug: itemSlug,
+    }: {
+      slug: string;
+    }) => {
+      const docs = await dataStore.find(slug, { limit: 100 });
+      return docs.docs.find((d: any) => d.slug === itemSlug) || null;
+    };
+  }
+
+  for (const slug of Object.keys(globals)) {
+    const safeSlug = slug.replace(/[^a-zA-Z0-9_]/g, "_");
+    resolvers[safeSlug] = async () => {
+      return { data: await dataStore.findGlobal(slug), success: true };
+    };
+  }
+
+  return resolvers;
+}
+
+function generateMutationResolvers() {
+  return {
+    login: async ({ email, password }: { email: string; password: string }) => {
+      try {
+        const { SQLiteAuthAdapter } = await import("../auth/sqlite-adapter");
+        const adapter = new SQLiteAuthAdapter();
+
+        const user = await adapter.findUserByEmail(email);
+        if (!user) {
+          return { error: "Invalid credentials" };
+        }
+
+        const valid = await adapter.verifyPassword(
+          password,
+          user.passwordHash || "",
+        );
+        if (!valid) {
+          return { error: "Invalid credentials" };
+        }
+
+        const { passwordHash, ...safeUser } = user;
+        const token = jwt.sign(
+          {
+            sub: safeUser.id,
+            email: safeUser.email,
+            role: safeUser.role,
+            tenantId: safeUser.tenantId,
+          },
+          JWT_SECRET,
+          { expiresIn: "7d" },
+        );
+
+        return { token, user: safeUser };
+      } catch {
+        return { error: "Authentication failed" };
+      }
+    },
+
+    register: async ({
+      email,
+      password,
+    }: {
+      email: string;
+      password: string;
+    }) => {
+      try {
+        const { SQLiteAuthAdapter } = await import("../auth/sqlite-adapter");
+        const adapter = new SQLiteAuthAdapter();
+
+        const existing = await adapter.findUserByEmail(email);
+        if (existing) {
+          return { error: "Email already exists" };
+        }
+
+        const passwordHash = await adapter.hashPassword(password);
+        const user = await adapter.createUser({
+          email,
+          passwordHash,
+          role: "customer",
+        });
+
+        const { passwordHash: _, ...safeUser } = user;
+        const token = jwt.sign(
+          {
+            sub: safeUser.id,
+            email: safeUser.email,
+            role: safeUser.role,
+            tenantId: safeUser.tenantId,
+          },
+          JWT_SECRET,
+          { expiresIn: "7d" },
+        );
+
+        return { token, user: safeUser };
+      } catch {
+        return { error: "Registration failed" };
+      }
+    },
+  };
+}
+
+function generateCollectionMutations() {
+  const resolvers: Record<string, any> = {};
+
+  for (const slug of Object.keys(collections)) {
+    if (slug === "roles" || slug === "users") continue;
+    const safeSlug = slug.replace(/[^a-zA-Z0-9_]/g, "_");
+    const name = capitalize(safeSlug);
+
+    resolvers[`create${name}`] = async ({ input }: { input: any }) => {
+      return await dataStore.create(slug, input);
+    };
+
+    resolvers[`update${name}`] = async ({
+      id,
+      input,
+    }: {
+      id: string;
+      input: any;
+    }) => {
+      return await dataStore.update(slug, id, input);
+    };
+
+    resolvers[`delete${name}`] = async ({ id }: { id: string }) => {
+      return await dataStore.delete(slug, id);
+    };
+  }
+
+  for (const slug of Object.keys(globals)) {
+    const safeSlug = slug.replace(/[^a-zA-Z0-9_]/g, "_");
+    const name = capitalize(safeSlug);
+
+    resolvers[`update${name}`] = async ({ input }: { input: any }) => {
+      await dataStore.updateGlobal(slug, input);
+      return { data: await dataStore.findGlobal(slug), success: true };
+    };
+  }
+
+  return resolvers;
+}
+
+export async function executeGraphQL(
+  query: string,
+  variables?: Record<string, any>,
+  authToken?: string,
+  apiKey?: string,
+) {
+  let context: Context = {};
+
+  if (apiKey) {
+    try {
+      const result = await validateApiKeyFromDataStore(apiKey);
+      if (result.valid && result.user) {
+        context.user = {
+          id: result.userId as string,
+          email: result.user.email,
+          role: result.user.role,
+        };
+        context.apiKeyId = result.apiKeyId;
+        context.permissions = result.permissions;
+      }
+    } catch {
+      // Invalid API key, continue without auth
+    }
+  } else if (authToken) {
+    try {
+      const payload = jwt.verify(authToken, JWT_SECRET) as jwt.JwtPayload;
+      context.user = {
+        id: payload.sub as string,
+        email: (payload as any).email,
+        role: (payload as any).role,
+      };
+    } catch {
+      // Invalid token, continue without auth
+    }
+  }
+
+  const result = await graphql({
+    schema: typeDefs,
+    source: query,
+    rootValue,
+    contextValue: context,
+    variableValues: variables,
+  } as any);
+
+  return result;
+}
+
+async function validateApiKeyFromDataStore(apiKey: string) {
+  if (!apiKey.startsWith("kyro_")) {
+    return { valid: false };
+  }
+
+  const keyPrefix = apiKey.substring(0, 8);
+  const result = await dataStore.find("_api_keys", { limit: 100 });
+  const keys = (result.docs || []).filter(
+    (k: any) => k.keyPrefix === keyPrefix,
+  );
+
+  for (const record of keys) {
+    if (record.key === apiKey) {
+      if (record.expiresAt && new Date(record.expiresAt) < new Date()) {
+        return { valid: false, error: "API key expired" };
+      }
+
+      try {
+        await dataStore.update("_api_keys", record.id, {
+          lastUsedAt: new Date().toISOString(),
+        });
+      } catch {}
+
+      return {
+        valid: true,
+        userId: record.userId,
+        user: {
+          id: record.userId,
+          email: record.email,
+          role: record.role || "author",
+          tenantId: record.tenantId,
+        },
+        permissions: record.permissions || [],
+        apiKeyId: record.id,
+      };
+    }
+  }
+
+  return { valid: false };
+}
+
+export { schemaString };