@kyro-cms/admin 0.3.1 → 0.3.4

package/src/lib/storage.ts

@@ -1,374 +0,0 @@
-import path from "path";
-import { getDatabaseConfig } from "./db";
-
-/**
- * Extract the Public Dev URL ID from either a full URL or just the ID.
- * Handles formats like:
- * - https://bucket.pub-xxx.r2.dev -> pub-xxx
- * - pub-xxx -> pub-xxx
- * - empty/undefined -> ""
- */
-function extractPublicDevUrlId(url?: string): string {
-  if (!url) return "";
-  if (url.startsWith("pub-")) return url; // Already just the ID
-
-  // Extract from URL like https://bucket.pub-xxx.r2.dev
-  const match = url.match(/pub-[a-zA-Z0-9]+/i);
-  return match ? match[0] : "";
-}
-
-export type StorageProviderType =
-  | "local"
-  | "aws"
-  | "r2"
-  | "gcs"
-  | "digitalocean"
-  | "backblaze"
-  | "wasabi"
-  | "bunny"
-  | "cloudinary"
-  | "imgix"
-  | "ftp";
-
-export interface StorageConfig {
-  /** The storage provider type */
-  provider: StorageProviderType;
-  /** The base URL for accessing files */
-  baseUrl: string;
-  /** The filesystem directory (for local storage only) */
-  uploadDir?: string;
-  /** Provider-specific config */
-  config: {
-    bucket?: string;
-    region?: string;
-    accountId?: string;
-    accessKeyId?: string;
-    secretAccessKey?: string;
-    cdnUrl?: string;
-    prefix?: string;
-    publicDevUrl?: string;
-    cloudName?: string;
-    apiKey?: string;
-    apiSecret?: string;
-    folder?: string;
-    uploadPreset?: string;
-    domain?: string;
-    signKey?: string;
-    host?: string;
-    port?: number;
-    user?: string;
-    password?: string;
-    secure?: boolean;
-    storageZone?: string;
-    projectId?: string;
-    type?: string;
-  };
-}
-
-interface RawStorageSettings {
-  provider?: string;
-  local?: {
-    uploadDir?: string;
-    baseUrl?: string;
-  };
-  aws?: Record<string, any>;
-  r2?: Record<string, any>;
-  gcs?: Record<string, any>;
-  digitalocean?: Record<string, any>;
-  backblaze?: Record<string, any>;
-  wasabi?: Record<string, any>;
-  bunny?: Record<string, any>;
-  cloudinary?: Record<string, any>;
-  imgix?: Record<string, any>;
-  ftp?: Record<string, any>;
-  limits?: Record<string, any>;
-  [key: string]: any;
-}
-
-/**
- * Read the complete storage configuration from the globals table.
- */
-export async function getStorageConfig(): Promise<StorageConfig> {
-  const dbConfig = getDatabaseConfig();
-  let rawSettings: RawStorageSettings = { provider: "local" };
-
-  try {
-    if (dbConfig.type === "sqlite") {
-      const Database = (await import("better-sqlite3")).default;
-      const db = new Database(dbConfig.contentDbPath || "./data/content.db");
-
-      try {
-        const row = db
-          .prepare("SELECT data FROM globals WHERE slug = ?")
-          .get("storage-settings") as { data: string } | undefined;
-
-        if (row) {
-          rawSettings =
-            typeof row.data === "string" ? JSON.parse(row.data) : row.data;
-        }
-      } finally {
-        db.close();
-      }
-    }
-  } catch {
-    // Use defaults if anything fails
-  }
-
-  const provider = (rawSettings.provider || "local") as StorageProviderType;
-
-  // Build config based on provider type
-  const config: StorageConfig = {
-    provider,
-    baseUrl: "",
-    config: {},
-  };
-
-  switch (provider) {
-    case "local": {
-      const localConfig = rawSettings.local || {};
-      const uploadDirRaw = localConfig.uploadDir || "./public/uploads";
-      const baseUrlRaw = localConfig.baseUrl || "/uploads";
-
-      // Resolve uploadDir
-      let uploadDir: string;
-      if (path.isAbsolute(uploadDirRaw)) {
-        uploadDir = uploadDirRaw;
-      } else if (uploadDirRaw.includes("/") || uploadDirRaw.includes("\\")) {
-        uploadDir = path.resolve(process.cwd(), uploadDirRaw);
-      } else {
-        uploadDir = path.join(process.cwd(), "public", uploadDirRaw);
-      }
-      config.uploadDir = uploadDir;
-
-      // Resolve baseUrl
-      config.baseUrl = baseUrlRaw.startsWith("/")
-        ? baseUrlRaw
-        : `/${baseUrlRaw}`;
-      if (config.baseUrl.length > 1) {
-        config.baseUrl = config.baseUrl.replace(/\/+$/, "");
-      }
-      break;
-    }
-
-    case "aws": {
-      const awsConfig = rawSettings.aws || {};
-      config.baseUrl =
-        awsConfig.cdnUrl ||
-        `https://${awsConfig.bucket}.s3.${awsConfig.region || "us-east-1"}.amazonaws.com`;
-      config.config = {
-        bucket: awsConfig.bucket,
-        region: awsConfig.region || "us-east-1",
-        accessKeyId: awsConfig.accessKeyId,
-        secretAccessKey: awsConfig.secretAccessKey,
-        cdnUrl: awsConfig.cdnUrl,
-        prefix: awsConfig.prefix,
-      };
-      break;
-    }
-
-    case "r2": {
-      const r2Config = rawSettings.r2 || {};
-      // Priority: cdnUrl > publicDevUrl > accountId-based URL
-      let baseUrl: string;
-      if (r2Config.cdnUrl) {
-        baseUrl = r2Config.cdnUrl.replace(/\/$/, "");
-      } else if (r2Config.publicDevUrl) {
-        // Handle both full URL and just the ID
-        const pubId = extractPublicDevUrlId(r2Config.publicDevUrl);
-        baseUrl = pubId ? `https://${pubId}.r2.dev` : "";
-      } else if (r2Config.accountId) {
-        baseUrl = `https://${r2Config.bucket}.${r2Config.accountId}.r2.cloudflarestorage.com`;
-      } else {
-        baseUrl = "";
-      }
-      config.baseUrl = baseUrl;
-      config.config = {
-        bucket: r2Config.bucket,
-        accountId: r2Config.accountId,
-        publicDevUrl: extractPublicDevUrlId(r2Config.publicDevUrl),
-        accessKeyId: r2Config.accessKeyId,
-        secretAccessKey: r2Config.secretAccessKey,
-        cdnUrl: r2Config.cdnUrl,
-        prefix: r2Config.prefix,
-      };
-      break;
-    }
-
-    case "gcs": {
-      const gcsConfig = rawSettings.gcs || {};
-      config.baseUrl =
-        gcsConfig.cdnUrl ||
-        `https://storage.googleapis.com/${gcsConfig.bucket}`;
-      config.config = {
-        bucket: gcsConfig.bucket,
-        projectId: gcsConfig.projectId,
-        accessKeyId: gcsConfig.clientEmail,
-        secretAccessKey: gcsConfig.privateKey,
-        cdnUrl: gcsConfig.cdnUrl,
-        prefix: gcsConfig.prefix,
-      };
-      break;
-    }
-
-    case "digitalocean": {
-      const doConfig = rawSettings.digitalocean || {};
-      const region = doConfig.region || "nyc3";
-      config.baseUrl =
-        doConfig.cdnUrl ||
-        `https://${doConfig.bucket}.${region}.cdn.digitaloceanspaces.com`;
-      config.config = {
-        bucket: doConfig.bucket,
-        region,
-        accessKeyId: doConfig.accessKeyId,
-        secretAccessKey: doConfig.secretAccessKey,
-        cdnUrl: doConfig.cdnUrl,
-        prefix: doConfig.prefix,
-      };
-      break;
-    }
-
-    case "backblaze": {
-      const b2Config = rawSettings.backblaze || {};
-      config.baseUrl = b2Config.cdnUrl || `https://f000.backblazeb2.com`;
-      config.config = {
-        bucket: b2Config.bucket,
-        accountId: b2Config.accountId,
-        accessKeyId: b2Config.applicationKeyId,
-        secretAccessKey: b2Config.applicationKey,
-        cdnUrl: b2Config.cdnUrl,
-        prefix: b2Config.prefix,
-      };
-      break;
-    }
-
-    case "wasabi": {
-      const wasabiConfig = rawSettings.wasabi || {};
-      const region = wasabiConfig.region || "us-east-1";
-      config.baseUrl =
-        wasabiConfig.cdnUrl || `https://s3.${region}.wasabisys.com`;
-      config.config = {
-        bucket: wasabiConfig.bucket,
-        region,
-        accessKeyId: wasabiConfig.accessKeyId,
-        secretAccessKey: wasabiConfig.secretAccessKey,
-        cdnUrl: wasabiConfig.cdnUrl,
-        prefix: wasabiConfig.prefix,
-      };
-      break;
-    }
-
-    case "bunny": {
-      const bunnyConfig = rawSettings.bunny || {};
-      config.baseUrl =
-        bunnyConfig.cdnUrl || `https://${bunnyConfig.storageZone}.b-cdn.net`;
-      config.config = {
-        storageZone: bunnyConfig.storageZone,
-        apiKey: bunnyConfig.apiKey,
-        cdnUrl: bunnyConfig.cdnUrl,
-        prefix: bunnyConfig.prefix,
-      };
-      break;
-    }
-
-    case "cloudinary": {
-      const cloudinaryConfig = rawSettings.cloudinary || {};
-      config.baseUrl = `https://res.cloudinary.com/${cloudinaryConfig.cloudName}/image/upload`;
-      config.config = {
-        cloudName: cloudinaryConfig.cloudName,
-        apiKey: cloudinaryConfig.apiKey,
-        apiSecret: cloudinaryConfig.apiSecret,
-        folder: cloudinaryConfig.folder,
-        uploadPreset: cloudinaryConfig.uploadPreset,
-      };
-      break;
-    }
-
-    case "imgix": {
-      const imgixConfig = rawSettings.imgix || {};
-      config.baseUrl = `https://${imgixConfig.domain}`;
-      config.config = {
-        domain: imgixConfig.domain,
-        signKey: imgixConfig.signKey,
-      };
-      break;
-    }
-
-    case "ftp": {
-      const ftpConfig = rawSettings.ftp || {};
-      config.baseUrl = ftpConfig.baseUrl || "";
-      config.config = {
-        host: ftpConfig.host,
-        port: ftpConfig.port || 22,
-        user: ftpConfig.user,
-        password: ftpConfig.password,
-        secure: ftpConfig.secure,
-        prefix: ftpConfig.prefix,
-        type: "sftp",
-      };
-      break;
-    }
-
-    default:
-      // Fallback to local
-      config.provider = "local";
-      config.uploadDir = path.join(process.cwd(), "public", "uploads");
-      config.baseUrl = "/uploads";
-  }
-
-  return config;
-}
-
-/**
- * Construct a media URL from filename and optional folder using current storage settings.
- * For cloud providers, this includes the full base URL. For local, it uses relative path.
- */
-export async function constructMediaUrl(
-  filename: string,
-  folder?: string | null,
-): Promise<string> {
-  const config = await getStorageConfig();
-  return constructMediaUrlSync(config.baseUrl, filename, folder);
-}
-
-/**
- * Construct a media URL synchronously.
- */
-export function constructMediaUrlSync(
-  baseUrl: string,
-  filename: string,
-  folder?: string | null,
-): string {
-  // Cloudinary stores full URL in the database - just return it if baseUrl matches
-  // The filename for cloud storage already contains folder path
-  if (baseUrl.startsWith("http") && filename.startsWith("http")) {
-    // Already a full URL (e.g., from Cloudinary upload response)
-    return filename;
-  }
-
-  // Ensure baseUrl has trailing slash for proper URL construction
-  const normalizedBaseUrl = baseUrl.endsWith("/") ? baseUrl : baseUrl + "/";
-  const folderPrefix = folder ? `${folder}/` : "";
-
-  // For local/relative URLs
-  return `${normalizedBaseUrl}${folderPrefix}${filename}`;
-}
-
-/**
- * Get provider display name
- */
-export function getProviderDisplayName(provider: string): string {
-  const names: Record<string, string> = {
-    local: "Local Server",
-    aws: "AWS S3",
-    r2: "Cloudflare R2",
-    gcs: "Google Cloud Storage",
-    digitalocean: "DigitalOcean Spaces",
-    backblaze: "Backblaze B2",
-    wasabi: "Wasabi",
-    bunny: "Bunny.net",
-    cloudinary: "Cloudinary",
-    imgix: "Imgix",
-    ftp: "FTP",
-  };
-  return names[provider] || provider;
-}

package/src/lib/store.ts

@@ -1,85 +0,0 @@
-import { create } from 'zustand';
-
-interface EditorState {
-  editor: any;
-  setEditor: (editor: any) => void;
-  
-  blockDrawerOpen: boolean;
-  openBlockDrawer: (options?: { targetColumn?: number; targetNodePos?: number }) => void;
-  closeBlockDrawer: () => void;
-  toggleBlockDrawer: () => void;
-  
-  selectedBlock: string | null;
-  setSelectedBlock: (block: string | null) => void;
-  
-  pendingInsertPos: number | null;
-  pendingTargetColumn: number | null;
-  pendingTargetStack: number | null;
-  pendingTargetGroup: number | null;
-  pendingTargetCard: number | null;
-  pendingTargetRepeater: number | null;
-  setPendingInsert: (pos: number | null, column?: number | null) => void;
-  clearPendingTargets: () => void;
-}
-
-export const useEditorStore = create<EditorState>((set) => ({
-  editor: null,
-  setEditor: (editor) => set({ editor }),
-  
-  blockDrawerOpen: false,
-  openBlockDrawer: (options) => set({ 
-    blockDrawerOpen: true,
-    pendingTargetColumn: options?.targetColumn ?? null 
-  }),
-  closeBlockDrawer: () => set({ 
-    blockDrawerOpen: false,
-    pendingTargetColumn: null,
-    pendingInsertPos: null,
-    pendingTargetStack: null,
-    pendingTargetGroup: null,
-    pendingTargetCard: null,
-    pendingTargetRepeater: null,
-  }),
-  toggleBlockDrawer: () => set((state) => ({ blockDrawerOpen: !state.blockDrawerOpen })),
-  
-  selectedBlock: null,
-  setSelectedBlock: (block) => set({ selectedBlock: block }),
-  
-  pendingInsertPos: null,
-  pendingTargetColumn: null,
-  pendingTargetStack: null,
-  pendingTargetGroup: null,
-  pendingTargetCard: null,
-  pendingTargetRepeater: null,
-  setPendingInsert: (pos, column) => set({ 
-    pendingInsertPos: pos,
-    pendingTargetColumn: column ?? null 
-  }),
-  clearPendingTargets: () => set({
-    pendingTargetColumn: null,
-    pendingTargetStack: null,
-    pendingTargetGroup: null,
-    pendingTargetCard: null,
-    pendingTargetRepeater: null,
-  }),
-}));
-
-interface UIState {
-  sidebarOpen: boolean;
-  toggleSidebar: () => void;
-  setSidebarOpen: (open: boolean) => void;
-  
-  activeModal: string | null;
-  openModal: (modal: string) => void;
-  closeModal: () => void;
-}
-
-export const useUIStore = create<UIState>((set) => ({
-  sidebarOpen: true,
-  toggleSidebar: () => set((state) => ({ sidebarOpen: !state.sidebarOpen })),
-  setSidebarOpen: (open) => set({ sidebarOpen: open }),
-  
-  activeModal: null,
-  openModal: (modal) => set({ activeModal: modal }),
-  closeModal: () => set({ activeModal: null }),
-}));

package/src/middleware.ts

@@ -1,177 +0,0 @@
-import type { MiddlewareHandler } from "astro";
-import jwt from "jsonwebtoken";
-
-const JWT_SECRET = process.env.JWT_SECRET || "change-me-in-production";
-
-const PUBLIC_PATHS = [
-  "/api/auth/login",
-  "/api/auth/logout",
-  "/api/auth/register",
-  "/api/auth/me",
-  "/api/auth/users",
-  "/api/auth/refresh",
-  "/api/users",
-  "/api/health",
-  "/api/search",
-  "/api/upload",
-  "/api/media",
-  "/login",
-  "/register",
-  "/favicon.svg",
-];
-
-const PUBLIC_PREFIXES = [
-  "/api/collections/",
-  "/api/auth/",
-  "/api/globals/",
-  "/api/media/",
-];
-
-const isApiRequest = (pathname: string): boolean => {
-  return pathname.startsWith("/api/");
-};
-
-const redirectToLogin = (): Response => {
-  return new Response(null, {
-    status: 302,
-    headers: {
-      Location: "/login",
-    },
-  });
-};
-
-export const onRequest: MiddlewareHandler = async (
-  { request, url, locals },
-  next,
-) => {
-  const pathname = new URL(url).pathname;
-
-  // Helper to extract token from cookie or header
-  const getToken = (): string | null => {
-    // Check Authorization header first
-    const authHeader = request.headers.get("authorization");
-    if (authHeader?.startsWith("Bearer ")) {
-      return authHeader.slice(7);
-    }
-    // Check cookie
-    const cookies = request.headers.get("cookie") || "";
-    const match = cookies.match(/auth_token=([^;]+)/);
-    return match ? match[1] : null;
-  };
-
-  const token = getToken();
-
-  // Set user in locals if token is valid
-  if (token) {
-    try {
-      const payload = jwt.verify(token, JWT_SECRET) as jwt.JwtPayload;
-      locals.user = {
-        id: payload.sub || "",
-        email: (payload as any).email || "",
-        role: (payload as any).role || "guest",
-        tenantId: (payload as any).tenantId,
-      };
-    } catch {
-      // Token invalid, leave user undefined
-    }
-  }
-
-  // Handle root path - redirect to admin for authenticated users
-  if (pathname === "/") {
-    if (!token) {
-      return new Response(null, {
-        status: 302,
-        headers: {
-          Location: "/login",
-        },
-      });
-    }
-
-    // Token exists - redirect to admin dashboard
-    try {
-      jwt.verify(token, JWT_SECRET);
-      return new Response(null, {
-        status: 302,
-        headers: {
-          Location: "/admin",
-        },
-      });
-    } catch {
-      return new Response(null, {
-        status: 302,
-        headers: {
-          Location: "/login",
-        },
-      });
-    }
-  }
-
-  // Handle /admin path - main dashboard
-  if (pathname === "/admin") {
-    if (!token) {
-      return new Response(null, {
-        status: 302,
-        headers: {
-          Location: "/login",
-        },
-      });
-    }
-
-    try {
-      jwt.verify(token, JWT_SECRET);
-      return next();
-    } catch {
-      return new Response(null, {
-        status: 302,
-        headers: {
-          Location: "/login",
-        },
-      });
-    }
-  }
-
-  if (PUBLIC_PATHS.includes(pathname)) {
-    return next();
-  }
-
-  for (const prefix of PUBLIC_PREFIXES) {
-    if (pathname.startsWith(prefix)) {
-      return next();
-    }
-  }
-
-  if (!token) {
-    if (!isApiRequest(pathname)) {
-      return redirectToLogin();
-    }
-    return new Response(
-      JSON.stringify({ error: "Authentication required. Please log in." }),
-      {
-        status: 401,
-        headers: { "Content-Type": "application/json" },
-      },
-    );
-  }
-
-  try {
-    jwt.verify(token, JWT_SECRET);
-    return next();
-  } catch (err) {
-    const isExpired = err instanceof jwt.TokenExpiredError;
-    if (!isApiRequest(pathname)) {
-      return redirectToLogin();
-    }
-    return new Response(
-      JSON.stringify({
-        error: isExpired
-          ? "Token expired. Please refresh your session or log in again."
-          : "Invalid token. Please log in again.",
-        code: isExpired ? "TOKEN_EXPIRED" : "TOKEN_INVALID",
-      }),
-      {
-        status: 401,
-        headers: { "Content-Type": "application/json" },
-      },
-    );
-  }
-};