@morphika/webframe 0.1.0

package/app/api/admin/assets/scan/route.ts

@@ -0,0 +1,271 @@
+import { NextRequest, NextResponse } from "next/server";
+import { client } from "../../../../../lib/sanity/client";
+import { writeClient } from "../../../../../lib/sanity/writeClient";
+import { isAdminAuthenticated } from "../../../../../lib/auth";
+import { validateCsrf, csrfErrorResponse } from "../../../../../lib/csrf";
+import { isBodyTooLarge, MAX_JSON_BODY_SIZE } from "../../../../../lib/security";
+import { getStorageAdapter, getActiveProvider } from "../../../../../lib/storage";
+import { logger } from "../../../../../lib/logger";
+import type { ScannedFile } from "../../../../../lib/storage/types";
+import type { RegisteredAsset } from "../../../../../lib/sanity/types";
+
+/**
+ * POST /api/admin/assets/scan — Scan asset storage and update registry
+ *
+ * Provider-aware: reads the active storage provider from Sanity and delegates
+ * to the appropriate adapter for file listing.
+ *
+ * Modes:
+ * 1. Active provider (default): Uses the storage adapter to list files
+ * 2. Manual manifest: Accepts a JSON array of files in the request body
+ *
+ * Body (optional):
+ * { files?: ScannedFile[] } — For manual manifest import
+ */
+export async function POST(request: NextRequest) {
+  if (!(await isAdminAuthenticated())) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+  if (!validateCsrf(request)) {
+    return csrfErrorResponse();
+  }
+  if (isBodyTooLarge(request, MAX_JSON_BODY_SIZE)) {
+    return NextResponse.json({ error: "Request body too large" }, { status: 413 });
+  }
+
+  try {
+    // Ensure registry exists
+    await writeClient.createIfNotExists({
+      _id: "assetRegistry",
+      _type: "assetRegistry",
+      scan_status: "ready",
+      assets: [],
+      relink_log: [],
+    });
+
+    // Mark as scanning
+    await writeClient
+      .patch("assetRegistry")
+      .set({ scan_status: "scanning", scan_error: "" })
+      .commit();
+
+    let scannedFiles: ScannedFile[];
+
+    // Check if manual manifest was provided
+    const body = await request.json().catch(() => ({}));
+
+    if (body.files && Array.isArray(body.files)) {
+      // Manual manifest mode
+      scannedFiles = body.files;
+    } else {
+      // Provider-aware scanning — delegates to the active storage adapter
+      const activeProvider = await getActiveProvider();
+
+      try {
+        const adapter = await getStorageAdapter(activeProvider);
+        scannedFiles = await adapter.listFiles();
+      } catch (adapterErr) {
+        const errMsg = adapterErr instanceof Error ? adapterErr.message : "Storage provider error";
+        const contextualError = `[${activeProvider}] ${errMsg}`;
+        await writeClient
+          .patch("assetRegistry")
+          .set({
+            scan_status: "error",
+            scan_error: contextualError,
+          })
+          .commit();
+        return NextResponse.json(
+          { error: contextualError },
+          { status: 400 }
+        );
+      }
+    }
+
+    // ── Separate _thumbs/ files from real assets ──
+    // Thumbnails are internal files, not user assets. We extract them
+    // into a Set for quick lookup, then filter them out of the main list.
+    const thumbPaths = new Set<string>();
+    const realFiles: ScannedFile[] = [];
+
+    for (const file of scannedFiles) {
+      if (file.path.startsWith("_thumbs/")) {
+        // Store the original path this thumbnail corresponds to
+        // _thumbs/projects/hero.jpg → projects/hero (without ext, thumb is always .jpg)
+        const originalRelPath = file.path.replace(/^_thumbs\//, "");
+        // Store with the .jpg extension stripped so we can match against any source ext
+        const withoutExt = originalRelPath.replace(/\.[^.]+$/, "");
+        thumbPaths.add(withoutExt);
+      } else {
+        realFiles.push(file);
+      }
+    }
+
+    // Replace scannedFiles with filtered list (no _thumbs/ entries in registry)
+    scannedFiles = realFiles;
+
+    // Get existing assets from registry for merging
+    const existingRegistry = await client.fetch(
+      `*[_type == "assetRegistry"][0]{ assets }`
+    );
+    const existingAssets: RegisteredAsset[] = existingRegistry?.assets || [];
+
+    // Build maps for fast lookup
+    const existingByPath = new Map<string, RegisteredAsset>();
+    const existingByFilename = new Map<string, RegisteredAsset[]>();
+    for (const asset of existingAssets) {
+      existingByPath.set(asset.path, asset);
+      // Group by filename for auto-relink (moved files keep the same name)
+      const list = existingByFilename.get(asset.filename) || [];
+      list.push(asset);
+      existingByFilename.set(asset.filename, list);
+    }
+
+    const now = new Date().toISOString();
+    let newCount = 0;
+    let updatedCount = 0;
+    let relinkedCount = 0;
+    let thumbnailsFound = 0;
+    let thumbnailsMissing = 0;
+    const scannedPaths = new Set<string>();
+
+    // Raster image extensions that support thumbnails
+    const rasterExts = new Set(["jpg", "jpeg", "png", "webp", "gif"]);
+
+    /** Check if a file has a corresponding thumbnail in _thumbs/ */
+    function hasThumbnail(filePath: string, ext: string): boolean {
+      if (!rasterExts.has(ext.toLowerCase())) return false;
+      const withoutExt = filePath.replace(/\.[^.]+$/, "");
+      return thumbPaths.has(withoutExt);
+    }
+
+    // ── Build merged list: only assets found in scan exist in the result ──
+    const mergedAssets: RegisteredAsset[] = scannedFiles.map((file) => {
+      scannedPaths.add(file.path);
+      const existing = existingByPath.get(file.path);
+      const hasThumb = hasThumbnail(file.path, file.extension);
+
+      // Track thumbnail stats for raster images
+      if (rasterExts.has(file.extension.toLowerCase())) {
+        if (hasThumb) thumbnailsFound++;
+        else thumbnailsMissing++;
+      }
+
+      if (existing) {
+        // Same path — update metadata
+        updatedCount++;
+        return {
+          ...existing,
+          _key: existing._key,
+          filename: file.filename,
+          extension: file.extension,
+          file_size: file.file_size,
+          mime_type: file.mime_type,
+          file_hash: file.file_hash || existing.file_hash,
+          has_thumbnail: hasThumb,
+          status: "active" as const,
+          last_checked_at: now,
+        };
+      }
+
+      // ── Auto-relink: file is new at this path, but maybe it moved from another path ──
+      const candidates = existingByFilename.get(file.filename) || [];
+      const movedFrom = candidates.find((c) => c.path !== file.path && !scannedPaths.has(c.path));
+
+      if (movedFrom) {
+        // Relink: preserve _key, used_in, and track old path
+        relinkedCount++;
+        const previousPaths = [...(movedFrom.previous_paths || [])];
+        if (!previousPaths.includes(movedFrom.path)) {
+          previousPaths.push(movedFrom.path);
+        }
+        // Remove old entry from the path map so it won't match again
+        existingByPath.delete(movedFrom.path);
+        return {
+          ...movedFrom,
+          _key: movedFrom._key,
+          path: file.path,
+          filename: file.filename,
+          extension: file.extension,
+          file_size: file.file_size,
+          mime_type: file.mime_type,
+          file_hash: file.file_hash || movedFrom.file_hash,
+          has_thumbnail: hasThumb,
+          status: "active" as const,
+          last_checked_at: now,
+          previous_paths: previousPaths,
+        };
+      }
+
+      // Truly new file
+      newCount++;
+      return {
+        _key: crypto.randomUUID().replace(/-/g, "").slice(0, 12),
+        path: file.path,
+        filename: file.filename,
+        extension: file.extension,
+        file_size: file.file_size,
+        mime_type: file.mime_type,
+        file_hash: file.file_hash,
+        has_thumbnail: hasThumb,
+        status: "new" as const,
+        last_checked_at: now,
+        used_in: [],
+        previous_paths: [],
+      };
+    });
+
+    // ── Track missing assets (kept in registry for relink, hidden in browser) ──
+    let missingCount = 0;
+    for (const existing of existingAssets) {
+      if (!scannedPaths.has(existing.path) && existingByPath.has(existing.path)) {
+        // Not found in scan AND not already relinked to a new path
+        missingCount++;
+        mergedAssets.push({
+          ...existing,
+          status: "missing",
+          last_checked_at: now,
+        });
+      }
+    }
+
+    // Update the registry
+    await writeClient
+      .patch("assetRegistry")
+      .set({
+        assets: mergedAssets,
+        scan_status: "ready",
+        scan_error: "",
+        last_scanned_at: now,
+      })
+      .commit();
+
+    return NextResponse.json({
+      success: true,
+      scanned_count: scannedFiles.length,
+      new_assets: newCount,
+      updated_assets: updatedCount,
+      relinked_assets: relinkedCount,
+      missing_assets: missingCount,
+      total_assets: mergedAssets.filter((a) => a.status !== "missing").length,
+      thumbnails_found: thumbnailsFound,
+      thumbnails_missing: thumbnailsMissing,
+    });
+  } catch (err) {
+    logger.error("[Admin:Scan]", "Scan failed", err);
+
+    // Record error
+    await writeClient
+      .patch("assetRegistry")
+      .set({
+        scan_status: "error",
+        scan_error: err instanceof Error ? err.message : "Scan failed",
+      })
+      .commit()
+      .catch(() => {}); // Don't throw if patch fails
+
+    return NextResponse.json(
+      { error: "Scan failed" },
+      { status: 500 }
+    );
+  }
+}

package/app/api/admin/auth/route.ts

@@ -0,0 +1,160 @@
+import { NextRequest, NextResponse } from "next/server";
+import { generateAdminToken } from "../../../../lib/auth-token";
+import { generateCsrfToken, setCsrfCookie } from "../../../../lib/csrf";
+import { auditLog } from "../../../../lib/audit";
+
+// ─── In-memory rate limiter ───────────────────────────────────────────────
+// Tracks failed login attempts per IP. Resets after the window expires.
+// Note: For multi-instance deployments (e.g. Vercel), consider upgrading
+// to @upstash/ratelimit for distributed rate limiting.
+const RATE_LIMIT_MAX_ATTEMPTS = 5;
+const RATE_LIMIT_WINDOW_MS = 15 * 60 * 1000; // 15 minutes
+
+interface RateLimitEntry {
+  attempts: number;
+  firstAttempt: number;
+}
+
+const rateLimitMap = new Map<string, RateLimitEntry>();
+
+// Periodic cleanup to prevent memory leaks (every 5 minutes)
+let lastCleanup = Date.now();
+function cleanupRateLimitMap() {
+  const now = Date.now();
+  if (now - lastCleanup < 5 * 60 * 1000) return;
+  lastCleanup = now;
+  for (const [ip, entry] of rateLimitMap) {
+    if (now - entry.firstAttempt > RATE_LIMIT_WINDOW_MS) {
+      rateLimitMap.delete(ip);
+    }
+  }
+}
+
+function getClientIp(request: NextRequest): string {
+  return (
+    request.headers.get("x-forwarded-for")?.split(",")[0]?.trim() ||
+    request.headers.get("x-real-ip") ||
+    "unknown"
+  );
+}
+
+function isRateLimited(ip: string): { limited: boolean; retryAfterSeconds: number } {
+  cleanupRateLimitMap();
+  const entry = rateLimitMap.get(ip);
+  if (!entry) return { limited: false, retryAfterSeconds: 0 };
+
+  // Reset window if expired
+  if (Date.now() - entry.firstAttempt > RATE_LIMIT_WINDOW_MS) {
+    rateLimitMap.delete(ip);
+    return { limited: false, retryAfterSeconds: 0 };
+  }
+
+  if (entry.attempts >= RATE_LIMIT_MAX_ATTEMPTS) {
+    const retryAfter = Math.ceil(
+      (RATE_LIMIT_WINDOW_MS - (Date.now() - entry.firstAttempt)) / 1000
+    );
+    return { limited: true, retryAfterSeconds: Math.max(retryAfter, 1) };
+  }
+
+  return { limited: false, retryAfterSeconds: 0 };
+}
+
+function recordFailedAttempt(ip: string): void {
+  const entry = rateLimitMap.get(ip);
+  if (!entry || Date.now() - entry.firstAttempt > RATE_LIMIT_WINDOW_MS) {
+    rateLimitMap.set(ip, { attempts: 1, firstAttempt: Date.now() });
+  } else {
+    entry.attempts++;
+  }
+}
+
+function clearFailedAttempts(ip: string): void {
+  rateLimitMap.delete(ip);
+}
+
+// ─── Route handlers ───────────────────────────────────────────────────────
+
+export async function POST(request: NextRequest) {
+  const ip = getClientIp(request);
+
+  // Check rate limit before processing
+  const { limited, retryAfterSeconds } = isRateLimited(ip);
+  if (limited) {
+    return NextResponse.json(
+      { error: "Too many login attempts. Please try again later." },
+      {
+        status: 429,
+        headers: { "Retry-After": retryAfterSeconds.toString() },
+      }
+    );
+  }
+
+  try {
+    const { password } = await request.json();
+
+    if (!process.env.ADMIN_PASSWORD) {
+      return NextResponse.json(
+        { error: "Server configuration error" },
+        { status: 500 }
+      );
+    }
+
+    // Validate password input
+    if (typeof password !== "string" || password.length < 12) {
+      recordFailedAttempt(ip);
+      auditLog("auth.failed", { ip, reason: "password_too_short" });
+      return NextResponse.json(
+        { error: "Invalid password" },
+        { status: 401 }
+      );
+    }
+
+    if (password !== process.env.ADMIN_PASSWORD) {
+      recordFailedAttempt(ip);
+      auditLog("auth.failed", { ip });
+      return NextResponse.json(
+        { error: "Invalid password" },
+        { status: 401 }
+      );
+    }
+
+    // Success — clear rate limit history for this IP
+    clearFailedAttempts(ip);
+    auditLog("auth.login", { ip });
+
+    const token = await generateAdminToken(password);
+    const response = NextResponse.json({ success: true });
+
+    response.cookies.set("admin_token", token, {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === "production",
+      sameSite: "strict",
+      path: "/",
+      maxAge: 60 * 60 * 24, // 24 hours (matches token expiration)
+    });
+
+    // Set CSRF token cookie for double-submit pattern
+    setCsrfCookie(response, generateCsrfToken());
+
+    return response;
+  } catch {
+    return NextResponse.json(
+      { error: "Invalid request" },
+      { status: 400 }
+    );
+  }
+}
+
+export async function DELETE() {
+  const response = NextResponse.json({ success: true });
+
+  response.cookies.set("admin_token", "", {
+    httpOnly: true,
+    secure: process.env.NODE_ENV === "production",
+    sameSite: "lax",
+    path: "/",
+    maxAge: 0,
+  });
+
+  return response;
+}

package/app/api/admin/custom-sections/[slug]/route.ts

@@ -0,0 +1,159 @@
+import { NextRequest, NextResponse } from "next/server";
+import { revalidatePath } from "next/cache";
+import { client } from "../../../../../lib/sanity/client";
+import { writeClient } from "../../../../../lib/sanity/writeClient";
+import { customSectionBySlugQuery, pagesUsingCustomSectionQuery } from "../../../../../lib/sanity/queries";
+import { isAdminAuthenticated } from "../../../../../lib/auth";
+import { validateCsrf, csrfErrorResponse } from "../../../../../lib/csrf";
+import { isBodyTooLarge, MAX_PAGE_BODY_SIZE } from "../../../../../lib/security";
+import { auditLog } from "../../../../../lib/audit";
+import { logger } from "../../../../../lib/logger";
+
+type RouteContext = { params: Promise<{ slug: string }> };
+
+/**
+ * GET /api/admin/custom-sections/[slug] — Get full custom section data
+ */
+export async function GET(_request: NextRequest, context: RouteContext) {
+  if (!(await isAdminAuthenticated())) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+
+  try {
+    const { slug } = await context.params;
+    const section = await client.fetch(customSectionBySlugQuery, { slug });
+    if (!section) {
+      return NextResponse.json({ error: "Custom section not found" }, { status: 404 });
+    }
+    return NextResponse.json({ section });
+  } catch (err) {
+    logger.error("[Admin:CustomSections]", "Failed to fetch custom section", err);
+    return NextResponse.json(
+      { error: "Failed to fetch custom section" },
+      { status: 500 }
+    );
+  }
+}
+
+/**
+ * PATCH /api/admin/custom-sections/[slug] — Update custom section
+ * Body: { title?, description?, section?, thumbnail_path? }
+ */
+export async function PATCH(request: NextRequest, context: RouteContext) {
+  if (!(await isAdminAuthenticated())) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+  if (!validateCsrf(request)) {
+    return csrfErrorResponse();
+  }
+  if (isBodyTooLarge(request, MAX_PAGE_BODY_SIZE)) {
+    return NextResponse.json({ error: "Request body too large" }, { status: 413 });
+  }
+
+  try {
+    const { slug } = await context.params;
+
+    // Find the document
+    const existing = await client.fetch(
+      `*[_type == "customSection" && slug.current == $slug][0] { _id }`,
+      { slug }
+    );
+    if (!existing) {
+      return NextResponse.json({ error: "Custom section not found" }, { status: 404 });
+    }
+
+    const body = await request.json();
+    const { title, description, section, thumbnail_path } = body;
+
+    // Build patch
+    const patch: Record<string, unknown> = {
+      updated_at: new Date().toISOString(),
+    };
+    if (title !== undefined) patch.title = title;
+    if (description !== undefined) patch.description = description;
+    if (section !== undefined) patch.section = section;
+    if (thumbnail_path !== undefined) patch.thumbnail_path = thumbnail_path;
+
+    await writeClient.patch(existing._id).set(patch).commit();
+
+    auditLog("customSection.update", { slug, fields: Object.keys(patch) });
+
+    // Revalidate pages using this custom section
+    try {
+      // Purge the CDN-cached public endpoint so instances render fresh data (M3 fix)
+      revalidatePath(`/api/custom-sections/${existing._id}`);
+
+      const referencingPages = await client.fetch(pagesUsingCustomSectionQuery, { id: existing._id });
+      if (Array.isArray(referencingPages)) {
+        for (const page of referencingPages) {
+          const pageSlug = page.slug?.current;
+          if (pageSlug) {
+            revalidatePath(`/${pageSlug}`);
+            revalidatePath(`/work/${pageSlug}`);
+          }
+        }
+      }
+    } catch (revalErr) {
+      logger.error("[Admin:CustomSections]", "Revalidation failed (non-fatal)", revalErr);
+    }
+
+    return NextResponse.json({ success: true });
+  } catch (err) {
+    logger.error("[Admin:CustomSections]", "Failed to update custom section", err);
+    return NextResponse.json(
+      { error: "Failed to update custom section" },
+      { status: 500 }
+    );
+  }
+}
+
+/**
+ * DELETE /api/admin/custom-sections/[slug] — Delete custom section
+ * Safety checks: cannot delete footer, cannot delete if referenced by pages
+ */
+export async function DELETE(request: NextRequest, context: RouteContext) {
+  if (!(await isAdminAuthenticated())) {
+    return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+  }
+  if (!validateCsrf(request)) {
+    return csrfErrorResponse();
+  }
+
+  try {
+    const { slug } = await context.params;
+
+    // Find the document
+    const existing = await client.fetch(
+      `*[_type == "customSection" && slug.current == $slug][0] { _id, title }`,
+      { slug }
+    );
+    if (!existing) {
+      return NextResponse.json({ error: "Custom section not found" }, { status: 404 });
+    }
+
+    // Check for referencing pages
+    const referencingPages = await client.fetch(pagesUsingCustomSectionQuery, { id: existing._id });
+    if (Array.isArray(referencingPages) && referencingPages.length > 0) {
+      const pageSlugs = referencingPages.map((p: { slug?: { current?: string } }) => p.slug?.current).filter(Boolean);
+      return NextResponse.json(
+        {
+          error: `Section is used by ${referencingPages.length} page(s). Remove or embed instances first.`,
+          pages: pageSlugs,
+        },
+        { status: 409 }
+      );
+    }
+
+    await writeClient.delete(existing._id);
+
+    auditLog("customSection.delete", { slug, title: existing.title });
+
+    return NextResponse.json({ success: true });
+  } catch (err) {
+    logger.error("[Admin:CustomSections]", "Failed to delete custom section", err);
+    return NextResponse.json(
+      { error: "Failed to delete custom section" },
+      { status: 500 }
+    );
+  }
+}