npm - @nextsparkjs/core - Versions diffs - 0.1.0-beta.81 → 0.1.0-beta.83 - Mend

@nextsparkjs/core 0.1.0-beta.81 → 0.1.0-beta.83

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (376) hide show

package/templates/app/api/superadmin/users/route.ts DELETED Viewed

@@ -1,323 +0,0 @@
-import { NextRequest, NextResponse } from 'next/server';
-import { auth } from '@nextsparkjs/core/lib/auth';
-import { queryWithRLS } from '@nextsparkjs/core/lib/db';
-import type { User } from '@nextsparkjs/core/types/user.types';
-/**
- * GET /api/superadmin/users
- *
- * Retrieves users with pagination, search, and filters.
- * Only accessible by superadmin or developer users.
- *
- * Query params:
- * - search: Filter by name or email
- * - role: Filter by role (member, superadmin, etc.)
- * - status: Filter by email verification status (verified, unverified)
- * - tab: Which tab to paginate (users, superadmins, all)
- * - page: Page number (default: 1)
- * - limit: Items per page (default: 20)
- *
- * Returns:
- * - regularUsers: Array of users excluding superadmins
- * - superadmins: Array of superadmin users
- * - counts: Object with user counts
- * - pagination: Pagination info for the active tab
- */
-export async function GET(request: NextRequest) {
-  try {
-    // Get the current session using Better Auth
-    const session = await auth.api.getSession({
-      headers: request.headers
-    });
-    // Check if user is authenticated
-    if (!session?.user) {
-      return NextResponse.json(
-        { error: 'Unauthorized - No session found' },
-        { status: 401 }
-      );
-    }
-    // Check if user is superadmin or developer
-    if (session.user.role !== 'superadmin' && session.user.role !== 'developer') {
-      return NextResponse.json(
-        { error: 'Forbidden - Superadmin or developer access required' },
-        { status: 403 }
-      );
-    }
-    // Parse query params
-    const searchParams = request.nextUrl.searchParams;
-    const search = searchParams.get('search') || '';
-    const roleFilter = searchParams.get('role') || '';
-    const statusFilter = searchParams.get('status') || '';
-    const tab = searchParams.get('tab') || 'users'; // users, superadmins, all
-    const page = Math.max(1, parseInt(searchParams.get('page') || '1'));
-    const limit = Math.min(100, Math.max(1, parseInt(searchParams.get('limit') || '20')));
-    const offset = (page - 1) * limit;
-    // Build WHERE conditions
-    const buildWhereClause = (isSuperadmin: boolean) => {
-      const conditions: string[] = [];
-      const params: (string | boolean)[] = [];
-      let paramIndex = 1;
-      // Role filter for regular users vs superadmins
-      if (isSuperadmin) {
-        conditions.push(`role = $${paramIndex}`);
-        params.push('superadmin');
-        paramIndex++;
-      } else {
-        conditions.push(`role != $${paramIndex}`);
-        params.push('superadmin');
-        paramIndex++;
-        // Additional role filter for regular users
-        if (roleFilter && roleFilter !== 'superadmin') {
-          conditions.push(`role = $${paramIndex}`);
-          params.push(roleFilter);
-          paramIndex++;
-        }
-      }
-      // Search filter
-      if (search) {
-        conditions.push(`(
-          "firstName" ILIKE $${paramIndex} OR
-          "lastName" ILIKE $${paramIndex} OR
-          email ILIKE $${paramIndex} OR
-          CONCAT("firstName", ' ', "lastName") ILIKE $${paramIndex}
-        )`);
-        params.push(`%${search}%`);
-        paramIndex++;
-      }
-      // Status filter
-      if (statusFilter === 'verified') {
-        conditions.push(`"emailVerified" = $${paramIndex}`);
-        params.push(true);
-        paramIndex++;
-      } else if (statusFilter === 'unverified') {
-        conditions.push(`("emailVerified" = $${paramIndex} OR "emailVerified" IS NULL)`);
-        params.push(false);
-        paramIndex++;
-      }
-      return {
-        whereClause: conditions.length > 0 ? `WHERE ${conditions.join(' AND ')}` : '',
-        params
-      };
-    };
-    // Build queries for regular users
-    const regularWhere = buildWhereClause(false);
-    const regularUsersQuery = `
-      SELECT
-        id,
-        "firstName",
-        "lastName",
-        email,
-        role,
-        "emailVerified",
-        "createdAt",
-        "updatedAt"
-      FROM "users"
-      ${regularWhere.whereClause}
-      ORDER BY "createdAt" DESC
-      ${tab === 'users' ? `LIMIT ${limit} OFFSET ${offset}` : ''}
-    `;
-    const regularCountQuery = `
-      SELECT COUNT(*)::int as total
-      FROM "users"
-      ${regularWhere.whereClause}
-    `;
-    // Build queries for superadmins
-    const superadminWhere = buildWhereClause(true);
-    const superadminsQuery = `
-      SELECT
-        id,
-        "firstName",
-        "lastName",
-        email,
-        role,
-        "emailVerified",
-        "createdAt",
-        "updatedAt"
-      FROM "users"
-      ${superadminWhere.whereClause}
-      ORDER BY "createdAt" DESC
-      ${tab === 'superadmins' ? `LIMIT ${limit} OFFSET ${offset}` : ''}
-    `;
-    const superadminCountQuery = `
-      SELECT COUNT(*)::int as total
-      FROM "users"
-      ${superadminWhere.whereClause}
-    `;
-    // Query for status distribution (all users)
-    const statusDistributionQuery = `
-      SELECT
-        CASE WHEN "emailVerified" = true THEN 'verified' ELSE 'unverified' END as status,
-        COUNT(*)::int as count
-      FROM "users"
-      GROUP BY "emailVerified"
-    `;
-    // Query for team role distribution
-    const teamRoleDistributionQuery = `
-      SELECT
-        role,
-        COUNT(*)::int as count
-      FROM "team_members"
-      GROUP BY role
-    `;
-    // Query for teams count
-    const teamsCountQuery = `
-      SELECT COUNT(*)::int as total
-      FROM "teams"
-    `;
-    // Execute all queries in parallel
-    const [
-      regularUsers,
-      regularCount,
-      superadmins,
-      superadminCount,
-      statusDistribution,
-      teamRoleDistribution,
-      teamsCount
-    ] = await Promise.all([
-      queryWithRLS(regularUsersQuery, regularWhere.params, session.user.id) as Promise<User[]>,
-      queryWithRLS(regularCountQuery, regularWhere.params, session.user.id) as Promise<{ total: number }[]>,
-      queryWithRLS(superadminsQuery, superadminWhere.params, session.user.id) as Promise<User[]>,
-      queryWithRLS(superadminCountQuery, superadminWhere.params, session.user.id) as Promise<{ total: number }[]>,
-      queryWithRLS(statusDistributionQuery, [], session.user.id) as Promise<{ status: string; count: number }[]>,
-      queryWithRLS(teamRoleDistributionQuery, [], session.user.id) as Promise<{ role: string; count: number }[]>,
-      queryWithRLS(teamsCountQuery, [], session.user.id) as Promise<{ total: number }[]>
-    ]);
-    const regularTotal = regularCount[0]?.total || 0;
-    const superadminTotal = superadminCount[0]?.total || 0;
-    // Calculate counts by role
-    const roleCounts = regularUsers.reduce((acc: Record<string, number>, user: User) => {
-      acc[user.role] = (acc[user.role] || 0) + 1;
-      return acc;
-    }, {});
-    // Build status distribution object
-    const statusDist: Record<string, number> = { verified: 0, unverified: 0 };
-    statusDistribution.forEach(({ status, count }) => {
-      statusDist[status] = count;
-    });
-    // Build team role distribution object
-    const teamRoleDist: Record<string, number> = { owner: 0, admin: 0, member: 0, viewer: 0 };
-    teamRoleDistribution.forEach(({ role, count }) => {
-      teamRoleDist[role] = count;
-    });
-    // Determine pagination based on active tab
-    let paginationTotal = 0;
-    if (tab === 'users') {
-      paginationTotal = regularTotal;
-    } else if (tab === 'superadmins') {
-      paginationTotal = superadminTotal;
-    } else {
-      paginationTotal = regularTotal + superadminTotal;
-    }
-    const totalPages = Math.ceil(paginationTotal / limit);
-    // Format user data
-    const formatUser = (user: User) => ({
-      id: user.id,
-      firstName: user.firstName || '',
-      lastName: user.lastName || '',
-      email: user.email,
-      role: user.role,
-      emailVerified: user.emailVerified,
-      createdAt: user.createdAt,
-      updatedAt: user.updatedAt,
-      fullName: [user.firstName, user.lastName].filter(Boolean).join(' ') || user.email
-    });
-    // Prepare response data
-    const responseData = {
-      regularUsers: regularUsers.map(formatUser),
-      superadmins: superadmins.map(formatUser),
-      counts: {
-        total: regularTotal + superadminTotal,
-        regularUsers: regularTotal,
-        superadmins: superadminTotal,
-        teams: teamsCount[0]?.total || 0,
-        byRole: {
-          ...roleCounts,
-          superadmin: superadminTotal
-        },
-        statusDistribution: statusDist,
-        teamRoleDistribution: teamRoleDist
-      },
-      pagination: {
-        page,
-        limit,
-        total: paginationTotal,
-        totalPages,
-        hasMore: page < totalPages
-      },
-      filters: {
-        search,
-        role: roleFilter,
-        status: statusFilter,
-        tab
-      },
-      metadata: {
-        requestedBy: session.user.id,
-        requestedAt: new Date().toISOString(),
-        source: 'superadmin-api'
-      }
-    };
-    return NextResponse.json(responseData);
-  } catch (error) {
-    console.error('Error fetching users data:', error);
-    return NextResponse.json(
-      {
-        error: 'Internal server error',
-        message: 'Failed to retrieve users data'
-      },
-      { status: 500 }
-    );
-  }
-}
-/**
- * POST /api/superadmin/users
- *
- * Future endpoint for user management actions (create, update roles, etc.)
- * Currently returns not implemented.
- */
-export async function POST() {
-  return NextResponse.json(
-    { error: 'Not implemented yet' },
-    { status: 501 }
-  );
-}
-/**
- * PUT /api/superadmin/users
- *
- * Future endpoint for bulk user operations
- * Currently returns not implemented.
- */
-export async function PUT() {
-  return NextResponse.json(
-    { error: 'Not implemented yet' },
-    { status: 501 }
-  );
-}

package/templates/app/api/user/delete-account/route.ts DELETED Viewed

@@ -1,55 +0,0 @@
-import { NextRequest, NextResponse } from "next/server";
-import { auth } from "@nextsparkjs/core/lib/auth";
-import { mutateWithRLS } from "@nextsparkjs/core/lib/db";
-export async function DELETE(req: NextRequest) {
-  try {
-    // Get session from Better Auth
-    const session = await auth.api.getSession({
-      headers: req.headers,
-    });
-    if (!session?.user) {
-      return NextResponse.json({ error: "Unauthorized" }, { status: 401 });
-    }
-    const userId = session.user.id;
-    try {
-      // Sign out the user first (while the user still exists)
-      try {
-        await auth.api.signOut({
-          headers: req.headers,
-        });
-      } catch (signOutError) {
-        console.warn("Sign out failed (user may already be signed out):", signOutError);
-      }
-      // Delete user account and all associated data
-      // RLS policies will ensure only the user's own data is deleted
-      await mutateWithRLS(
-        'DELETE FROM "users" WHERE id = $1',
-        [userId],
-        userId
-      );
-      return NextResponse.json({
-        message: "Account deleted successfully"
-      });
-    } catch (dbError) {
-      console.error("Failed to delete user account:", dbError);
-      return NextResponse.json(
-        { error: "Failed to delete account" },
-        { status: 500 }
-      );
-    }
-  } catch (error) {
-    console.error("Delete account error:", error);
-    return NextResponse.json(
-      { error: "Internal server error" },
-      { status: 500 }
-    );
-  }
-}

package/templates/app/api/user/plan-flags/route.ts DELETED Viewed

@@ -1,283 +0,0 @@
-/**
- * User Plan & Flags API Route
- *
- * Handles fetching and updating user plan and flags data
- * for the entity system permission integration.
- */
-import { NextRequest, NextResponse } from 'next/server'
-import { auth } from '@nextsparkjs/core/lib/auth'
-import { getUserPlanAndFlags, updateUserPlan, updateUserFlags } from '@nextsparkjs/core/lib/user-data'
-import { z } from 'zod'
-import type { UserRole } from '@nextsparkjs/core/types/user.types'
-// Validation schemas
-const planFlagsQuerySchema = z.object({
-  userId: z.string().optional()
-})
-const planFlagsUpdateSchema = z.object({
-  userId: z.string(),
-  plan: z.enum(['free', 'starter', 'premium']).optional(),
-  flags: z.array(z.enum(['beta_tester', 'early_adopter', 'limited_access', 'vip', 'restricted', 'experimental'])).optional()
-})
-/**
- * GET /api/user/plan-flags
- * Fetch user plan and flags data
- */
-export async function GET(request: NextRequest) {
-  try {
-    // Get session
-    const session = await auth.api.getSession({
-      headers: request.headers,
-    })
-    if (!session) {
-      return NextResponse.json(
-        { error: 'Authentication required' },
-        { status: 401 }
-      )
-    }
-    const { searchParams } = new URL(request.url)
-    const validation = planFlagsQuerySchema.safeParse({
-      userId: searchParams.get('userId')
-    })
-    if (!validation.success) {
-      return NextResponse.json(
-        {
-          error: 'Invalid parameters',
-          details: validation.error.flatten().fieldErrors
-        },
-        { status: 400 }
-      )
-    }
-    const { userId } = validation.data
-    const targetUserId = userId || session.user.id
-    // Security check: users can only access their own data unless admin
-    const userRole = session.user.role as UserRole
-    if (targetUserId !== session.user.id && !['admin', 'superadmin'].includes(userRole)) {
-      return NextResponse.json(
-        { error: 'Permission denied' },
-        { status: 403 }
-      )
-    }
-    // Get user plan and flags
-    const planData = await getUserPlanAndFlags(targetUserId)
-    return NextResponse.json({
-      userId: targetUserId,
-      plan: planData.plan,
-      flags: planData.flags,
-      cached: planData.cached
-    })
-  } catch (error) {
-    console.error('GET user plan-flags error:', error)
-    return NextResponse.json(
-      { error: 'Internal server error' },
-      { status: 500 }
-    )
-  }
-}
-/**
- * PATCH /api/user/plan-flags
- * Update user plan and/or flags
- */
-export async function PATCH(request: NextRequest) {
-  try {
-    // Get session
-    const session = await auth.api.getSession({
-      headers: request.headers,
-    })
-    if (!session) {
-      return NextResponse.json(
-        { error: 'Authentication required' },
-        { status: 401 }
-      )
-    }
-    const body = await request.json()
-    const validation = planFlagsUpdateSchema.safeParse(body)
-    if (!validation.success) {
-      return NextResponse.json(
-        {
-          error: 'Invalid request body',
-          details: validation.error.flatten().fieldErrors
-        },
-        { status: 400 }
-      )
-    }
-    const { userId, plan, flags } = validation.data
-    const userRole = session.user.role as UserRole
-    // Security check: users can only update their own data unless admin
-    if (userId !== session.user.id && !['admin', 'superadmin'].includes(userRole)) {
-      return NextResponse.json(
-        { error: 'Permission denied' },
-        { status: 403 }
-      )
-    }
-    // Additional security: only admins can update other users' data
-    if (userId !== session.user.id && !['admin', 'superadmin'].includes(userRole)) {
-      return NextResponse.json(
-        { error: 'Only admins can update other users data' },
-        { status: 403 }
-      )
-    }
-    const results: { plan?: boolean; flags?: boolean } = {}
-    // Update plan if provided
-    if (plan) {
-      const planSuccess = await updateUserPlan(userId, plan)
-      if (!planSuccess) {
-        return NextResponse.json(
-          { error: 'Failed to update user plan' },
-          { status: 500 }
-        )
-      }
-      results.plan = true
-    }
-    // Update flags if provided
-    if (flags) {
-      const flagsSuccess = await updateUserFlags(userId, flags)
-      if (!flagsSuccess) {
-        return NextResponse.json(
-          { error: 'Failed to update user flags' },
-          { status: 500 }
-        )
-      }
-      results.flags = true
-    }
-    // Get updated data
-    const updatedData = await getUserPlanAndFlags(userId)
-    return NextResponse.json({
-      success: true,
-      updated: results,
-      userId,
-      plan: updatedData.plan,
-      flags: updatedData.flags
-    })
-  } catch (error) {
-    console.error('PATCH user plan-flags error:', error)
-    return NextResponse.json(
-      { error: 'Internal server error' },
-      { status: 500 }
-    )
-  }
-}
-/**
- * POST /api/user/plan-flags/bulk
- * Bulk update user plans and flags (admin only)
- */
-export async function POST(request: NextRequest) {
-  try {
-    // Get session
-    const session = await auth.api.getSession({
-      headers: request.headers,
-    })
-    if (!session) {
-      return NextResponse.json(
-        { error: 'Authentication required' },
-        { status: 401 }
-      )
-    }
-    const userRole = session.user.role as UserRole
-    // Only admins can perform bulk operations
-    if (!['admin', 'superadmin'].includes(userRole)) {
-      return NextResponse.json(
-        { error: 'Admin access required for bulk operations' },
-        { status: 403 }
-      )
-    }
-    const body = await request.json()
-    const bulkSchema = z.object({
-      updates: z.array(z.object({
-        userId: z.string(),
-        plan: z.enum(['free', 'starter', 'premium']).optional(),
-        flags: z.array(z.enum(['beta_tester', 'early_adopter', 'limited_access', 'vip', 'restricted', 'experimental'])).optional()
-      })).max(100) // Limit bulk operations
-    })
-    const validation = bulkSchema.safeParse(body)
-    if (!validation.success) {
-      return NextResponse.json(
-        {
-          error: 'Invalid bulk request',
-          details: validation.error.flatten().fieldErrors
-        },
-        { status: 400 }
-      )
-    }
-    const { updates } = validation.data
-    const results = []
-    // Process each update
-    for (const update of updates) {
-      try {
-        const updateResult: { userId: string; plan?: boolean; flags?: boolean } = {
-          userId: update.userId
-        }
-        if (update.plan) {
-          updateResult.plan = await updateUserPlan(update.userId, update.plan)
-        }
-        if (update.flags) {
-          updateResult.flags = await updateUserFlags(update.userId, update.flags)
-        }
-        results.push({
-          ...updateResult,
-          success: true
-        })
-      } catch (error) {
-        results.push({
-          userId: update.userId,
-          success: false,
-          error: error instanceof Error ? error.message : 'Unknown error'
-        })
-      }
-    }
-    const successCount = results.filter(r => r.success).length
-    const failureCount = results.length - successCount
-    return NextResponse.json({
-      success: failureCount === 0,
-      processed: results.length,
-      succeeded: successCount,
-      failed: failureCount,
-      results
-    })
-  } catch (error) {
-    console.error('POST bulk user plan-flags error:', error)
-    return NextResponse.json(
-      { error: 'Internal server error' },
-      { status: 500 }
-    )
-  }
-}