npm - @nextsparkjs/core - Versions diffs - 0.1.0-beta.92 → 0.1.0-beta.95 - Mend

@nextsparkjs/core 0.1.0-beta.92 → 0.1.0-beta.95

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (346) hide show

package/dist/templates/app/api/devtools/config/entities/route.ts CHANGED Viewed

@@ -1,6 +1,13 @@
-import { auth } from "@nextsparkjs/core/lib/auth";
+import { getTypedSession } from "@nextsparkjs/core/lib/auth";
 import { NextResponse } from "next/server";
-import { ENTITY_REGISTRY } from "@nextsparkjs/registries/entity-registry";
+import { getEntityRegistry } from "@nextsparkjs/core/lib/entities/queries";
+import type { EntityConfig, ChildEntityDefinition } from "@nextsparkjs/core/lib/entities/types";
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit';
+// Type guard to check if entity is a full EntityConfig
+function isEntityConfig(entity: EntityConfig | ChildEntityDefinition): entity is EntityConfig {
+  return 'slug' in entity
+}
 /**
  * Entity information structure
@@ -23,11 +30,8 @@ interface EntityInfo {
     label?: string;
     required?: boolean;
   }[];
-  // Permissions are now optional in entity config (centralized in permissions.config.ts)
-  permissions?: {
-    actions: Array<{ action: string; label: string; description?: string }>;
-    customActions?: Array<{ action: string; label: string; description?: string }>;
-  };
+  // Note: Permissions are now defined centrally in permissions.config.ts
+  // Use PermissionService to query entity permissions
 }
 /**
@@ -36,10 +40,10 @@ interface EntityInfo {
  * Returns entity registry information
  * Only accessible to developer role
  */
-export async function GET(request: Request) {
+export const GET = withRateLimitTier(async (request: Request) => {
   try {
     // Verify developer role
-    const session = await auth.api.getSession({ headers: request.headers });
+    const session = await getTypedSession(request.headers);
     if (!session?.user || session.user.role !== "developer") {
       return NextResponse.json(
@@ -53,9 +57,11 @@ export async function GET(request: Request) {
     // Build entity info array
     const entities: EntityInfo[] = [];
+    const registry = getEntityRegistry();
-    for (const [, entry] of Object.entries(ENTITY_REGISTRY)) {
+    for (const [, entry] of Object.entries(registry)) {
       const config = entry.config;
+      if (!isEntityConfig(config)) continue;
       entities.push({
         slug: config.slug,
@@ -75,6 +81,7 @@ export async function GET(request: Request) {
           label: field.label,
           required: field.required,
         })) || [],
+        // Note: Permissions are now centralized in permissions.config.ts
       });
     }
@@ -105,4 +112,4 @@ export async function GET(request: Request) {
       { status: 500 }
     );
   }
-}
+}, 'read');

package/dist/templates/app/api/devtools/config/theme/route.ts CHANGED Viewed

@@ -1,6 +1,7 @@
-import { auth } from "@nextsparkjs/core/lib/auth";
+import { getTypedSession } from "@nextsparkjs/core/lib/auth";
 import { NextResponse } from "next/server";
 import { ThemeService } from "@nextsparkjs/core/lib/services/theme.service";
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit';
 /**
  * GET /api/devtools/config/theme
@@ -8,10 +9,10 @@ import { ThemeService } from "@nextsparkjs/core/lib/services/theme.service";
  * Returns current theme configuration
  * Only accessible to developer role
  */
-export async function GET(request: Request) {
+export const GET = withRateLimitTier(async (request: Request) => {
   try {
     // Verify developer role
-    const session = await auth.api.getSession({ headers: request.headers });
+    const session = await getTypedSession(request.headers);
     if (!session?.user || session.user.role !== "developer") {
       return NextResponse.json(
@@ -63,4 +64,4 @@ export async function GET(request: Request) {
       { status: 500 }
     );
   }
-}
+}, 'read');

package/dist/templates/app/api/devtools/tests/[...path]/route.ts CHANGED Viewed

@@ -1,8 +1,9 @@
-import { auth } from "@nextsparkjs/core/lib/auth";
+import { getTypedSession } from "@nextsparkjs/core/lib/auth";
 import { NextResponse } from "next/server";
 import { readFile, stat } from "fs/promises";
 import { join } from "path";
 import matter from "gray-matter";
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit';
 /**
  * GET /api/devtools/tests/[...path]
@@ -12,13 +13,13 @@ import matter from "gray-matter";
  *
  * @param path - Array of path segments (e.g., ['auth', 'login.md'])
  */
-export async function GET(
+export const GET = withRateLimitTier(async (
   request: Request,
   { params }: { params: Promise<{ path: string[] }> }
-) {
+) => {
   try {
     // Verify developer role
-    const session = await auth.api.getSession({ headers: request.headers });
+    const session = await getTypedSession(request.headers);
     if (!session?.user || session.user.role !== "developer") {
       return NextResponse.json(
@@ -127,4 +128,4 @@ export async function GET(
       { status: 500 }
     );
   }
-}
+}, 'read');

package/dist/templates/app/api/devtools/tests/route.ts CHANGED Viewed

@@ -1,7 +1,8 @@
-import { auth } from "@nextsparkjs/core/lib/auth";
+import { getTypedSession } from "@nextsparkjs/core/lib/auth";
 import { NextResponse } from "next/server";
 import { readdir, stat } from "fs/promises";
 import { join } from "path";
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit';
 /**
  * File tree node structure
@@ -58,10 +59,10 @@ async function buildFileTree(dirPath: string, basePath: string): Promise<FileTre
  * Returns file tree structure of test documentation files
  * Only accessible to developer role
  */
-export async function GET(request: Request) {
+export const GET = withRateLimitTier(async (request: Request) => {
   try {
     // Verify developer role
-    const session = await auth.api.getSession({ headers: request.headers });
+    const session = await getTypedSession(request.headers);
     if (!session?.user || session.user.role !== "developer") {
       return NextResponse.json(
@@ -131,4 +132,4 @@ export async function GET(request: Request) {
       { status: 500 }
     );
   }
-}
+}, 'read');

package/dist/templates/app/api/health/route.ts CHANGED Viewed

@@ -1,11 +1,13 @@
 import { queryWithRLS } from "@nextsparkjs/core/lib/db";
+import { withRateLimitTier } from "@nextsparkjs/core/lib/api/rate-limit";
+import { NextResponse } from "next/server";
-export async function GET() {
+export const GET = withRateLimitTier(async () => {
   try {
     // Test database connection
     await queryWithRLS('SELECT 1');
-    return Response.json({
+    return NextResponse.json({
       status: 'healthy',
       timestamp: new Date().toISOString(),
       services: {
@@ -15,7 +17,7 @@ export async function GET() {
     });
   } catch (error) {
     console.error('Health check failed:', error);
-    return Response.json({
+    return NextResponse.json({
       status: 'unhealthy',
       timestamp: new Date().toISOString(),
       error: 'Database connection failed',
@@ -25,5 +27,5 @@ export async function GET() {
       }
     }, { status: 503 });
   }
-}
+}, 'read');

package/dist/templates/app/api/internal/user-metadata/route.ts CHANGED Viewed

@@ -1,8 +1,9 @@
 import { NextRequest, NextResponse } from 'next/server'
 import { MetaService } from '@nextsparkjs/core/lib/services/meta.service'
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit'
 // Endpoint interno para crear metadata default después del signup
-export async function POST(req: NextRequest) {
+export const POST = withRateLimitTier(async (req: NextRequest) => {
   try {
     const body = await req.json()
     const { userId, metadata } = body
@@ -33,4 +34,4 @@ export async function POST(req: NextRequest) {
       error: 'Internal server error'
     }, { status: 500 })
   }
-}
+}, 'write');

package/dist/templates/app/api/superadmin/subscriptions/route.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import { NextRequest, NextResponse } from 'next/server';
-import { auth } from '@nextsparkjs/core/lib/auth';
+import { getTypedSession } from '@nextsparkjs/core/lib/auth';
 import { queryWithRLS } from '@nextsparkjs/core/lib/db';
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit';
 interface SubscriptionResult {
   id: string;
@@ -51,12 +52,10 @@ interface PlanDistribution {
  * Retrieves all subscriptions with stats for superadmin overview.
  * Supports filtering by status and pagination.
  */
-export async function GET(request: NextRequest) {
+export const GET = withRateLimitTier(async (request: NextRequest) => {
   try {
     // Get the current session using Better Auth
-    const session = await auth.api.getSession({
-      headers: request.headers
-    });
+    const session = await getTypedSession(request.headers);
     // Check if user is authenticated
     if (!session?.user) {
@@ -307,4 +306,4 @@ export async function GET(request: NextRequest) {
       { status: 500 }
     );
   }
-}
+}, 'strict');

package/dist/templates/app/api/superadmin/teams/[teamId]/route.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import { NextRequest, NextResponse } from 'next/server';
-import { auth } from '@nextsparkjs/core/lib/auth';
+import { getTypedSession } from '@nextsparkjs/core/lib/auth';
 import { queryWithRLS } from '@nextsparkjs/core/lib/db';
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit';
 interface TeamResult {
   id: string;
@@ -62,17 +63,15 @@ interface UsageResult {
  * Retrieves a single team with owner info and members.
  * Only accessible by superadmin or developer users.
  */
-export async function GET(
+export const GET = withRateLimitTier(async (
   request: NextRequest,
   { params }: { params: Promise<{ teamId: string }> }
-) {
+) => {
   try {
     const { teamId } = await params;
     // Get the current session using Better Auth
-    const session = await auth.api.getSession({
-      headers: request.headers
-    });
+    const session = await getTypedSession(request.headers);
     // Check if user is authenticated
     if (!session?.user) {
@@ -283,4 +282,4 @@ export async function GET(
       { status: 500 }
     );
   }
-}
+}, 'strict');

package/dist/templates/app/api/superadmin/teams/route.ts CHANGED Viewed

@@ -1,7 +1,8 @@
 import { NextRequest, NextResponse } from 'next/server';
-import { auth } from '@nextsparkjs/core/lib/auth';
+import { getTypedSession } from '@nextsparkjs/core/lib/auth';
 import { queryWithRLS } from '@nextsparkjs/core/lib/db';
 import { SYSTEM_ADMIN_TEAM_ID } from '@nextsparkjs/core/lib/api/auth/dual-auth';
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit';
 interface TeamWithStats {
   id: string;
@@ -31,12 +32,10 @@ interface TeamWithStats {
  * - counts: Object with team counts
  * - pagination: Pagination info
  */
-export async function GET(request: NextRequest) {
+export const GET = withRateLimitTier(async (request: NextRequest) => {
   try {
     // Get the current session using Better Auth
-    const session = await auth.api.getSession({
-      headers: request.headers
-    });
+    const session = await getTypedSession(request.headers);
     // Check if user is authenticated
     if (!session?.user) {
@@ -185,4 +184,4 @@ export async function GET(request: NextRequest) {
       { status: 500 }
     );
   }
-}
+}, 'strict');

package/dist/templates/app/api/superadmin/users/[userId]/route.ts CHANGED Viewed

@@ -1,6 +1,7 @@
 import { NextRequest, NextResponse } from 'next/server';
-import { auth } from '@nextsparkjs/core/lib/auth';
+import { getTypedSession } from '@nextsparkjs/core/lib/auth';
 import { queryWithRLS } from '@nextsparkjs/core/lib/db';
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit';
 interface UserResult {
   id: string;
@@ -46,12 +47,10 @@ interface RouteParams {
  * - teams: Array of team memberships
  * - stats: User statistics
  */
-export async function GET(request: NextRequest, { params }: RouteParams) {
+export const GET = withRateLimitTier(async (request: NextRequest, { params }: RouteParams) => {
   try {
     // Get the current session using Better Auth
-    const session = await auth.api.getSession({
-      headers: request.headers
-    });
+    const session = await getTypedSession(request.headers);
     // Check if user is authenticated
     if (!session?.user) {
@@ -214,7 +213,7 @@ export async function GET(request: NextRequest, { params }: RouteParams) {
       { status: 500 }
     );
   }
-}
+}, 'strict');
 interface UserActionBody {
   action: 'change-role' | 'suspend' | 'unsuspend' | 'verify-email';
@@ -233,12 +232,10 @@ interface UserActionBody {
  * - unsuspend: Restore user's role to 'member'
  * - verify-email: Manually verify user's email
  */
-export async function PATCH(request: NextRequest, { params }: RouteParams) {
+export const PATCH = withRateLimitTier(async (request: NextRequest, { params }: RouteParams) => {
   try {
     // Get the current session using Better Auth
-    const session = await auth.api.getSession({
-      headers: request.headers
-    });
+    const session = await getTypedSession(request.headers);
     // Check if user is authenticated
     if (!session?.user) {
@@ -394,7 +391,7 @@ export async function PATCH(request: NextRequest, { params }: RouteParams) {
       { status: 500 }
     );
   }
-}
+}, 'strict');
 /**
  * DELETE /api/superadmin/users/[userId]
@@ -407,12 +404,10 @@ export async function PATCH(request: NextRequest, { params }: RouteParams) {
  * - Delete user's personal team
  * - Delete the user account
  */
-export async function DELETE(request: NextRequest, { params }: RouteParams) {
+export const DELETE = withRateLimitTier(async (request: NextRequest, { params }: RouteParams) => {
   try {
     // Get the current session using Better Auth
-    const session = await auth.api.getSession({
-      headers: request.headers
-    });
+    const session = await getTypedSession(request.headers);
     // Check if user is authenticated
     if (!session?.user) {
@@ -537,4 +532,4 @@ export async function DELETE(request: NextRequest, { params }: RouteParams) {
       { status: 500 }
     );
   }
-}
+}, 'strict');

package/dist/templates/app/api/superadmin/users/route.ts CHANGED Viewed

@@ -1,7 +1,8 @@
 import { NextRequest, NextResponse } from 'next/server';
-import { auth } from '@nextsparkjs/core/lib/auth';
+import { getTypedSession } from '@nextsparkjs/core/lib/auth';
 import { queryWithRLS } from '@nextsparkjs/core/lib/db';
 import type { User } from '@nextsparkjs/core/types/user.types';
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit';
 /**
  * GET /api/superadmin/users
@@ -23,12 +24,10 @@ import type { User } from '@nextsparkjs/core/types/user.types';
  * - counts: Object with user counts
  * - pagination: Pagination info for the active tab
  */
-export async function GET(request: NextRequest) {
+export const GET = withRateLimitTier(async (request: NextRequest) => {
   try {
     // Get the current session using Better Auth
-    const session = await auth.api.getSession({
-      headers: request.headers
-    });
+    const session = await getTypedSession(request.headers);
     // Check if user is authenticated
     if (!session?.user) {
@@ -294,7 +293,7 @@ export async function GET(request: NextRequest) {
       { status: 500 }
     );
   }
-}
+}, 'strict');
 /**
  * POST /api/superadmin/users
@@ -302,12 +301,12 @@ export async function GET(request: NextRequest) {
  * Future endpoint for user management actions (create, update roles, etc.)
  * Currently returns not implemented.
  */
-export async function POST() {
+export const POST = withRateLimitTier(async () => {
   return NextResponse.json(
     { error: 'Not implemented yet' },
     { status: 501 }
   );
-}
+}, 'strict');
 /**
  * PUT /api/superadmin/users
@@ -315,9 +314,9 @@ export async function POST() {
  * Future endpoint for bulk user operations
  * Currently returns not implemented.
  */
-export async function PUT() {
+export const PUT = withRateLimitTier(async () => {
   return NextResponse.json(
     { error: 'Not implemented yet' },
     { status: 501 }
   );
-}
+}, 'strict');

package/dist/templates/app/api/user/delete-account/route.ts CHANGED Viewed

@@ -1,8 +1,9 @@
 import { NextRequest, NextResponse } from "next/server";
 import { auth } from "@nextsparkjs/core/lib/auth";
 import { mutateWithRLS } from "@nextsparkjs/core/lib/db";
+import { withRateLimitTier } from "@nextsparkjs/core/lib/api/rate-limit";
-export async function DELETE(req: NextRequest) {
+export const DELETE = withRateLimitTier(async (req: NextRequest) => {
   try {
     // Get session from Better Auth
     const session = await auth.api.getSession({
@@ -52,4 +53,4 @@ export async function DELETE(req: NextRequest) {
       { status: 500 }
     );
   }
-}
+}, 'strict');

package/dist/templates/app/api/user/plan-flags/route.ts CHANGED Viewed

@@ -6,10 +6,11 @@
  */
 import { NextRequest, NextResponse } from 'next/server'
-import { auth } from '@nextsparkjs/core/lib/auth'
+import { getTypedSession } from '@nextsparkjs/core/lib/auth'
 import { getUserPlanAndFlags, updateUserPlan, updateUserFlags } from '@nextsparkjs/core/lib/user-data'
 import { z } from 'zod'
 import type { UserRole } from '@nextsparkjs/core/types/user.types'
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit'
 // Validation schemas
 const planFlagsQuerySchema = z.object({
@@ -26,12 +27,10 @@ const planFlagsUpdateSchema = z.object({
  * GET /api/user/plan-flags
  * Fetch user plan and flags data
  */
-export async function GET(request: NextRequest) {
+export const GET = withRateLimitTier(async (request: NextRequest) => {
   try {
     // Get session
-    const session = await auth.api.getSession({
-      headers: request.headers,
-    })
+    const session = await getTypedSession(request.headers)
     if (!session) {
       return NextResponse.json(
@@ -84,18 +83,16 @@ export async function GET(request: NextRequest) {
       { status: 500 }
     )
   }
-}
+}, 'read');
 /**
  * PATCH /api/user/plan-flags
  * Update user plan and/or flags
  */
-export async function PATCH(request: NextRequest) {
+export const PATCH = withRateLimitTier(async (request: NextRequest) => {
   try {
     // Get session
-    const session = await auth.api.getSession({
-      headers: request.headers,
-    })
+    const session = await getTypedSession(request.headers)
     if (!session) {
       return NextResponse.json(
@@ -121,14 +118,6 @@ export async function PATCH(request: NextRequest) {
     const userRole = session.user.role as UserRole
     // Security check: users can only update their own data unless admin
-    if (userId !== session.user.id && !['admin', 'superadmin'].includes(userRole)) {
-      return NextResponse.json(
-        { error: 'Permission denied' },
-        { status: 403 }
-      )
-    }
-    // Additional security: only admins can update other users' data
     if (userId !== session.user.id && !['admin', 'superadmin'].includes(userRole)) {
       return NextResponse.json(
         { error: 'Only admins can update other users data' },
@@ -180,18 +169,16 @@ export async function PATCH(request: NextRequest) {
       { status: 500 }
     )
   }
-}
+}, 'write');
 /**
  * POST /api/user/plan-flags/bulk
  * Bulk update user plans and flags (admin only)
  */
-export async function POST(request: NextRequest) {
+export const POST = withRateLimitTier(async (request: NextRequest) => {
   try {
     // Get session
-    const session = await auth.api.getSession({
-      headers: request.headers,
-    })
+    const session = await getTypedSession(request.headers)
     if (!session) {
       return NextResponse.json(
@@ -280,4 +267,4 @@ export async function POST(request: NextRequest) {
       { status: 500 }
     )
   }
-}
+}, 'strict');

package/dist/templates/app/api/user/profile/route.ts CHANGED Viewed

@@ -1,11 +1,12 @@
-import { NextResponse } from 'next/server'
+import { NextRequest, NextResponse } from 'next/server'
 import { auth } from '@nextsparkjs/core/lib/auth'
 import { headers } from 'next/headers'
 import { queryOneWithRLS, mutateWithRLS, queryOne } from '@nextsparkjs/core/lib/db'
 import { profileSchema } from '@nextsparkjs/core/lib/validation'
 import { MetaService } from '@nextsparkjs/core/lib/services/meta.service'
+import { withRateLimitTier } from '@nextsparkjs/core/lib/api/rate-limit'
-export async function GET(request: Request) {
+export const GET = withRateLimitTier(async (request: NextRequest) => {
   const url = new URL(request.url)
   const includeMeta = url.searchParams.get('includeMeta') === 'true'
   try {
@@ -53,9 +54,9 @@ export async function GET(request: Request) {
     console.error('Error fetching user profile:', error)
     return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
   }
-}
+}, 'read');
-export async function PATCH(request: Request) {
+export const PATCH = withRateLimitTier(async (request: NextRequest) => {
   try {
     const sessionHeaders = await headers()
     const session = await auth.api.getSession({ headers: sessionHeaders })
@@ -122,7 +123,7 @@ export async function PATCH(request: Request) {
       }
     }
-    return NextResponse.json({
+    return NextResponse.json({
       message: 'Profile updated successfully',
       success: true
     })
@@ -130,4 +131,4 @@ export async function PATCH(request: Request) {
     console.error('Error updating user profile:', error)
     return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
   }
-}
+}, 'write');