npm - @nixxie-cms/core - Versions diffs - 1.0.3 → 1.1.0 - Mend

@nixxie-cms/core 1.0.3 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (202) hide show

package/session/dist/nixxie-cms-core-session.esm.js CHANGED Viewed

@@ -1,6 +1,18 @@
 import { randomBytes } from 'node:crypto';
 import * as cookie from 'cookie';
 import Iron from '@hapi/iron';
+import { a as text, j as json, t as timestamp } from '../../dist/index-f1703b7b.esm.js';
+import 'pluralize';
+import '../../dist/next-fields-9bf04ed8.esm.js';
+import 'decimal.js';
+import '@graphql-ts/schema';
+import '@graphql-ts/extend';
+import 'graphql-upload/GraphQLUpload.js';
+import 'graphql';
+import '../../dist/resolve-hooks-9e676794.esm.js';
+import 'node:async_hooks';
+import '../../dist/non-null-graphql-8c5feaae.esm.js';
+import 'node:path';
 // TODO: should we also accept httpOnly?
@@ -77,6 +89,224 @@ function statelessSessions({
     }
   };
 }
+function sessionModel(context, collection) {
+  var _context$prisma;
+  const delegate = (_context$prisma = context.prisma) === null || _context$prisma === void 0 ? void 0 : _context$prisma[collection[0].toLowerCase() + collection.slice(1)];
+  if (!delegate) {
+    throw new Error(`persistentSessions: collection "${collection}" was not found in the Prisma client. ` + `Add it to your config (e.g. \`collections: { ${collection}: sessionCollection() }\`) and run a migration.`);
+  }
+  return delegate;
+}
+/**
+ * Database-backed sessions: the cookie carries only an opaque token; the session itself
+ * lives in a collection, so sessions survive restarts, can be listed per user, and can be
+ * revoked server-side (see `listSessions` / `revokeSession` / `revokeUserSessions`).
+ *
+ * Tracks `lastSeenAt` (refreshed at most once a minute), `userAgent` and `ip` per session.
+ * Pair with a scheduled `pruneSessions()` job to clear expired/revoked rows.
+ */
+function persistentSessions({
+  collection = 'UserSession',
+  maxAge = 60 * 60 * 8,
+  // 8 hours
+  ...statelessSessionsOptions
+} = {}) {
+  const stateless = statelessSessions({
+    ...statelessSessionsOptions,
+    maxAge
+  });
+  return {
+    async get({
+      context
+    }) {
+      const token = await stateless.get({
+        context
+      });
+      if (!token) return;
+      const row = await sessionModel(context, collection).findUnique({
+        where: {
+          token
+        }
+      });
+      if (!row || row.revokedAt) return;
+      if (row.expiresAt && row.expiresAt.getTime() < Date.now()) return;
+      // Refresh activity tracking at most once a minute; never block the request on it.
+      if (!row.lastSeenAt || Date.now() - row.lastSeenAt.getTime() > 60000) {
+        void sessionModel(context, collection).update({
+          where: {
+            token
+          },
+          data: {
+            lastSeenAt: new Date()
+          }
+        }).catch(() => {});
+      }
+      return row.data;
+    },
+    async start({
+      context,
+      data
+    }) {
+      var _ref, _ref2, _ref3, _forwarded$split$, _req$socket;
+      const token = randomBytes(24).toString('base64url'); // 192-bit
+      const req = context.req;
+      const forwarded = req === null || req === void 0 ? void 0 : req.headers['x-forwarded-for'];
+      await sessionModel(context, collection).create({
+        data: {
+          token,
+          data: data,
+          itemId: (data === null || data === void 0 ? void 0 : data.itemId) != null ? String(data.itemId) : null,
+          expiresAt: new Date(Date.now() + maxAge * 1000),
+          createdAt: new Date(),
+          lastSeenAt: new Date(),
+          userAgent: (_ref = req === null || req === void 0 ? void 0 : req.headers['user-agent']) !== null && _ref !== void 0 ? _ref : null,
+          ip: (_ref2 = (_ref3 = typeof forwarded === 'string' ? (_forwarded$split$ = forwarded.split(',')[0]) === null || _forwarded$split$ === void 0 ? void 0 : _forwarded$split$.trim() : forwarded === null || forwarded === void 0 ? void 0 : forwarded[0]) !== null && _ref3 !== void 0 ? _ref3 : req === null || req === void 0 || (_req$socket = req.socket) === null || _req$socket === void 0 ? void 0 : _req$socket.remoteAddress) !== null && _ref2 !== void 0 ? _ref2 : null
+        }
+      });
+      return (await stateless.start({
+        context,
+        data: token
+      })) || '';
+    },
+    async end({
+      context
+    }) {
+      const token = await stateless.get({
+        context
+      });
+      if (token) {
+        await sessionModel(context, collection).deleteMany({
+          where: {
+            token
+          }
+        });
+      }
+      await stateless.end({
+        context
+      });
+    }
+  };
+}
+const stripToken = row => {
+  var _row$itemId, _row$lastSeenAt, _row$expiresAt, _row$revokedAt, _row$userAgent, _row$ip;
+  return {
+    id: row.id,
+    itemId: (_row$itemId = row.itemId) !== null && _row$itemId !== void 0 ? _row$itemId : null,
+    createdAt: row.createdAt,
+    lastSeenAt: (_row$lastSeenAt = row.lastSeenAt) !== null && _row$lastSeenAt !== void 0 ? _row$lastSeenAt : null,
+    expiresAt: (_row$expiresAt = row.expiresAt) !== null && _row$expiresAt !== void 0 ? _row$expiresAt : null,
+    revokedAt: (_row$revokedAt = row.revokedAt) !== null && _row$revokedAt !== void 0 ? _row$revokedAt : null,
+    userAgent: (_row$userAgent = row.userAgent) !== null && _row$userAgent !== void 0 ? _row$userAgent : null,
+    ip: (_row$ip = row.ip) !== null && _row$ip !== void 0 ? _row$ip : null
+  };
+};
+/** Active (non-revoked, non-expired) sessions for a user, without their tokens. */
+async function listSessions(context, itemId, {
+  collection = 'UserSession'
+} = {}) {
+  const rows = await sessionModel(context, collection).findMany({
+    where: {
+      itemId: String(itemId),
+      revokedAt: null,
+      expiresAt: {
+        gte: new Date()
+      }
+    },
+    orderBy: {
+      lastSeenAt: 'desc'
+    }
+  });
+  return rows.map(stripToken);
+}
+/** Revoke a single session by its row id. The next request with its cookie is signed out. */
+async function revokeSession(context, sessionId, {
+  collection = 'UserSession'
+} = {}) {
+  await sessionModel(context, collection).updateMany({
+    where: {
+      id: sessionId
+    },
+    data: {
+      revokedAt: new Date()
+    }
+  });
+}
+/** Revoke every session belonging to a user (e.g. after a password change). */
+async function revokeUserSessions(context, itemId, {
+  collection = 'UserSession'
+} = {}) {
+  const result = await sessionModel(context, collection).updateMany({
+    where: {
+      itemId: String(itemId),
+      revokedAt: null
+    },
+    data: {
+      revokedAt: new Date()
+    }
+  });
+  return result.count;
+}
+/** Delete expired and revoked session rows. Run from a scheduled job. */
+async function pruneSessions(context, {
+  collection = 'UserSession'
+} = {}) {
+  const result = await sessionModel(context, collection).deleteMany({
+    where: {
+      OR: [{
+        expiresAt: {
+          lt: new Date()
+        }
+      }, {
+        revokedAt: {
+          not: null
+        }
+      }]
+    }
+  });
+  return result.count;
+}
+/**
+ * Sign the current user in as another user, recording who is impersonating in the
+ * session (`impersonatedBy`). Works with any session strategy. The caller is
+ * responsible for authorising the action (e.g. an admin-only check).
+ */
+async function startImpersonation(context, itemId) {
+  if (!context.sessionStrategy) throw new Error('startImpersonation: no session strategy configured');
+  const current = context.session;
+  if (!(current !== null && current !== void 0 && current.itemId)) throw new Error('startImpersonation: there is no signed-in session');
+  if (current.impersonatedBy != null) {
+    throw new Error('startImpersonation: already impersonating — end the current impersonation first');
+  }
+  await context.sessionStrategy.start({
+    context,
+    data: {
+      itemId,
+      impersonatedBy: current.itemId
+    }
+  });
+}
+/** Return from an impersonated session to the original user's session. */
+async function endImpersonation(context) {
+  if (!context.sessionStrategy) throw new Error('endImpersonation: no session strategy configured');
+  const current = context.session;
+  if ((current === null || current === void 0 ? void 0 : current.impersonatedBy) == null) {
+    throw new Error('endImpersonation: the current session is not impersonating anyone');
+  }
+  await context.sessionStrategy.start({
+    context,
+    data: {
+      itemId: current.impersonatedBy
+    }
+  });
+}
 function storedSessions({
   store: storeFn,
   maxAge = 60 * 60 * 8,
@@ -126,4 +356,52 @@ function storedSessions({
   };
 }
-export { statelessSessions, storedSessions };
+/**
+ * Ready-made collection definition backing `persistentSessions()`.
+ *
+ * @example
+ * config({
+ *   collections: {
+ *     UserSession: sessionCollection(),
+ *     ...collections,
+ *   },
+ *   session: persistentSessions({ collection: 'UserSession' }),
+ * })
+ */
+function sessionCollection() {
+  return {
+    fields: {
+      token: text({
+        validation: {
+          isRequired: true
+        },
+        isIndexed: 'unique'
+      }),
+      data: json(),
+      itemId: text({
+        isIndexed: true
+      }),
+      expiresAt: timestamp(),
+      createdAt: timestamp({
+        defaultValue: {
+          kind: 'now'
+        },
+        db: {
+          isNullable: false
+        }
+      }),
+      lastSeenAt: timestamp(),
+      revokedAt: timestamp(),
+      userAgent: text(),
+      ip: text()
+    },
+    graphql: {
+      omit: true
+    },
+    ui: {
+      hideNavigation: true
+    }
+  };
+}
+export { endImpersonation, listSessions, persistentSessions, pruneSessions, revokeSession, revokeUserSessions, sessionCollection, startImpersonation, statelessSessions, storedSessions };

package/src/access.ts CHANGED Viewed

@@ -1,25 +1,25 @@
-import type { MaybePromise } from './types/utils'
-import type { BaseListTypeInfo } from './types'
-export function allowAll() {
-  return true
-}
-export function denyAll() {
-  return false
-}
-export function unfiltered<ListTypeInfo extends BaseListTypeInfo>(): MaybePromise<
-  boolean | ListTypeInfo['inputs']['where']
-> {
-  return true
-}
-export function allOperations<F>(f: F) {
-  return {
-    query: f,
-    create: f,
-    update: f,
-    delete: f,
-  }
-}
+import type { MaybePromise } from './types/utils'
+import type { BaseCollectionTypeInfo } from './types'
+export function allowAll() {
+  return true
+}
+export function denyAll() {
+  return false
+}
+export function unfiltered<CollectionTypeInfo extends BaseCollectionTypeInfo>(): MaybePromise<
+  boolean | CollectionTypeInfo['inputs']['where']
+> {
+  return true
+}
+export function allOperations<F>(f: F) {
+  return {
+    query: f,
+    create: f,
+    update: f,
+    delete: f,
+  }
+}

package/src/admin-ui/admin-meta-graphql.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import type { GraphQLNames, JSONValue } from '../types/utils'
-import type { ListMeta, FieldMeta, FieldGroupMeta } from '../types'
+import type { CollectionMeta, FieldMeta, FieldGroupMeta } from '../types'
 import { gql } from './apollo'
 export const adminMetaQuery = gql`
@@ -142,9 +142,9 @@ export const adminMetaQuery = gql`
 export type AdminMetaQuery = {
   nixxie: {
     adminMeta: {
-      lists: (ListMeta & {
-        fields: ListMeta['fields'][string][]
-        actions: ListMeta['actions']
+      lists: (CollectionMeta & {
+        fields: CollectionMeta['fields'][string][]
+        actions: CollectionMeta['actions']
         groups: (FieldGroupMeta & {
           fields: FieldMeta[]
         })[]
@@ -155,7 +155,7 @@ export type AdminMetaQuery = {
         pageSize: number
         initialColumns: string[]
         initialSearchFields: string[]
-        initialSort: ListMeta['initialSort'] | null
+        initialSort: CollectionMeta['initialSort'] | null
         initialFilter: JSONValue
         isSingleton: boolean

package/src/admin-ui/components/CreateButtonLink.tsx CHANGED Viewed

@@ -1,46 +1,46 @@
-import { css } from '@keystar/ui/style'
-import type { ListMeta } from '../../types'
-export function CreateButtonLink(props: { children?: string; list: ListMeta }) {
-  const { list, children = `New ${list.singular}` } = props
-  return (
-    <a
-      href={`/${list.path}/create`}
-      aria-label={`New ${list.singular}`}
-      className={css({
-        display: 'inline-flex',
-        alignItems: 'center',
-        gap: 6,
-        paddingInline: '13px',
-        paddingBlock: '7px',
-        borderRadius: 6,
-        border: '1px solid transparent',
-        backgroundColor: '#111827',
-        color: '#ffffff',
-        fontSize: 13,
-        fontWeight: 500,
-        fontFamily: 'inherit',
-        textDecoration: 'none',
-        cursor: 'pointer',
-        whiteSpace: 'nowrap',
-        flexShrink: 0,
-        letterSpacing: '-0.01em',
-        transition: 'background 130ms',
-        '&:hover': { backgroundColor: '#1f2937' },
-        '&:active': { backgroundColor: '#374151' },
-        '&:focus-visible': {
-          outline: '2px solid #111827',
-          outlineOffset: 2,
-        },
-      })}
-    >
-      <svg width="12" height="12" viewBox="0 0 12 12" fill="none" aria-hidden>
-        <path d="M6 1.5v9M1.5 6h9" stroke="currentColor" strokeWidth="1.5" strokeLinecap="round" />
-      </svg>
-      {children}
-    </a>
-  )
-}
+import { css } from '@keystar/ui/style'
+import type { CollectionMeta } from '../../types'
+export function CreateButtonLink(props: { children?: string; list: CollectionMeta }) {
+  const { list, children = `New ${list.singular}` } = props
+  return (
+    <a
+      href={`/${list.path}/create`}
+      aria-label={`New ${list.singular}`}
+      className={css({
+        display: 'inline-flex',
+        alignItems: 'center',
+        gap: 6,
+        paddingInline: '13px',
+        paddingBlock: '7px',
+        borderRadius: 6,
+        border: '1px solid transparent',
+        backgroundColor: '#111827',
+        color: '#ffffff',
+        fontSize: 13,
+        fontWeight: 500,
+        fontFamily: 'inherit',
+        textDecoration: 'none',
+        cursor: 'pointer',
+        whiteSpace: 'nowrap',
+        flexShrink: 0,
+        letterSpacing: '-0.01em',
+        transition: 'background 130ms',
+        '&:hover': { backgroundColor: '#1f2937' },
+        '&:active': { backgroundColor: '#374151' },
+        '&:focus-visible': {
+          outline: '2px solid #111827',
+          outlineOffset: 2,
+        },
+      })}
+    >
+      <svg width="12" height="12" viewBox="0 0 12 12" fill="none" aria-hidden>
+        <path d="M6 1.5v9M1.5 6h9" stroke="currentColor" strokeWidth="1.5" strokeLinecap="round" />
+      </svg>
+      {children}
+    </a>
+  )
+}

package/src/admin-ui/components/Navigation.tsx CHANGED Viewed

@@ -3,14 +3,14 @@ import { useRouter } from 'next/router'
 import { css } from '@keystar/ui/style'
-import type { ListMeta } from '../../types'
+import type { CollectionMeta } from '../../types'
 import { useNixxie } from '../context'
 // ================================================================
 // Helpers
 // ================================================================
-export function getHrefFromList(list: Pick<ListMeta, 'path' | 'isSingleton'>) {
+export function getHrefFromList(list: Pick<CollectionMeta, 'path' | 'isSingleton'>) {
   return `/${list.path}${list.isSingleton ? '/1' : ''}`
 }
@@ -237,7 +237,7 @@ function CollectionsSection({
   lists,
   onNavItemClick,
 }: {
-  lists: ListMeta[]
+  lists: CollectionMeta[]
   onNavItemClick?: () => void
 }) {
   const [search, setSearch] = useState('')

package/src/admin-ui/context.tsx CHANGED Viewed

@@ -10,11 +10,11 @@ import { useRouter } from '@nixxie-cms/core/admin-ui/router'
 import { snapValueToClosest } from '../internal-unstable/admin-ui/pages/ListPage/PaginationControls'
 import type {
   AdminConfig,
-  BaseListTypeInfo,
+  BaseCollectionTypeInfo,
   ConditionalFilter,
   ConditionalFilterCase,
   FieldViews,
-  ListMeta,
+  CollectionMeta,
 } from '../types'
 import { type AdminMetaQuery, adminMetaQuery } from './admin-meta-graphql'
 import {
@@ -32,7 +32,7 @@ type NixxieContextType = {
   apiPath: string | null
   error?: ErrorLike | null
   fieldViews: FieldViews
-  lists: { [list: string]: ListMeta }
+  lists: { [list: string]: CollectionMeta }
 }
 const NixxieContext = createContext<NixxieContextType>({
@@ -246,10 +246,10 @@ export function useListItem(
               fieldMode: ConditionalFilter<
                 'edit' | 'read' | 'hidden',
                 'read' | 'hidden',
-                BaseListTypeInfo
+                BaseCollectionTypeInfo
               >
               fieldPosition: 'form' | 'sidebar'
-              isRequired: ConditionalFilterCase<BaseListTypeInfo>
+              isRequired: ConditionalFilterCase<BaseCollectionTypeInfo>
             } | null
           }[]
           actions: {
@@ -258,7 +258,7 @@ export function useListItem(
               actionMode: ConditionalFilter<
                 'enabled' | 'disabled' | 'hidden',
                 'disabled' | 'hidden',
-                BaseListTypeInfo
+                BaseCollectionTypeInfo
               >
             } | null
           }[]