@plank-cms/plank 0.18.0 → 0.19.0

package/dist/admin/index.html

@@ -12,7 +12,7 @@
       href="https://fonts.googleapis.com/css2?family=Google+Sans:ital,opsz,wght@0,17..18,400..700;1,17..18,400..700&display=swap"
       rel="stylesheet"
     />
-    <script type="module" crossorigin src="/admin/assets/index-yw3F7Equ.js"></script>
+    <script type="module" crossorigin src="/admin/assets/index-BepYvDmW.js"></script>
     <link rel="stylesheet" crossorigin href="/admin/assets/index-FkEexpp5.css">
   </head>
   <body>

package/dist/index.js

@@ -7,7 +7,7 @@ import { randomBytes } from "crypto";
 import { resolve, join } from "path";
 import fs from "fs-extra";
 import { execa } from "execa";
-var PACKAGE_VERSION = "0.18.0";
+var PACKAGE_VERSION = "0.19.0";
 function generateSecret() {
   return randomBytes(32).toString("hex");
 }
@@ -101,7 +101,7 @@ import { dirname, join as join2, resolve as resolve2 } from "path";
 async function start() {
   config({ path: resolve2(process.cwd(), ".env") });
   process.env.PLANK_ADMIN_DIST = join2(dirname(fileURLToPath(import.meta.url)), "admin");
-  const { start: startServer } = await import("./server-QZGQPF7F.js");
+  const { start: startServer } = await import("./server-KVOZGN2H.js");
   await startServer();
 }
 

package/dist/{server-QZGQPF7F.js → server-KVOZGN2H.js}

@@ -4662,9 +4662,71 @@ var SYSTEM_RESPONSE_FIELDS = [
   "editor"
 ];
 function parseCsvParam(value) {
-  if (typeof value !== "string")
-    return [];
-  return value.split(",").map((item) => item.trim()).filter(Boolean);
+  if (typeof value === "string") {
+    return value.split(",").map((item) => item.trim()).filter(Boolean);
+  }
+  if (Array.isArray(value)) {
+    return value.flatMap((item) => parseCsvParam(item));
+  }
+  return [];
+}
+function coerceFilterValue(raw, field) {
+  if (field.type === "number") {
+    const parsed = field.subtype === "float" ? Number.parseFloat(raw) : Number.parseInt(raw, 10);
+    return Number.isNaN(parsed) ? raw : parsed;
+  }
+  if (field.type === "boolean") {
+    if (raw === "true")
+      return true;
+    if (raw === "false")
+      return false;
+  }
+  return raw;
+}
+function coerceFilterValues(value, field) {
+  return parseCsvParam(value).map((item) => coerceFilterValue(item, field));
+}
+function isFilterOperator(value) {
+  return value === "eq" || value === "ne" || value === "in" || value === "nin";
+}
+function parseFilters(query, fieldMap) {
+  const filters = [];
+  const invalidFilters = [];
+  const filtersObject = query.filters && typeof query.filters === "object" && !Array.isArray(query.filters) ? query.filters : null;
+  if (filtersObject) {
+    for (const [fieldName, operatorValue] of Object.entries(filtersObject)) {
+      const field = fieldMap.get(fieldName);
+      if (!field || typeof operatorValue !== "object" || operatorValue === null || Array.isArray(operatorValue)) {
+        invalidFilters.push(`filters.${fieldName}`);
+        continue;
+      }
+      for (const [operatorKey, rawValue] of Object.entries(operatorValue)) {
+        if (!isFilterOperator(operatorKey)) {
+          invalidFilters.push(`filters.${fieldName}.${operatorKey}`);
+          continue;
+        }
+        filters.push({
+          field,
+          operator: operatorKey,
+          rawValue,
+          rawKey: `filters[${fieldName}][${operatorKey}]`
+        });
+      }
+    }
+  }
+  for (const [key, rawValue] of Object.entries(query)) {
+    const match = /^filters\[([^\]]+)\]\[([^\]]+)\]$/.exec(key);
+    if (!match)
+      continue;
+    const [, fieldName, operatorKey] = match;
+    const field = fieldMap.get(fieldName);
+    if (!field || !isFilterOperator(operatorKey)) {
+      invalidFilters.push(key);
+      continue;
+    }
+    filters.push({ field, operator: operatorKey, rawValue, rawKey: key });
+  }
+  return { filters, invalidFilters };
 }
 function parseFieldSelection(query, ct) {
   const includeFields = [...parseCsvParam(query.fields), ...parseCsvParam(query.select)];
@@ -4998,9 +5060,15 @@ var listPublicEntries = async (req, res) => {
   const locale = req.query.locale ? String(req.query.locale) : void 0;
   const fallbacks = req.query.fallback ? String(req.query.fallback).split(",") : [];
   const knownFields = new Set(ct.fields.map((f2) => f2.name));
+  const fieldMap = new Map(ct.fields.map((field) => [field.name, field]));
   const systemSortFields = /* @__PURE__ */ new Set(["created_at", "updated_at", "published_at"]);
   const filterClauses = [];
   const filterValues = [];
+  const { filters: parsedFilters, invalidFilters } = parseFilters(req.query, fieldMap);
+  if (invalidFilters.length > 0) {
+    res.status(400).json({ error: `Invalid filters: ${invalidFilters.join(", ")}` });
+    return;
+  }
   const statusParam = String(req.query.status ?? "published");
   if (statusParam === "published" || statusParam === "draft") {
     filterClauses.push(`e.status = $${filterValues.length + 1}`);
@@ -5010,14 +5078,31 @@ var listPublicEntries = async (req, res) => {
   const sortField = knownFields.has(rawSort) || systemSortFields.has(rawSort) ? rawSort : "created_at";
   assertSafeIdentifier(sortField);
   const sortDir = String(req.query.order ?? "desc").toLowerCase() === "asc" ? "ASC" : "DESC";
-  for (const [key, value] of Object.entries(req.query)) {
-    if (key === "page" || key === "limit" || key === "status" || key === "sort" || key === "order" || key === "locale" || key === "fallback" || key === "fields" || key === "select" || key === "exclude")
+  for (const parsedFilter of parsedFilters) {
+    const fieldName = parsedFilter.field.name;
+    assertSafeIdentifier(fieldName);
+    if (parsedFilter.operator === "eq" || parsedFilter.operator === "ne") {
+      const rawValue = Array.isArray(parsedFilter.rawValue) ? parsedFilter.rawValue[0] : parsedFilter.rawValue;
+      const coercedValue = typeof rawValue === "string" ? coerceFilterValue(rawValue, parsedFilter.field) : rawValue;
+      filterClauses.push(`e.${fieldName} ${parsedFilter.operator === "ne" ? "!=" : "="} $${filterValues.length + 1}`);
+      filterValues.push(coercedValue);
       continue;
-    if (knownFields.has(key)) {
-      assertSafeIdentifier(key);
-      filterClauses.push(`e.${key} = $${filterValues.length + 1}`);
-      filterValues.push(value);
     }
+    const coercedValues = coerceFilterValues(parsedFilter.rawValue, parsedFilter.field);
+    if (coercedValues.length === 0) {
+      res.status(400).json({ error: `Filter "${parsedFilter.rawKey}" requires at least one value` });
+      return;
+    }
+    filterClauses.push(parsedFilter.operator === "nin" ? `NOT (e.${fieldName} = ANY($${filterValues.length + 1}))` : `e.${fieldName} = ANY($${filterValues.length + 1})`);
+    filterValues.push(coercedValues);
+  }
+  for (const [key, value] of Object.entries(req.query)) {
+    if (key === "page" || key === "limit" || key === "status" || key === "sort" || key === "order" || key === "locale" || key === "fallback" || key === "fields" || key === "select" || key === "exclude" || key === "filters" || key.startsWith("filters["))
+      continue;
+    if (knownFields.has(key))
+      continue;
+    if (/_((?:n)?in|ne)$/.test(key))
+      continue;
   }
   const where = filterClauses.length > 0 ? `WHERE ${filterClauses.join(" AND ")}` : "";
   const limitParam = filterValues.length + 1;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@plank-cms/plank",
-  "version": "0.18.0",
+  "version": "0.19.0",
   "description": "Self-hosted headless CMS. Deploy in minutes on your own infrastructure.",
   "type": "module",
   "files": [
@@ -55,9 +55,9 @@
   "devDependencies": {
     "@types/fs-extra": "^11.0.4",
     "tsup": "^8.5.0",
-    "@plank-cms/db": "0.18.0",
-    "@plank-cms/core": "0.18.0",
-    "@plank-cms/schema": "0.18.0"
+    "@plank-cms/core": "0.19.0",
+    "@plank-cms/db": "0.19.0",
+    "@plank-cms/schema": "0.19.0"
   },
   "scripts": {
     "build": "tsup",