@plank-cms/plank 0.21.3 → 0.23.0

package/dist/{server-CW3GRBTB.js → server-M2KTICST.js}

@@ -2948,7 +2948,20 @@ var ArraySubFieldSchema = z2.object({
 });
 var FieldSchema = z2.object({
   name: z2.string().regex(/^[a-z][a-z0-9_]*$/, "Field name must be lowercase with underscores"),
-  type: z2.enum(["string", "text", "richtext", "number", "boolean", "datetime", "media", "media-gallery", "relation", "uid", "array", "navigation"]),
+  type: z2.enum([
+    "string",
+    "text",
+    "richtext",
+    "number",
+    "boolean",
+    "datetime",
+    "media",
+    "media-gallery",
+    "relation",
+    "uid",
+    "array",
+    "navigation"
+  ]),
   required: z2.boolean().optional(),
   subtype: z2.enum(["integer", "float"]).optional(),
   relationType: z2.enum(["many-to-one", "one-to-one", "one-to-many", "many-to-many"]).optional(),
@@ -2974,6 +2987,9 @@ function isReservedSqlIdentifier(name) {
 }
 function findReservedIdentifierErrors(ct) {
   const errors = [];
+  if (ct.tableName === "authors") {
+    errors.push('Content type slug "authors" is reserved by the public API.');
+  }
   if (isReservedSqlIdentifier(ct.tableName)) {
     errors.push(`Table name "${ct.tableName}" is reserved by SQL. Choose a different content type slug.`);
   }
@@ -3316,8 +3332,10 @@ var listEntries = async (req, res) => {
   const searchFields = rawSearchFields.filter((name) => ct.fields.some((f2) => f2.name === name && textLikeTypes.includes(f2.type)));
   const mainParams = [limit, offset];
   const countParams = [];
+  const statusParams = [];
   const mainClauses = [];
   const countClauses = [];
+  const statusClauses = [];
   const allowedStatuses = ["draft", "published", "scheduled", "pending", "in_review"];
   const statusFilter = req.query.status ? String(req.query.status) : "";
   if (statusFilter && allowedStatuses.includes(statusFilter)) {
@@ -3330,8 +3348,10 @@ var listEntries = async (req, res) => {
     const term = `%${search}%`;
     mainParams.push(term);
     countParams.push(term);
+    statusParams.push(term);
     const mainIdx = mainParams.length;
     const countIdx = countParams.length;
+    const statusIdx = statusParams.length;
     const searchMainConditions = searchFields.map((name) => {
       assertSafeIdentifier(name);
       return `e.${quoteIdentifier(name)}::text ILIKE $${mainIdx}`;
@@ -3339,12 +3359,17 @@ var listEntries = async (req, res) => {
     const searchCountConditions = searchFields.map((name) => {
       return `e.${quoteIdentifier(name)}::text ILIKE $${countIdx}`;
     });
+    const searchStatusConditions = searchFields.map((name) => {
+      return `e.${quoteIdentifier(name)}::text ILIKE $${statusIdx}`;
+    });
     mainClauses.push(`(${searchMainConditions.join(" OR ")})`);
     countClauses.push(`(${searchCountConditions.join(" OR ")})`);
+    statusClauses.push(`(${searchStatusConditions.join(" OR ")})`);
   }
   const mainWhereClause = mainClauses.length > 0 ? `WHERE ${mainClauses.join(" AND ")}` : "";
   const countWhereClause = countClauses.length > 0 ? `WHERE ${countClauses.join(" AND ")}` : "";
-  const [{ rows }, { rows: countRows }] = await Promise.all([
+  const statusWhereClause = statusClauses.length > 0 ? `WHERE ${statusClauses.join(" AND ")}` : "";
+  const [{ rows }, { rows: countRows }, { rows: statusRows }] = await Promise.all([
     pool_default.query(`SELECT e.*, u.first_name AS _author_first_name, u.last_name AS _author_last_name, u.avatar_url AS _author_avatar_url,
               ed.first_name AS _editor_first_name, ed.last_name AS _editor_last_name, ed.avatar_url AS _editor_avatar_url
        FROM ${quotedTableName} e
@@ -3353,7 +3378,11 @@ var listEntries = async (req, res) => {
        ${mainWhereClause}
        ORDER BY e.${quotedSortField} ${sortDir}
        LIMIT $1 OFFSET $2`, mainParams),
-    pool_default.query(`SELECT COUNT(*) as count FROM ${quotedTableName} e ${countWhereClause}`, countParams)
+    pool_default.query(`SELECT COUNT(*) as count FROM ${quotedTableName} e ${countWhereClause}`, countParams),
+    pool_default.query(`SELECT DISTINCT e.status
+       FROM ${quotedTableName} e
+       ${statusWhereClause}
+       ORDER BY e.status`, statusParams)
   ]);
   const provider = await getProvider();
   function entryMatchesLocale(row, locale2) {
@@ -3392,7 +3421,13 @@ var listEntries = async (req, res) => {
     } catch {
     }
   }
-  res.json({ data, total, page, limit });
+  res.json({
+    data,
+    total,
+    page,
+    limit,
+    available_statuses: statusRows.map((row) => row.status).filter((value) => allowedStatuses.includes(value))
+  });
 };
 async function loadManyToManyIds(entryId, tableName, fields) {
   const mmFields = fields.filter((f2) => f2.type === "relation" && (f2.relationType ?? "many-to-one") === "many-to-many");
@@ -3406,6 +3441,28 @@ async function loadManyToManyIds(entryId, tableName, fields) {
   }));
   return result;
 }
+async function loadHydratedEntry(entryId, tableName, fields, locale, fallbacks = []) {
+  const { rows } = await pool_default.query(`SELECT e.*, u.first_name AS _author_first_name, u.last_name AS _author_last_name, u.avatar_url AS _author_avatar_url,
+            ed.first_name AS _editor_first_name, ed.last_name AS _editor_last_name, ed.avatar_url AS _editor_avatar_url
+     FROM ${quoteIdentifier(tableName)} e
+     LEFT JOIN plank_users u ON u.id = e.created_by
+     LEFT JOIN plank_users ed ON ed.id = e.editor_id
+     WHERE e.id = $1`, [entryId]);
+  if (!rows[0])
+    return null;
+  const mmIds = await loadManyToManyIds(entryId, tableName, fields);
+  const provider = await getProvider();
+  const resolved = resolveLocalizedRow(rows[0], { fields }, locale, fallbacks);
+  const authorKey = resolved._author_avatar_url;
+  if (authorKey && !authorKey.startsWith("http")) {
+    resolved._author_avatar_url = await provider.getUrl(authorKey);
+  }
+  const editorKey = resolved._editor_avatar_url;
+  if (editorKey && !editorKey.startsWith("http")) {
+    resolved._editor_avatar_url = await provider.getUrl(editorKey);
+  }
+  return normalizeNavigationFields({ ...resolved, ...mmIds }, fields);
+}
 var getEntry = async (req, res) => {
   const ct = await findContentTypeBySlug(req.params.slug);
   if (!ct) {
@@ -3413,29 +3470,14 @@ var getEntry = async (req, res) => {
     return;
   }
   assertSafeIdentifier(ct.tableName);
-  const quotedTableName = quoteIdentifier(ct.tableName);
-  const { rows } = await pool_default.query(`SELECT e.*, u.first_name AS _author_first_name, u.last_name AS _author_last_name, u.avatar_url AS _author_avatar_url,
-            ed.first_name AS _editor_first_name, ed.last_name AS _editor_last_name, ed.avatar_url AS _editor_avatar_url
-     FROM ${quotedTableName} e
-     LEFT JOIN plank_users u ON u.id = e.created_by
-     LEFT JOIN plank_users ed ON ed.id = e.editor_id
-     WHERE e.id = $1`, [req.params.id]);
-  if (!rows[0]) {
+  const locale = req.query.locale ? String(req.query.locale) : void 0;
+  const fallbacks = req.query.fallback ? String(req.query.fallback).split(",") : [];
+  const entry = await loadHydratedEntry(req.params.id, ct.tableName, ct.fields, locale, fallbacks);
+  if (!entry) {
     res.status(404).json({ error: "Entry not found" });
     return;
   }
-  const locale = req.query.locale ? String(req.query.locale) : void 0;
-  const fallbacks = req.query.fallback ? String(req.query.fallback).split(",") : [];
-  const mmIds = await loadManyToManyIds(req.params.id, ct.tableName, ct.fields);
-  const provider = await getProvider();
-  const resolved = resolveLocalizedRow(rows[0], ct, locale, fallbacks);
-  const key = resolved._author_avatar_url;
-  if (key && !key.startsWith("http"))
-    resolved._author_avatar_url = await provider.getUrl(key);
-  const editorKey = resolved._editor_avatar_url;
-  if (editorKey && !editorKey.startsWith("http"))
-    resolved._editor_avatar_url = await provider.getUrl(editorKey);
-  res.json(normalizeNavigationFields({ ...resolved, ...mmIds }, ct.fields));
+  res.json(entry);
 };
 var createEntry = async (req, res) => {
   const ct = await findContentTypeBySlug(req.params.slug);
@@ -3688,7 +3730,7 @@ var patchEntryStatus = async (req, res) => {
       UPDATE ${quotedTableName} SET
         status = 'published',
         published_data = ${buildSnapshotExpr(ct.tableName)},
-        published_at = NOW(),
+        published_at = COALESCE(published_at, NOW()),
         scheduled_for = NULL,
         review_rejected = FALSE,
         updated_at = NOW()
@@ -3762,7 +3804,7 @@ var patchEntryStatus = async (req, res) => {
     sql = `
       UPDATE ${quotedTableName} SET
         status = 'in_review',
-        editor_id = COALESCE($2, editor_id),
+        editor_id = $2,
         review_locked_by_editor = $3,
         review_rejected = FALSE,
         updated_at = NOW()
@@ -3790,7 +3832,12 @@ var patchEntryStatus = async (req, res) => {
     res.status(404).json({ error: "Entry not found" });
     return;
   }
-  res.json(normalizeNavigationFields(rows[0], ct.fields));
+  const entry = await loadHydratedEntry(req.params.id, ct.tableName, ct.fields);
+  if (!entry) {
+    res.status(404).json({ error: "Entry not found" });
+    return;
+  }
+  res.json(entry);
   const webhookEvent = status === "published" ? "entry.published" : status === "draft" ? "entry.unpublished" : null;
   if (webhookEvent)
     triggerWebhooks(webhookEvent, { content_type: req.params.slug, entry_id: req.params.id });
@@ -3836,10 +3883,40 @@ var deleteEntry = async (req, res) => {
 import bcrypt2 from "bcryptjs";
 import { randomBytes as randomBytes6 } from "crypto";
 import { z as z4, flattenError as flattenError4 } from "zod";
+
+// ../core/dist/lib/publicAuthorSlug.js
+function slugifySegment(value) {
+  return value.normalize("NFD").replace(/[\u0300-\u036f]/g, "").toLowerCase().replace(/\s+/g, "-").replace(/[^a-z0-9-]/g, "").replace(/^-+|-+$/g, "");
+}
+function baseSlugFromUser(input) {
+  const fullName = [input.firstName, input.lastName].map((value) => value?.trim() ?? "").filter(Boolean).join(" ");
+  const base = fullName || input.email.split("@")[0] || "author";
+  return slugifySegment(base) || "author";
+}
+async function resolveUniquePublicAuthorSlug(input, excludeUserId) {
+  const baseSlug = baseSlugFromUser(input);
+  let slug = baseSlug;
+  let suffix = 2;
+  while (true) {
+    const { rows } = await pool_default.query(`SELECT id
+       FROM plank_users
+       WHERE public_author_slug = $1
+         AND ($2::text IS NULL OR id != $2)
+       LIMIT 1`, [slug, excludeUserId ?? null]);
+    if (!rows[0])
+      return slug;
+    slug = `${baseSlug}-${suffix}`;
+    suffix += 1;
+  }
+}
+
+// ../core/dist/controllers/users.js
 var CreateUserSchema = z4.object({
   email: z4.email(),
   password: z4.string().min(8),
   roleId: z4.string().min(1),
+  firstName: z4.string().trim().min(1).max(100),
+  lastName: z4.string().trim().min(1).max(100),
   enabled: z4.boolean().optional()
 });
 var UpdateUserSchema = z4.object({
@@ -3908,7 +3985,7 @@ async function listUsers(_req, res) {
   res.json(rows);
 }
 async function getMe(req, res) {
-  const { rows } = await pool_default.query(`SELECT u.id, u.email, u.role_id, u.first_name, u.last_name, u.avatar_url,
+  const { rows } = await pool_default.query(`SELECT u.id, u.email, u.role_id, u.first_name, u.last_name, u.public_author_slug, u.avatar_url,
             u.job_title, u.organization, u.country, u.two_factor_enabled, u.enabled, u.created_at,
             r.name AS role_name, r.permissions
      FROM plank_users u
@@ -3987,7 +4064,9 @@ async function disableTwoFactor(req, res) {
     res.status(400).json({ errors: flattenError4(parsed.error, (i2) => i2.message) });
     return;
   }
-  const { rows } = await pool_default.query("SELECT two_factor_enabled, two_factor_secret, password FROM plank_users WHERE id = $1", [req.user.id]);
+  const { rows } = await pool_default.query("SELECT two_factor_enabled, two_factor_secret, password FROM plank_users WHERE id = $1", [
+    req.user.id
+  ]);
   const user = rows[0];
   if (!user) {
     res.status(404).json({ error: "User not found" });
@@ -4025,7 +4104,9 @@ async function regenerateBackupCodes(req, res) {
     res.status(400).json({ errors: flattenError4(parsed.error, (i2) => i2.message) });
     return;
   }
-  const { rows } = await pool_default.query("SELECT two_factor_enabled, two_factor_secret, password FROM plank_users WHERE id = $1", [req.user.id]);
+  const { rows } = await pool_default.query("SELECT two_factor_enabled, two_factor_secret, password FROM plank_users WHERE id = $1", [
+    req.user.id
+  ]);
   const user = rows[0];
   if (!user || !user.two_factor_enabled || !user.two_factor_secret) {
     res.status(400).json({ error: "2FA is not enabled" });
@@ -4036,7 +4117,10 @@ async function regenerateBackupCodes(req, res) {
     res.status(401).json({ error: "Current password is incorrect" });
     return;
   }
-  const totpResult = d3({ token: parsed.data.code, secret: decrypt(user.two_factor_secret) });
+  const totpResult = d3({
+    token: parsed.data.code,
+    secret: decrypt(user.two_factor_secret)
+  });
   if (!totpResult.valid) {
     res.status(401).json({ error: "Invalid verification code" });
     return;
@@ -4051,15 +4135,36 @@ async function updateMe(req, res) {
     return;
   }
   const { firstName, lastName, jobTitle, organization, country } = parsed.data;
+  const { rows: currentRows } = await pool_default.query("SELECT email, first_name, last_name FROM plank_users WHERE id = $1", [req.user.id]);
+  if (!currentRows[0]) {
+    res.status(404).json({ error: "User not found" });
+    return;
+  }
+  const nextFirstName = firstName ?? currentRows[0].first_name;
+  const nextLastName = lastName ?? currentRows[0].last_name;
+  const publicAuthorSlug = await resolveUniquePublicAuthorSlug({
+    email: currentRows[0].email,
+    firstName: nextFirstName,
+    lastName: nextLastName
+  }, req.user.id);
   const { rows } = await pool_default.query(`UPDATE plank_users
      SET first_name   = COALESCE($1, first_name),
          last_name    = COALESCE($2, last_name),
          job_title    = COALESCE($3, job_title),
          organization = COALESCE($4, organization),
-         country      = COALESCE($5, country)
-     WHERE id = $6
-     RETURNING id, email, role_id, first_name, last_name, avatar_url,
-               job_title, organization, country, created_at`, [firstName ?? null, lastName ?? null, jobTitle ?? null, organization ?? null, country ?? null, req.user.id]);
+         country      = COALESCE($5, country),
+         public_author_slug = $6
+     WHERE id = $7
+     RETURNING id, email, role_id, first_name, last_name, public_author_slug, avatar_url,
+               job_title, organization, country, created_at`, [
+    firstName ?? null,
+    lastName ?? null,
+    jobTitle ?? null,
+    organization ?? null,
+    country ?? null,
+    publicAuthorSlug,
+    req.user.id
+  ]);
   if (!rows[0]) {
     res.status(404).json({ error: "User not found" });
     return;
@@ -4105,7 +4210,9 @@ async function confirmAvatar(req, res) {
   res.json({ avatarUrl, user: await resolveAvatarUrl(rows[0]) });
 }
 async function deleteAvatar(req, res) {
-  const { rows } = await pool_default.query("SELECT avatar_url FROM plank_users WHERE id = $1", [req.user.id]);
+  const { rows } = await pool_default.query("SELECT avatar_url FROM plank_users WHERE id = $1", [
+    req.user.id
+  ]);
   const current = rows[0]?.avatar_url;
   if (current && !current.startsWith("http")) {
     const provider = await getProvider();
@@ -4141,7 +4248,7 @@ async function createUser(req, res) {
     res.status(400).json({ errors: flattenError4(parsed.error, (i2) => i2.message) });
     return;
   }
-  const { email, password, roleId, enabled } = parsed.data;
+  const { email, password, roleId, firstName, lastName, enabled } = parsed.data;
   const requesterRoleName = await roleNameById(req.user.roleId);
   const targetRoleName = await roleNameById(roleId);
   if (targetRoleName === "Super Admin" && requesterRoleName !== "Super Admin") {
@@ -4153,8 +4260,19 @@ async function createUser(req, res) {
   const nextEnabled = editorialMode || !isEditorialExclusiveRole ? enabled ?? true : false;
   const hashed = await bcrypt2.hash(password, 12);
   const id = createId();
-  await pool_default.query("INSERT INTO plank_users (id, email, password, role_id, enabled) VALUES ($1, $2, $3, $4, $5)", [id, email, hashed, roleId, nextEnabled]);
-  res.status(201).json({ id, email, roleId, enabled: nextEnabled });
+  const publicAuthorSlug = await resolveUniquePublicAuthorSlug({ email, firstName, lastName });
+  await pool_default.query(`INSERT INTO plank_users
+       (id, email, password, role_id, first_name, last_name, public_author_slug, enabled)
+     VALUES ($1, $2, $3, $4, $5, $6, $7, $8)`, [id, email, hashed, roleId, firstName, lastName, publicAuthorSlug, nextEnabled]);
+  res.status(201).json({
+    id,
+    email,
+    roleId,
+    first_name: firstName,
+    last_name: lastName,
+    public_author_slug: publicAuthorSlug,
+    enabled: nextEnabled
+  });
 }
 async function updateUser(req, res) {
   const parsed = UpdateUserSchema.safeParse(req.body);
@@ -4186,18 +4304,41 @@ async function updateUser(req, res) {
       resolvedEnabled = false;
     }
   }
+  const targetUserId = String(req.params.id);
+  const { rows: currentRows } = await pool_default.query("SELECT email, first_name, last_name FROM plank_users WHERE id = $1", [targetUserId]);
+  if (!currentRows[0]) {
+    res.status(404).json({ error: "User not found" });
+    return;
+  }
+  const nextFirstName = firstName ?? currentRows[0].first_name;
+  const nextLastName = lastName ?? currentRows[0].last_name;
+  const nextEmail = email ?? currentRows[0].email;
+  const publicAuthorSlug = await resolveUniquePublicAuthorSlug({
+    email: nextEmail,
+    firstName: nextFirstName,
+    lastName: nextLastName
+  }, targetUserId);
   const { rows } = await pool_default.query(`UPDATE plank_users
      SET email      = COALESCE($1, email),
          role_id    = COALESCE($2, role_id),
          first_name = COALESCE($3, first_name),
          last_name  = COALESCE($4, last_name),
          enabled    = COALESCE($5, enabled),
+         public_author_slug = $6,
          session_version = CASE
            WHEN $5 IS NOT NULL AND $5 = FALSE AND enabled = TRUE THEN session_version + 1
            ELSE session_version
          END
-     WHERE id = $6
-     RETURNING id, email, role_id, first_name, last_name, enabled, created_at`, [email ?? null, roleId ?? null, firstName ?? null, lastName ?? null, resolvedEnabled ?? null, req.params.id]);
+     WHERE id = $7
+     RETURNING id, email, role_id, first_name, last_name, public_author_slug, enabled, created_at`, [
+    email ?? null,
+    roleId ?? null,
+    firstName ?? null,
+    lastName ?? null,
+    resolvedEnabled ?? null,
+    publicAuthorSlug,
+    req.params.id
+  ]);
   if (!rows[0]) {
     res.status(404).json({ error: "User not found" });
     return;
@@ -4638,6 +4779,14 @@ async function getAppModes(req, res) {
   const modes = req.appModes ?? await resolveAppModes();
   res.json(modes);
 }
+async function getClientSettings(_req, res) {
+  const settings = await getSettings("general");
+  res.json({
+    timezone: settings.timezone ?? "UTC",
+    locales: settings.locales ?? '["en"]',
+    default_locale: settings.default_locale ?? "en"
+  });
+}
 async function getEditorialMode(_req, res) {
   const { editorial: enabled } = await resolveAppModes();
   res.json({ enabled });
@@ -4721,6 +4870,7 @@ router2.get("/media/:id/url", authorize("media:read"), getMediaUrl);
 router2.patch("/media/:id", authorize("media:write"), updateMedia);
 router2.delete("/media/:id", authorize("media:delete"), deleteMedia);
 router2.get("/modes", getAppModes);
+router2.get("/client-settings", getClientSettings);
 router2.get("/editorial-mode", getEditorialMode);
 router2.get("/settings/:namespace", authorize("settings:overview:read"), getNamespaceSettings);
 router2.put("/settings/:namespace", authorize("settings:overview:write"), updateNamespaceSettings);
@@ -5098,6 +5248,23 @@ async function resolveAuthorAvatars(entries) {
     }
   }));
 }
+async function resolvePublicAuthorAvatar(author) {
+  if (!author.avatar_url || author.avatar_url.startsWith("http"))
+    return author;
+  const provider = await getProvider();
+  return { ...author, avatar_url: await provider.getUrl(author.avatar_url) };
+}
+function serializePublicAuthor(row) {
+  return {
+    first_name: row.first_name,
+    last_name: row.last_name,
+    avatar_url: row.avatar_url,
+    job_title: row.job_title,
+    organization: row.organization,
+    country: row.country,
+    slug: row.public_author_slug
+  };
+}
 function serializeEntry(row, ct, statusParam, locale, fallbacks = []) {
   const { published_data, _author_first_name, _author_last_name, _author_avatar_url, _author_job_title, _author_organization, _author_country, _editor_first_name, _editor_last_name, _editor_avatar_url, _editor_job_title, _editor_organization, _editor_country, ...rest } = row;
   const source = statusParam === "published" && published_data ? published_data : rest;
@@ -5148,7 +5315,8 @@ function serializeEntry(row, ct, statusParam, locale, fallbacks = []) {
     avatar_url: _author_avatar_url ?? null,
     job_title: _author_job_title ?? null,
     organization: _author_organization ?? null,
-    country: _author_country ?? null
+    country: _author_country ?? null,
+    slug: row._author_slug ?? null
   } : null;
   out.editor = _editor_first_name || _editor_last_name ? {
     first_name: _editor_first_name ?? null,
@@ -5156,7 +5324,8 @@ function serializeEntry(row, ct, statusParam, locale, fallbacks = []) {
     avatar_url: _editor_avatar_url ?? null,
     job_title: _editor_job_title ?? null,
     organization: _editor_organization ?? null,
-    country: _editor_country ?? null
+    country: _editor_country ?? null,
+    slug: row._editor_slug ?? null
   } : null;
   return out;
 }
@@ -5178,8 +5347,8 @@ var listPublicEntries = async (req, res) => {
     const fallbacks2 = req.query.fallback ? String(req.query.fallback).split(",") : [];
     const statusClause = statusParam2 === "published" || statusParam2 === "draft" ? `WHERE e.status = $1` : "";
     const values = statusClause ? [statusParam2] : [];
-    const { rows: rows2 } = await pool_default.query(`SELECT e.*, u.first_name AS _author_first_name, u.last_name AS _author_last_name, u.avatar_url AS _author_avatar_url, u.job_title AS _author_job_title, u.organization AS _author_organization, u.country AS _author_country,
-              ed.first_name AS _editor_first_name, ed.last_name AS _editor_last_name, ed.avatar_url AS _editor_avatar_url, ed.job_title AS _editor_job_title, ed.organization AS _editor_organization, ed.country AS _editor_country
+    const { rows: rows2 } = await pool_default.query(`SELECT e.*, u.first_name AS _author_first_name, u.last_name AS _author_last_name, u.public_author_slug AS _author_slug, u.avatar_url AS _author_avatar_url, u.job_title AS _author_job_title, u.organization AS _author_organization, u.country AS _author_country,
+              ed.first_name AS _editor_first_name, ed.last_name AS _editor_last_name, ed.public_author_slug AS _editor_slug, ed.avatar_url AS _editor_avatar_url, ed.job_title AS _editor_job_title, ed.organization AS _editor_organization, ed.country AS _editor_country
        FROM ${ct.tableName} e
        LEFT JOIN plank_users u ON u.id = e.created_by
        LEFT JOIN plank_users ed ON ed.id = e.editor_id
@@ -5217,6 +5386,11 @@ var listPublicEntries = async (req, res) => {
     filterClauses.push(`e.status = $${filterValues.length + 1}`);
     filterValues.push(statusParam);
   }
+  const authorSlug = typeof req.query.author === "string" ? req.query.author.trim() : "";
+  if (authorSlug) {
+    filterClauses.push(`u.public_author_slug = $${filterValues.length + 1}`);
+    filterValues.push(authorSlug);
+  }
   const rawSort = String(req.query.sort ?? "created_at");
   const sortField = knownFields.has(rawSort) || systemSortFields.has(rawSort) ? rawSort : "created_at";
   assertSafeIdentifier(sortField);
@@ -5239,8 +5413,8 @@ var listPublicEntries = async (req, res) => {
     filterClauses.push(parsedFilter.operator === "nin" ? `NOT (e.${fieldName} = ANY($${filterValues.length + 1}))` : `e.${fieldName} = ANY($${filterValues.length + 1})`);
     filterValues.push(coercedValues);
   }
-  for (const [key, value] of Object.entries(req.query)) {
-    if (key === "page" || key === "limit" || key === "status" || key === "sort" || key === "order" || key === "locale" || key === "fallback" || key === "fields" || key === "select" || key === "exclude" || key === "filters" || key.startsWith("filters["))
+  for (const [key] of Object.entries(req.query)) {
+    if (key === "page" || key === "limit" || key === "status" || key === "sort" || key === "order" || key === "locale" || key === "fallback" || key === "fields" || key === "select" || key === "exclude" || key === "author" || key === "filters" || key.startsWith("filters["))
       continue;
     if (knownFields.has(key))
       continue;
@@ -5251,13 +5425,16 @@ var listPublicEntries = async (req, res) => {
   const limitParam = filterValues.length + 1;
   const offsetParam = filterValues.length + 2;
   const [{ rows }, { rows: countRows }] = await Promise.all([
-    pool_default.query(`SELECT e.*, u.first_name AS _author_first_name, u.last_name AS _author_last_name, u.avatar_url AS _author_avatar_url, u.job_title AS _author_job_title, u.organization AS _author_organization, u.country AS _author_country,
-              ed.first_name AS _editor_first_name, ed.last_name AS _editor_last_name, ed.avatar_url AS _editor_avatar_url, ed.job_title AS _editor_job_title, ed.organization AS _editor_organization, ed.country AS _editor_country
+    pool_default.query(`SELECT e.*, u.first_name AS _author_first_name, u.last_name AS _author_last_name, u.public_author_slug AS _author_slug, u.avatar_url AS _author_avatar_url, u.job_title AS _author_job_title, u.organization AS _author_organization, u.country AS _author_country,
+              ed.first_name AS _editor_first_name, ed.last_name AS _editor_last_name, ed.public_author_slug AS _editor_slug, ed.avatar_url AS _editor_avatar_url, ed.job_title AS _editor_job_title, ed.organization AS _editor_organization, ed.country AS _editor_country
        FROM ${ct.tableName} e
        LEFT JOIN plank_users u ON u.id = e.created_by
        LEFT JOIN plank_users ed ON ed.id = e.editor_id
        ${where} ORDER BY e.${sortField} ${sortDir} LIMIT $${limitParam} OFFSET $${offsetParam}`, [...filterValues, limit, offset]),
-    pool_default.query(`SELECT COUNT(*) as count FROM ${ct.tableName} e ${where}`, filterValues)
+    pool_default.query(`SELECT COUNT(*) as count
+       FROM ${ct.tableName} e
+       LEFT JOIN plank_users u ON u.id = e.created_by
+       ${where}`, filterValues)
   ]);
   const data = rows.map((row) => serializeEntry(row, ct, statusParam, locale, fallbacks));
   await Promise.all([
@@ -5287,8 +5464,8 @@ var getPublicEntry = async (req, res) => {
   const statusParam = String(req.query.status ?? "published");
   const statusClause = statusParam === "published" || statusParam === "draft" ? ` AND e.status = $2` : "";
   const values = statusClause ? [req.params.id, statusParam] : [req.params.id];
-  const { rows } = await pool_default.query(`SELECT e.*, u.first_name AS _author_first_name, u.last_name AS _author_last_name, u.avatar_url AS _author_avatar_url, u.job_title AS _author_job_title, u.organization AS _author_organization, u.country AS _author_country,
-            ed.first_name AS _editor_first_name, ed.last_name AS _editor_last_name, ed.avatar_url AS _editor_avatar_url, ed.job_title AS _editor_job_title, ed.organization AS _editor_organization, ed.country AS _editor_country
+  const { rows } = await pool_default.query(`SELECT e.*, u.first_name AS _author_first_name, u.last_name AS _author_last_name, u.public_author_slug AS _author_slug, u.avatar_url AS _author_avatar_url, u.job_title AS _author_job_title, u.organization AS _author_organization, u.country AS _author_country,
+            ed.first_name AS _editor_first_name, ed.last_name AS _editor_last_name, ed.public_author_slug AS _editor_slug, ed.avatar_url AS _editor_avatar_url, ed.job_title AS _editor_job_title, ed.organization AS _editor_organization, ed.country AS _editor_country
      FROM ${ct.tableName} e
      LEFT JOIN plank_users u ON u.id = e.created_by
      LEFT JOIN plank_users ed ON ed.id = e.editor_id
@@ -5307,10 +5484,22 @@ var getPublicEntry = async (req, res) => {
   ]);
   res.json(selectEntryFields(entry, ct, selection));
 };
+var getPublicAuthor = async (req, res) => {
+  const { rows } = await pool_default.query(`SELECT public_author_slug, first_name, last_name, avatar_url, job_title, organization, country
+     FROM plank_users
+     WHERE public_author_slug = $1
+     LIMIT 1`, [req.params.slug]);
+  if (!rows[0]) {
+    res.status(404).json({ error: "Not found" });
+    return;
+  }
+  res.json(await resolvePublicAuthorAvatar(serializePublicAuthor(rows[0])));
+};
 
 // ../core/dist/routes/public.js
 var router3 = Router3();
 router3.use(apiToken);
+router3.get("/authors/:slug", getPublicAuthor);
 router3.get("/:slug", listPublicEntries);
 router3.get("/:slug/:id", getPublicEntry);
 var public_default = router3;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@plank-cms/plank",
-  "version": "0.21.3",
+  "version": "0.23.0",
   "description": "Self-hosted headless CMS. Deploy in minutes on your own infrastructure.",
   "type": "module",
   "files": [
@@ -55,9 +55,9 @@
   "devDependencies": {
     "@types/fs-extra": "^11.0.4",
     "tsup": "^8.5.0",
-    "@plank-cms/core": "0.21.3",
-    "@plank-cms/db": "0.21.3",
-    "@plank-cms/schema": "0.21.3"
+    "@plank-cms/core": "0.23.0",
+    "@plank-cms/schema": "0.23.0",
+    "@plank-cms/db": "0.23.0"
   },
   "scripts": {
     "build": "tsup",