npm - @plank-cms/plank - Versions diffs - 0.22.0 → 0.23.0 - Mend

@plank-cms/plank 0.22.0 → 0.23.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/admin/assets/{index-dWzhX4Ev.js → index-C86iT0Bf.js} +2 -2
package/dist/admin/index.html +1 -1
package/dist/index.js +3 -3
package/dist/migrations/030_public_author_slug.sql +79 -0
package/dist/migrations/031_public_author_slug_uid_rebuild.sql +82 -0
package/dist/{server-YVELAF42.js → server-M2KTICST.js} +176 -27
package/package.json +4 -4

package/dist/admin/index.html CHANGED Viewed

@@ -12,7 +12,7 @@
       href="https://fonts.googleapis.com/css2?family=Google+Sans:ital,opsz,wght@0,17..18,400..700;1,17..18,400..700&display=swap"
       rel="stylesheet"
     />
-    <script type="module" crossorigin src="/admin/assets/index-dWzhX4Ev.js"></script>
+    <script type="module" crossorigin src="/admin/assets/index-C86iT0Bf.js"></script>
     <link rel="stylesheet" crossorigin href="/admin/assets/index-BSi0iXTe.css">
   </head>
   <body>

package/dist/index.js CHANGED Viewed

@@ -7,7 +7,7 @@ import { randomBytes } from "crypto";
 import { resolve, join } from "path";
 import fs from "fs-extra";
 import { execa } from "execa";
-var PACKAGE_VERSION = "0.22.0";
+var PACKAGE_VERSION = "0.23.0";
 function generateSecret() {
   return randomBytes(32).toString("hex");
 }
@@ -101,7 +101,7 @@ import { dirname, join as join2, resolve as resolve2 } from "path";
 async function start() {
   config({ path: resolve2(process.cwd(), ".env") });
   process.env.PLANK_ADMIN_DIST = join2(dirname(fileURLToPath(import.meta.url)), "admin");
-  const { start: startServer } = await import("./server-YVELAF42.js");
+  const { start: startServer } = await import("./server-M2KTICST.js");
   await startServer();
 }
@@ -135,7 +135,7 @@ async function publishScheduled() {
           `UPDATE ${table_name} SET
             status = 'published',
             published_data = ${snapshotExpr(table_name)},
-            published_at = NOW(),
+            published_at = COALESCE(published_at, NOW()),
             scheduled_for = NULL,
             updated_at = NOW()
           WHERE id = $1`,

package/dist/migrations/030_public_author_slug.sql ADDED Viewed

@@ -0,0 +1,79 @@
+ALTER TABLE plank_users
+  ADD COLUMN IF NOT EXISTS public_author_slug VARCHAR(255);
+DO $$
+DECLARE
+  usr RECORD;
+  base_slug TEXT;
+  next_slug TEXT;
+  suffix_num INTEGER;
+BEGIN
+  FOR usr IN
+    SELECT id, email, first_name, last_name
+    FROM plank_users
+    WHERE public_author_slug IS NULL OR btrim(public_author_slug) = ''
+    ORDER BY created_at, id
+  LOOP
+    base_slug := lower(
+      trim(
+        both '-'
+        FROM regexp_replace(
+          regexp_replace(
+            regexp_replace(
+              coalesce(
+                nullif(trim(concat_ws(' ', usr.first_name, usr.last_name)), ''),
+                nullif(split_part(usr.email, '@', 1), ''),
+                'author'
+              ),
+              '[áàäâãåÁÀÄÂÃÅ]',
+              'a',
+              'g'
+            ),
+            '[éèëêÉÈËÊ]',
+            'e',
+            'g'
+          ),
+          '\s+',
+          '-',
+          'g'
+        )
+      )
+    );
+    base_slug := regexp_replace(base_slug, '[íìïîÍÌÏÎ]', 'i', 'g');
+    base_slug := regexp_replace(base_slug, '[óòöôõÓÒÖÔÕ]', 'o', 'g');
+    base_slug := regexp_replace(base_slug, '[úùüûÚÙÜÛ]', 'u', 'g');
+    base_slug := regexp_replace(base_slug, '[ñÑ]', 'n', 'g');
+    base_slug := regexp_replace(base_slug, '[çÇ]', 'c', 'g');
+    base_slug := regexp_replace(base_slug, '[^a-z0-9-]', '', 'g');
+    base_slug := trim(both '-' FROM base_slug);
+    IF base_slug IS NULL OR base_slug = '' THEN
+      base_slug := 'author';
+    END IF;
+    next_slug := base_slug;
+    suffix_num := 2;
+    WHILE EXISTS (
+      SELECT 1
+      FROM plank_users
+      WHERE public_author_slug = next_slug
+        AND id <> usr.id
+    ) LOOP
+      next_slug := base_slug || '-' || suffix_num;
+      suffix_num := suffix_num + 1;
+    END LOOP;
+    UPDATE plank_users
+    SET public_author_slug = next_slug
+    WHERE id = usr.id;
+  END LOOP;
+END;
+$$;
+ALTER TABLE plank_users
+  ALTER COLUMN public_author_slug SET NOT NULL;
+CREATE UNIQUE INDEX IF NOT EXISTS idx_plank_users_public_author_slug
+  ON plank_users(public_author_slug);

package/dist/migrations/031_public_author_slug_uid_rebuild.sql ADDED Viewed

@@ -0,0 +1,82 @@
+DO $$
+DECLARE
+  usr RECORD;
+  base_slug TEXT;
+  next_slug TEXT;
+  suffix_num INTEGER;
+BEGIN
+  FOR usr IN
+    SELECT id, email, first_name, last_name
+    FROM plank_users
+    ORDER BY created_at, id
+  LOOP
+    base_slug := lower(
+      trim(
+        both '-'
+        FROM regexp_replace(
+          regexp_replace(
+            regexp_replace(
+              coalesce(
+                nullif(trim(concat_ws(' ', usr.first_name, usr.last_name)), ''),
+                nullif(split_part(usr.email, '@', 1), ''),
+                'author'
+              ),
+              '[áàäâãåÁÀÄÂÃÅ]',
+              'a',
+              'g'
+            ),
+            '[éèëêÉÈËÊ]',
+            'e',
+            'g'
+          ),
+          '\s+',
+          '-',
+          'g'
+        )
+      )
+    );
+    base_slug := regexp_replace(base_slug, '[íìïîÍÌÏÎ]', 'i', 'g');
+    base_slug := regexp_replace(base_slug, '[óòöôõÓÒÖÔÕ]', 'o', 'g');
+    base_slug := regexp_replace(base_slug, '[úùüûÚÙÜÛ]', 'u', 'g');
+    base_slug := regexp_replace(base_slug, '[ñÑ]', 'n', 'g');
+    base_slug := regexp_replace(base_slug, '[çÇ]', 'c', 'g');
+    base_slug := regexp_replace(base_slug, '[^a-z0-9-]', '', 'g');
+    base_slug := trim(both '-' FROM base_slug);
+    IF base_slug IS NULL OR base_slug = '' THEN
+      base_slug := 'author';
+    END IF;
+    next_slug := base_slug || '--' || usr.id;
+    UPDATE plank_users
+    SET public_author_slug = next_slug
+    WHERE id = usr.id;
+  END LOOP;
+  FOR usr IN
+    SELECT id, public_author_slug
+    FROM plank_users
+    ORDER BY created_at, id
+  LOOP
+    base_slug := split_part(usr.public_author_slug, '--', 1);
+    next_slug := base_slug;
+    suffix_num := 2;
+    WHILE EXISTS (
+      SELECT 1
+      FROM plank_users
+      WHERE public_author_slug = next_slug
+        AND id <> usr.id
+    ) LOOP
+      next_slug := base_slug || '-' || suffix_num;
+      suffix_num := suffix_num + 1;
+    END LOOP;
+    UPDATE plank_users
+    SET public_author_slug = next_slug
+    WHERE id = usr.id;
+  END LOOP;
+END;
+$$;

package/dist/{server-YVELAF42.js → server-M2KTICST.js} RENAMED Viewed

@@ -2948,7 +2948,20 @@ var ArraySubFieldSchema = z2.object({
 });
 var FieldSchema = z2.object({
   name: z2.string().regex(/^[a-z][a-z0-9_]*$/, "Field name must be lowercase with underscores"),
-  type: z2.enum(["string", "text", "richtext", "number", "boolean", "datetime", "media", "media-gallery", "relation", "uid", "array", "navigation"]),
+  type: z2.enum([
+    "string",
+    "text",
+    "richtext",
+    "number",
+    "boolean",
+    "datetime",
+    "media",
+    "media-gallery",
+    "relation",
+    "uid",
+    "array",
+    "navigation"
+  ]),
   required: z2.boolean().optional(),
   subtype: z2.enum(["integer", "float"]).optional(),
   relationType: z2.enum(["many-to-one", "one-to-one", "one-to-many", "many-to-many"]).optional(),
@@ -2974,6 +2987,9 @@ function isReservedSqlIdentifier(name) {
 }
 function findReservedIdentifierErrors(ct) {
   const errors = [];
+  if (ct.tableName === "authors") {
+    errors.push('Content type slug "authors" is reserved by the public API.');
+  }
   if (isReservedSqlIdentifier(ct.tableName)) {
     errors.push(`Table name "${ct.tableName}" is reserved by SQL. Choose a different content type slug.`);
   }
@@ -3714,7 +3730,7 @@ var patchEntryStatus = async (req, res) => {
       UPDATE ${quotedTableName} SET
         status = 'published',
         published_data = ${buildSnapshotExpr(ct.tableName)},
-        published_at = NOW(),
+        published_at = COALESCE(published_at, NOW()),
         scheduled_for = NULL,
         review_rejected = FALSE,
         updated_at = NOW()
@@ -3867,10 +3883,40 @@ var deleteEntry = async (req, res) => {
 import bcrypt2 from "bcryptjs";
 import { randomBytes as randomBytes6 } from "crypto";
 import { z as z4, flattenError as flattenError4 } from "zod";
+// ../core/dist/lib/publicAuthorSlug.js
+function slugifySegment(value) {
+  return value.normalize("NFD").replace(/[\u0300-\u036f]/g, "").toLowerCase().replace(/\s+/g, "-").replace(/[^a-z0-9-]/g, "").replace(/^-+|-+$/g, "");
+}
+function baseSlugFromUser(input) {
+  const fullName = [input.firstName, input.lastName].map((value) => value?.trim() ?? "").filter(Boolean).join(" ");
+  const base = fullName || input.email.split("@")[0] || "author";
+  return slugifySegment(base) || "author";
+}
+async function resolveUniquePublicAuthorSlug(input, excludeUserId) {
+  const baseSlug = baseSlugFromUser(input);
+  let slug = baseSlug;
+  let suffix = 2;
+  while (true) {
+    const { rows } = await pool_default.query(`SELECT id
+       FROM plank_users
+       WHERE public_author_slug = $1
+         AND ($2::text IS NULL OR id != $2)
+       LIMIT 1`, [slug, excludeUserId ?? null]);
+    if (!rows[0])
+      return slug;
+    slug = `${baseSlug}-${suffix}`;
+    suffix += 1;
+  }
+}
+// ../core/dist/controllers/users.js
 var CreateUserSchema = z4.object({
   email: z4.email(),
   password: z4.string().min(8),
   roleId: z4.string().min(1),
+  firstName: z4.string().trim().min(1).max(100),
+  lastName: z4.string().trim().min(1).max(100),
   enabled: z4.boolean().optional()
 });
 var UpdateUserSchema = z4.object({
@@ -3939,7 +3985,7 @@ async function listUsers(_req, res) {
   res.json(rows);
 }
 async function getMe(req, res) {
-  const { rows } = await pool_default.query(`SELECT u.id, u.email, u.role_id, u.first_name, u.last_name, u.avatar_url,
+  const { rows } = await pool_default.query(`SELECT u.id, u.email, u.role_id, u.first_name, u.last_name, u.public_author_slug, u.avatar_url,
             u.job_title, u.organization, u.country, u.two_factor_enabled, u.enabled, u.created_at,
             r.name AS role_name, r.permissions
      FROM plank_users u
@@ -4018,7 +4064,9 @@ async function disableTwoFactor(req, res) {
     res.status(400).json({ errors: flattenError4(parsed.error, (i2) => i2.message) });
     return;
   }
-  const { rows } = await pool_default.query("SELECT two_factor_enabled, two_factor_secret, password FROM plank_users WHERE id = $1", [req.user.id]);
+  const { rows } = await pool_default.query("SELECT two_factor_enabled, two_factor_secret, password FROM plank_users WHERE id = $1", [
+    req.user.id
+  ]);
   const user = rows[0];
   if (!user) {
     res.status(404).json({ error: "User not found" });
@@ -4056,7 +4104,9 @@ async function regenerateBackupCodes(req, res) {
     res.status(400).json({ errors: flattenError4(parsed.error, (i2) => i2.message) });
     return;
   }
-  const { rows } = await pool_default.query("SELECT two_factor_enabled, two_factor_secret, password FROM plank_users WHERE id = $1", [req.user.id]);
+  const { rows } = await pool_default.query("SELECT two_factor_enabled, two_factor_secret, password FROM plank_users WHERE id = $1", [
+    req.user.id
+  ]);
   const user = rows[0];
   if (!user || !user.two_factor_enabled || !user.two_factor_secret) {
     res.status(400).json({ error: "2FA is not enabled" });
@@ -4067,7 +4117,10 @@ async function regenerateBackupCodes(req, res) {
     res.status(401).json({ error: "Current password is incorrect" });
     return;
   }
-  const totpResult = d3({ token: parsed.data.code, secret: decrypt(user.two_factor_secret) });
+  const totpResult = d3({
+    token: parsed.data.code,
+    secret: decrypt(user.two_factor_secret)
+  });
   if (!totpResult.valid) {
     res.status(401).json({ error: "Invalid verification code" });
     return;
@@ -4082,15 +4135,36 @@ async function updateMe(req, res) {
     return;
   }
   const { firstName, lastName, jobTitle, organization, country } = parsed.data;
+  const { rows: currentRows } = await pool_default.query("SELECT email, first_name, last_name FROM plank_users WHERE id = $1", [req.user.id]);
+  if (!currentRows[0]) {
+    res.status(404).json({ error: "User not found" });
+    return;
+  }
+  const nextFirstName = firstName ?? currentRows[0].first_name;
+  const nextLastName = lastName ?? currentRows[0].last_name;
+  const publicAuthorSlug = await resolveUniquePublicAuthorSlug({
+    email: currentRows[0].email,
+    firstName: nextFirstName,
+    lastName: nextLastName
+  }, req.user.id);
   const { rows } = await pool_default.query(`UPDATE plank_users
      SET first_name   = COALESCE($1, first_name),
          last_name    = COALESCE($2, last_name),
          job_title    = COALESCE($3, job_title),
          organization = COALESCE($4, organization),
-         country      = COALESCE($5, country)
-     WHERE id = $6
-     RETURNING id, email, role_id, first_name, last_name, avatar_url,
-               job_title, organization, country, created_at`, [firstName ?? null, lastName ?? null, jobTitle ?? null, organization ?? null, country ?? null, req.user.id]);
+         country      = COALESCE($5, country),
+         public_author_slug = $6
+     WHERE id = $7
+     RETURNING id, email, role_id, first_name, last_name, public_author_slug, avatar_url,
+               job_title, organization, country, created_at`, [
+    firstName ?? null,
+    lastName ?? null,
+    jobTitle ?? null,
+    organization ?? null,
+    country ?? null,
+    publicAuthorSlug,
+    req.user.id
+  ]);
   if (!rows[0]) {
     res.status(404).json({ error: "User not found" });
     return;
@@ -4136,7 +4210,9 @@ async function confirmAvatar(req, res) {
   res.json({ avatarUrl, user: await resolveAvatarUrl(rows[0]) });
 }
 async function deleteAvatar(req, res) {
-  const { rows } = await pool_default.query("SELECT avatar_url FROM plank_users WHERE id = $1", [req.user.id]);
+  const { rows } = await pool_default.query("SELECT avatar_url FROM plank_users WHERE id = $1", [
+    req.user.id
+  ]);
   const current = rows[0]?.avatar_url;
   if (current && !current.startsWith("http")) {
     const provider = await getProvider();
@@ -4172,7 +4248,7 @@ async function createUser(req, res) {
     res.status(400).json({ errors: flattenError4(parsed.error, (i2) => i2.message) });
     return;
   }
-  const { email, password, roleId, enabled } = parsed.data;
+  const { email, password, roleId, firstName, lastName, enabled } = parsed.data;
   const requesterRoleName = await roleNameById(req.user.roleId);
   const targetRoleName = await roleNameById(roleId);
   if (targetRoleName === "Super Admin" && requesterRoleName !== "Super Admin") {
@@ -4184,8 +4260,19 @@ async function createUser(req, res) {
   const nextEnabled = editorialMode || !isEditorialExclusiveRole ? enabled ?? true : false;
   const hashed = await bcrypt2.hash(password, 12);
   const id = createId();
-  await pool_default.query("INSERT INTO plank_users (id, email, password, role_id, enabled) VALUES ($1, $2, $3, $4, $5)", [id, email, hashed, roleId, nextEnabled]);
-  res.status(201).json({ id, email, roleId, enabled: nextEnabled });
+  const publicAuthorSlug = await resolveUniquePublicAuthorSlug({ email, firstName, lastName });
+  await pool_default.query(`INSERT INTO plank_users
+       (id, email, password, role_id, first_name, last_name, public_author_slug, enabled)
+     VALUES ($1, $2, $3, $4, $5, $6, $7, $8)`, [id, email, hashed, roleId, firstName, lastName, publicAuthorSlug, nextEnabled]);
+  res.status(201).json({
+    id,
+    email,
+    roleId,
+    first_name: firstName,
+    last_name: lastName,
+    public_author_slug: publicAuthorSlug,
+    enabled: nextEnabled
+  });
 }
 async function updateUser(req, res) {
   const parsed = UpdateUserSchema.safeParse(req.body);
@@ -4217,18 +4304,41 @@ async function updateUser(req, res) {
       resolvedEnabled = false;
     }
   }
+  const targetUserId = String(req.params.id);
+  const { rows: currentRows } = await pool_default.query("SELECT email, first_name, last_name FROM plank_users WHERE id = $1", [targetUserId]);
+  if (!currentRows[0]) {
+    res.status(404).json({ error: "User not found" });
+    return;
+  }
+  const nextFirstName = firstName ?? currentRows[0].first_name;
+  const nextLastName = lastName ?? currentRows[0].last_name;
+  const nextEmail = email ?? currentRows[0].email;
+  const publicAuthorSlug = await resolveUniquePublicAuthorSlug({
+    email: nextEmail,
+    firstName: nextFirstName,
+    lastName: nextLastName
+  }, targetUserId);
   const { rows } = await pool_default.query(`UPDATE plank_users
      SET email      = COALESCE($1, email),
          role_id    = COALESCE($2, role_id),
          first_name = COALESCE($3, first_name),
          last_name  = COALESCE($4, last_name),
          enabled    = COALESCE($5, enabled),
+         public_author_slug = $6,
          session_version = CASE
            WHEN $5 IS NOT NULL AND $5 = FALSE AND enabled = TRUE THEN session_version + 1
            ELSE session_version
          END
-     WHERE id = $6
-     RETURNING id, email, role_id, first_name, last_name, enabled, created_at`, [email ?? null, roleId ?? null, firstName ?? null, lastName ?? null, resolvedEnabled ?? null, req.params.id]);
+     WHERE id = $7
+     RETURNING id, email, role_id, first_name, last_name, public_author_slug, enabled, created_at`, [
+    email ?? null,
+    roleId ?? null,
+    firstName ?? null,
+    lastName ?? null,
+    resolvedEnabled ?? null,
+    publicAuthorSlug,
+    req.params.id
+  ]);
   if (!rows[0]) {
     res.status(404).json({ error: "User not found" });
     return;
@@ -5138,6 +5248,23 @@ async function resolveAuthorAvatars(entries) {
     }
   }));
 }
+async function resolvePublicAuthorAvatar(author) {
+  if (!author.avatar_url || author.avatar_url.startsWith("http"))
+    return author;
+  const provider = await getProvider();
+  return { ...author, avatar_url: await provider.getUrl(author.avatar_url) };
+}
+function serializePublicAuthor(row) {
+  return {
+    first_name: row.first_name,
+    last_name: row.last_name,
+    avatar_url: row.avatar_url,
+    job_title: row.job_title,
+    organization: row.organization,
+    country: row.country,
+    slug: row.public_author_slug
+  };
+}
 function serializeEntry(row, ct, statusParam, locale, fallbacks = []) {
   const { published_data, _author_first_name, _author_last_name, _author_avatar_url, _author_job_title, _author_organization, _author_country, _editor_first_name, _editor_last_name, _editor_avatar_url, _editor_job_title, _editor_organization, _editor_country, ...rest } = row;
   const source = statusParam === "published" && published_data ? published_data : rest;
@@ -5188,7 +5315,8 @@ function serializeEntry(row, ct, statusParam, locale, fallbacks = []) {
     avatar_url: _author_avatar_url ?? null,
     job_title: _author_job_title ?? null,
     organization: _author_organization ?? null,
-    country: _author_country ?? null
+    country: _author_country ?? null,
+    slug: row._author_slug ?? null
   } : null;
   out.editor = _editor_first_name || _editor_last_name ? {
     first_name: _editor_first_name ?? null,
@@ -5196,7 +5324,8 @@ function serializeEntry(row, ct, statusParam, locale, fallbacks = []) {
     avatar_url: _editor_avatar_url ?? null,
     job_title: _editor_job_title ?? null,
     organization: _editor_organization ?? null,
-    country: _editor_country ?? null
+    country: _editor_country ?? null,
+    slug: row._editor_slug ?? null
   } : null;
   return out;
 }
@@ -5218,8 +5347,8 @@ var listPublicEntries = async (req, res) => {
     const fallbacks2 = req.query.fallback ? String(req.query.fallback).split(",") : [];
     const statusClause = statusParam2 === "published" || statusParam2 === "draft" ? `WHERE e.status = $1` : "";
     const values = statusClause ? [statusParam2] : [];
-    const { rows: rows2 } = await pool_default.query(`SELECT e.*, u.first_name AS _author_first_name, u.last_name AS _author_last_name, u.avatar_url AS _author_avatar_url, u.job_title AS _author_job_title, u.organization AS _author_organization, u.country AS _author_country,
-              ed.first_name AS _editor_first_name, ed.last_name AS _editor_last_name, ed.avatar_url AS _editor_avatar_url, ed.job_title AS _editor_job_title, ed.organization AS _editor_organization, ed.country AS _editor_country
+    const { rows: rows2 } = await pool_default.query(`SELECT e.*, u.first_name AS _author_first_name, u.last_name AS _author_last_name, u.public_author_slug AS _author_slug, u.avatar_url AS _author_avatar_url, u.job_title AS _author_job_title, u.organization AS _author_organization, u.country AS _author_country,
+              ed.first_name AS _editor_first_name, ed.last_name AS _editor_last_name, ed.public_author_slug AS _editor_slug, ed.avatar_url AS _editor_avatar_url, ed.job_title AS _editor_job_title, ed.organization AS _editor_organization, ed.country AS _editor_country
        FROM ${ct.tableName} e
        LEFT JOIN plank_users u ON u.id = e.created_by
        LEFT JOIN plank_users ed ON ed.id = e.editor_id
@@ -5257,6 +5386,11 @@ var listPublicEntries = async (req, res) => {
     filterClauses.push(`e.status = $${filterValues.length + 1}`);
     filterValues.push(statusParam);
   }
+  const authorSlug = typeof req.query.author === "string" ? req.query.author.trim() : "";
+  if (authorSlug) {
+    filterClauses.push(`u.public_author_slug = $${filterValues.length + 1}`);
+    filterValues.push(authorSlug);
+  }
   const rawSort = String(req.query.sort ?? "created_at");
   const sortField = knownFields.has(rawSort) || systemSortFields.has(rawSort) ? rawSort : "created_at";
   assertSafeIdentifier(sortField);
@@ -5279,8 +5413,8 @@ var listPublicEntries = async (req, res) => {
     filterClauses.push(parsedFilter.operator === "nin" ? `NOT (e.${fieldName} = ANY($${filterValues.length + 1}))` : `e.${fieldName} = ANY($${filterValues.length + 1})`);
     filterValues.push(coercedValues);
   }
-  for (const [key, value] of Object.entries(req.query)) {
-    if (key === "page" || key === "limit" || key === "status" || key === "sort" || key === "order" || key === "locale" || key === "fallback" || key === "fields" || key === "select" || key === "exclude" || key === "filters" || key.startsWith("filters["))
+  for (const [key] of Object.entries(req.query)) {
+    if (key === "page" || key === "limit" || key === "status" || key === "sort" || key === "order" || key === "locale" || key === "fallback" || key === "fields" || key === "select" || key === "exclude" || key === "author" || key === "filters" || key.startsWith("filters["))
       continue;
     if (knownFields.has(key))
       continue;
@@ -5291,13 +5425,16 @@ var listPublicEntries = async (req, res) => {
   const limitParam = filterValues.length + 1;
   const offsetParam = filterValues.length + 2;
   const [{ rows }, { rows: countRows }] = await Promise.all([
-    pool_default.query(`SELECT e.*, u.first_name AS _author_first_name, u.last_name AS _author_last_name, u.avatar_url AS _author_avatar_url, u.job_title AS _author_job_title, u.organization AS _author_organization, u.country AS _author_country,
-              ed.first_name AS _editor_first_name, ed.last_name AS _editor_last_name, ed.avatar_url AS _editor_avatar_url, ed.job_title AS _editor_job_title, ed.organization AS _editor_organization, ed.country AS _editor_country
+    pool_default.query(`SELECT e.*, u.first_name AS _author_first_name, u.last_name AS _author_last_name, u.public_author_slug AS _author_slug, u.avatar_url AS _author_avatar_url, u.job_title AS _author_job_title, u.organization AS _author_organization, u.country AS _author_country,
+              ed.first_name AS _editor_first_name, ed.last_name AS _editor_last_name, ed.public_author_slug AS _editor_slug, ed.avatar_url AS _editor_avatar_url, ed.job_title AS _editor_job_title, ed.organization AS _editor_organization, ed.country AS _editor_country
        FROM ${ct.tableName} e
        LEFT JOIN plank_users u ON u.id = e.created_by
        LEFT JOIN plank_users ed ON ed.id = e.editor_id
        ${where} ORDER BY e.${sortField} ${sortDir} LIMIT $${limitParam} OFFSET $${offsetParam}`, [...filterValues, limit, offset]),
-    pool_default.query(`SELECT COUNT(*) as count FROM ${ct.tableName} e ${where}`, filterValues)
+    pool_default.query(`SELECT COUNT(*) as count
+       FROM ${ct.tableName} e
+       LEFT JOIN plank_users u ON u.id = e.created_by
+       ${where}`, filterValues)
   ]);
   const data = rows.map((row) => serializeEntry(row, ct, statusParam, locale, fallbacks));
   await Promise.all([
@@ -5327,8 +5464,8 @@ var getPublicEntry = async (req, res) => {
   const statusParam = String(req.query.status ?? "published");
   const statusClause = statusParam === "published" || statusParam === "draft" ? ` AND e.status = $2` : "";
   const values = statusClause ? [req.params.id, statusParam] : [req.params.id];
-  const { rows } = await pool_default.query(`SELECT e.*, u.first_name AS _author_first_name, u.last_name AS _author_last_name, u.avatar_url AS _author_avatar_url, u.job_title AS _author_job_title, u.organization AS _author_organization, u.country AS _author_country,
-            ed.first_name AS _editor_first_name, ed.last_name AS _editor_last_name, ed.avatar_url AS _editor_avatar_url, ed.job_title AS _editor_job_title, ed.organization AS _editor_organization, ed.country AS _editor_country
+  const { rows } = await pool_default.query(`SELECT e.*, u.first_name AS _author_first_name, u.last_name AS _author_last_name, u.public_author_slug AS _author_slug, u.avatar_url AS _author_avatar_url, u.job_title AS _author_job_title, u.organization AS _author_organization, u.country AS _author_country,
+            ed.first_name AS _editor_first_name, ed.last_name AS _editor_last_name, ed.public_author_slug AS _editor_slug, ed.avatar_url AS _editor_avatar_url, ed.job_title AS _editor_job_title, ed.organization AS _editor_organization, ed.country AS _editor_country
      FROM ${ct.tableName} e
      LEFT JOIN plank_users u ON u.id = e.created_by
      LEFT JOIN plank_users ed ON ed.id = e.editor_id
@@ -5347,10 +5484,22 @@ var getPublicEntry = async (req, res) => {
   ]);
   res.json(selectEntryFields(entry, ct, selection));
 };
+var getPublicAuthor = async (req, res) => {
+  const { rows } = await pool_default.query(`SELECT public_author_slug, first_name, last_name, avatar_url, job_title, organization, country
+     FROM plank_users
+     WHERE public_author_slug = $1
+     LIMIT 1`, [req.params.slug]);
+  if (!rows[0]) {
+    res.status(404).json({ error: "Not found" });
+    return;
+  }
+  res.json(await resolvePublicAuthorAvatar(serializePublicAuthor(rows[0])));
+};
 // ../core/dist/routes/public.js
 var router3 = Router3();
 router3.use(apiToken);
+router3.get("/authors/:slug", getPublicAuthor);
 router3.get("/:slug", listPublicEntries);
 router3.get("/:slug/:id", getPublicEntry);
 var public_default = router3;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@plank-cms/plank",
-  "version": "0.22.0",
+  "version": "0.23.0",
   "description": "Self-hosted headless CMS. Deploy in minutes on your own infrastructure.",
   "type": "module",
   "files": [
@@ -55,9 +55,9 @@
   "devDependencies": {
     "@types/fs-extra": "^11.0.4",
     "tsup": "^8.5.0",
-    "@plank-cms/db": "0.22.0",
-    "@plank-cms/core": "0.22.0",
-    "@plank-cms/schema": "0.22.0"
+    "@plank-cms/core": "0.23.0",
+    "@plank-cms/schema": "0.23.0",
+    "@plank-cms/db": "0.23.0"
   },
   "scripts": {
     "build": "tsup",