@quoin-cms/admin 0.5.0 → 0.6.0

package/index.html

@@ -11,6 +11,7 @@
 			rel="stylesheet"
 		/>
 		<title>Quoin Admin</title>
+		<style id="quoin-theme">/*__QUOIN_THEME__*/</style>
 	</head>
 	<body>
 		<div id="app"></div>

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@quoin-cms/admin",
-  "version": "0.5.0",
+  "version": "0.6.0",
   "private": false,
   "type": "module",
   "files": [

package/src/AdminRoot.svelte

@@ -31,6 +31,7 @@
 	import VersionsListView from './views/VersionsListView.svelte'
 	import VersionDetailView from './views/VersionDetailView.svelte'
 	import GlobalEditView from './views/GlobalEditView.svelte'
+	import AppearanceView from './views/AppearanceView.svelte'
 	import CustomPageView from './views/CustomPageView.svelte'
 	import NotFoundView from './views/NotFoundView.svelte'
 	import { seedBrandingFromConfig, branding } from './lib/stores/branding.svelte.js'
@@ -61,6 +62,7 @@
 		{ pattern: '/:collection/:id/versions' },
 		{ pattern: '/:collection/new' },
 		{ pattern: '/:collection/:id' },
+		{ pattern: '/appearance' },
 		{ pattern: '/:collection' },
 		{ pattern: '/' },
 	]
@@ -89,6 +91,8 @@
 			<CollectionNewView />
 		{:else if /^\/[^/]+\/[^/]+$/.test(path)}
 			<CollectionEditView />
+		{:else if path === '/appearance'}
+			<AppearanceView />
 		{:else if /^\/[^/]+$/.test(path)}
 			<CollectionListView />
 		{:else}

package/src/lib/api/appearance.ts

@@ -0,0 +1,16 @@
+import { get, put } from './client.js'
+import type { ApiResult } from './client.js'
+
+/**
+ * Appearance theme map: CSS-token name (without leading `--`) → value.
+ * e.g. `{ "color-primary": "#0F766E" }`. Super-admin only on the backend.
+ */
+export function getAppearance(): Promise<ApiResult<Record<string, string>>> {
+	return get<Record<string, string>>('/appearance')
+}
+
+export function putAppearance(
+	theme: Record<string, string>
+): Promise<ApiResult<Record<string, string>>> {
+	return put<Record<string, string>>('/appearance', theme)
+}

package/src/lib/components/AdminSidebar.svelte

@@ -12,7 +12,7 @@ import {
 	FileText, LogOut, Settings, PanelLeftClose, PanelLeftOpen, BookOpen,
 	PenLine, Users, FolderTree, Tag, BookCopy, Trophy, Megaphone,
 	Mail, StickyNote, Menu, Image, FolderOpen, Tags,
-	MessageSquare, BarChart3, MousePointerClick, Puzzle, LayoutDashboard, User, type Icon
+	MessageSquare, BarChart3, MousePointerClick, Puzzle, LayoutDashboard, User, Palette, type Icon
 } from 'lucide-svelte'
 import type { Component, ComponentType, SvelteComponent } from 'svelte'
 
@@ -227,6 +227,29 @@ async function handleLogout() {
           </ul>
         </div>
       {/if}
+
+      <!-- Appearance (super-admin only) -->
+      {#if user?.role === 'super-admin'}
+        <div class="mb-5">
+          <p class="mb-2 px-3 text-[10px] font-semibold uppercase tracking-[0.15em] text-sidebar-muted">
+            System
+          </p>
+          <ul class="space-y-0.5">
+            <li>
+              <a
+                href={resolve('/appearance')}
+                class="group flex items-center gap-2.5 rounded-lg px-3 py-2 text-[13px] transition-all duration-150
+                  {isActive(resolve('/appearance'))
+                    ? 'bg-sidebar-accent text-sidebar-accent-foreground font-medium shadow-sm'
+                    : 'text-sidebar-foreground hover:bg-white/[0.04] hover:text-white'}"
+              >
+                <Palette class="h-4 w-4 shrink-0 opacity-60 group-hover:opacity-100 {isActive(resolve('/appearance')) ? 'opacity-100' : ''}" />
+                Appearance
+              </a>
+            </li>
+          </ul>
+        </div>
+      {/if}
     </nav>
 
     <!-- Footer -->

package/src/lib/components/fields/ArrayFieldEditor.svelte

@@ -3,40 +3,46 @@
 
   interface Props {
     field: { name: string; label?: string; labels?: { singular?: string; plural?: string } };
-    value: any[];
-    onChange: (next: any[]) => void;
+    // Two-way bound by FieldWidget (`bind:value`); writes go straight back.
+    value?: any[];
   }
-  let { field, value, onChange }: Props = $props();
+  let { field, value = $bindable([]) }: Props = $props();
 
   const rows = $derived(Array.isArray(value) ? value : []);
   const singular = $derived(field.labels?.singular ?? 'Item');
 
   function genId(): string {
-    return crypto.randomUUID(); // browser UUIDv4 — server Sanitize will upgrade to v7 if absent
+    // randomUUID is only defined in secure contexts; fall back so array
+    // rows can still be added over plain HTTP. Server Sanitize upgrades
+    // a non-UUID id to a v7 on save.
+    return (
+      crypto.randomUUID?.() ??
+      `tmp-${Date.now().toString(36)}-${Math.floor(Math.random() * 1e9).toString(36)}`
+    );
   }
 
   function add() {
-    onChange([...rows, { id: genId() }]);
+    value = [...rows, { id: genId() }];
   }
   function update(i: number, next: any) {
     const out = [...rows];
     out[i] = next;
-    onChange(out);
+    value = out;
   }
   function remove(i: number) {
-    onChange(rows.filter((_, j) => j !== i));
+    value = rows.filter((_, j) => j !== i);
   }
   function moveUp(i: number) {
     if (i === 0) return;
     const out = [...rows];
     [out[i - 1], out[i]] = [out[i], out[i - 1]];
-    onChange(out);
+    value = out;
   }
   function moveDown(i: number) {
     if (i === rows.length - 1) return;
     const out = [...rows];
     [out[i], out[i + 1]] = [out[i + 1], out[i]];
-    onChange(out);
+    value = out;
   }
 </script>
 

package/src/lib/components/fields/BlocksFieldEditor.svelte

@@ -13,43 +13,49 @@
       blocks: BlockDef[]; // resolved (registry pre-merged)
       allowedBlocks?: string[];
     };
-    value: any[];
-    onChange: (next: any[]) => void;
+    // Two-way bound by FieldWidget (`bind:value`); writes go straight back.
+    value?: any[];
   }
-  let { field, value, onChange }: Props = $props();
+  let { field, value = $bindable([]) }: Props = $props();
 
   const rows = $derived(Array.isArray(value) ? value : []);
   let pickerSlug = $state(field.blocks[0]?.slug ?? '');
 
   function genId(): string {
-    return crypto.randomUUID();
+    // randomUUID is only defined in secure contexts; fall back so blocks
+    // can still be added over plain HTTP. Server Sanitize upgrades a
+    // non-UUID id to a v7 on save.
+    return (
+      crypto.randomUUID?.() ??
+      `tmp-${Date.now().toString(36)}-${Math.floor(Math.random() * 1e9).toString(36)}`
+    );
   }
   function defaultsFor(slug: string): Record<string, any> {
     return { id: genId(), blockType: slug };
   }
   function add() {
     if (!pickerSlug) return;
-    onChange([...rows, defaultsFor(pickerSlug)]);
+    value = [...rows, defaultsFor(pickerSlug)];
   }
   function update(i: number, next: any) {
     const out = [...rows];
     out[i] = next;
-    onChange(out);
+    value = out;
   }
   function remove(i: number) {
-    onChange(rows.filter((_, j) => j !== i));
+    value = rows.filter((_, j) => j !== i);
   }
   function moveUp(i: number) {
     if (i === 0) return;
     const out = [...rows];
     [out[i - 1], out[i]] = [out[i], out[i - 1]];
-    onChange(out);
+    value = out;
   }
   function moveDown(i: number) {
     if (i === rows.length - 1) return;
     const out = [...rows];
     [out[i], out[i + 1]] = [out[i + 1], out[i]];
-    onChange(out);
+    value = out;
   }
 </script>
 

package/src/lib/stores/theme.svelte.ts

@@ -0,0 +1,63 @@
+/**
+ * Admin UI theme store.
+ *
+ * The canonical theme is injected server-side into `index.html` at load time
+ * (a `<style id="quoin-theme">` block built from the stored override map), so
+ * the app paints the correct colors before first paint with no flash and no
+ * fetch. This store therefore does NOT load or fetch on view — its job is
+ * only LIVE PREVIEW while a super-admin edits in the Appearance page, plus
+ * reset of those inline overrides.
+ *
+ * Theme tokens are CSS custom properties stored WITHOUT the leading `--`
+ * (e.g. `color-primary` ↔ `--color-primary`). `app.css` (`@theme`) remains the
+ * single source of truth for defaults — no hex is duplicated here.
+ */
+
+/**
+ * The exposed-token list: the single source of which tokens the UI surfaces.
+ * The Appearance page renders one picker per entry. Widening to the full
+ * palette later = appending entries here; no backend or store change.
+ */
+export const THEME_TOKENS: { token: string; label: string }[] = [
+	{ token: 'color-primary', label: 'Primary' },
+	{ token: 'color-accent', label: 'Accent' },
+]
+
+/**
+ * Live-preview a theme map by writing each token as an inline override on
+ * `:root`. Used while editing, before Save. Empty/invalid values are skipped
+ * silently so a blank picker doesn't clobber the injected/default value.
+ */
+export function applyTheme(theme: Record<string, string>): void {
+	for (const [token, value] of Object.entries(theme)) {
+		if (!value || !value.trim()) continue
+		document.documentElement.style.setProperty(`--${token}`, value)
+	}
+}
+
+/**
+ * Remove a single inline override, reverting the token to its
+ * injected/`app.css` value.
+ */
+export function resetToken(token: string): void {
+	document.documentElement.style.removeProperty(`--${token}`)
+}
+
+/**
+ * Remove inline overrides for the given tokens (default: the exposed list),
+ * reverting them to their injected/`app.css` values.
+ */
+export function resetAll(tokens: string[] = THEME_TOKENS.map((t) => t.token)): void {
+	for (const token of tokens) {
+		resetToken(token)
+	}
+}
+
+/**
+ * Read the current effective value of a token from `:root` — already including
+ * any server-injected override. The editor seeds each picker from this, so an
+ * un-set token always equals today's look without hardcoded defaults.
+ */
+export function readCurrent(token: string): string {
+	return getComputedStyle(document.documentElement).getPropertyValue(`--${token}`).trim()
+}

package/src/views/AppearanceView.svelte

@@ -0,0 +1,201 @@
+<script lang="ts">
+/**
+ * Appearance — super-admin theming page.
+ *
+ * Renders one color picker per exposed THEME_TOKENS entry. Editing a token
+ * writes an inline `:root` override for instant live preview (applyTheme) and
+ * marks the token as overridden. Save persists only the overridden tokens via
+ * PUT /api/appearance. Because the canonical theme is injected server-side at
+ * document load, a successful Save shows a persistent reload notice — reloading
+ * re-fetches and applies the new colors across the whole admin UI.
+ */
+
+import { onMount } from 'svelte'
+import { toast } from 'svelte-sonner'
+import { getMe } from '$lib/api/auth.js'
+import { getAppearance, putAppearance } from '$lib/api/appearance.js'
+import { goto, resolve } from '$lib/router/index.svelte.js'
+import {
+	THEME_TOKENS,
+	applyTheme,
+	resetToken,
+	resetAll,
+	readCurrent,
+} from '$lib/stores/theme.svelte.js'
+
+let isLoading = $state(true)
+let isSaving = $state(false)
+let saved = $state(false)
+
+// Per-token editor state, keyed by token name.
+let values = $state<Record<string, string>>({})
+let overridden = $state<Record<string, boolean>>({})
+
+onMount(async () => {
+	// Defense in depth: the sidebar tab is gated and the backend enforces 403,
+	// but a direct URL navigation must still bounce non-super-admins.
+	const me = await getMe()
+	if (!me.ok || me.data.role !== 'super-admin') {
+		goto(resolve('/'))
+		return
+	}
+
+	const result = await getAppearance()
+	const savedMap = result.ok ? result.data : {}
+	if (!result.ok) {
+		toast.error(result.error)
+	}
+
+	for (const { token } of THEME_TOKENS) {
+		values[token] = savedMap[token] ?? readCurrent(token)
+		overridden[token] = token in savedMap
+	}
+
+	isLoading = false
+})
+
+function handleChange(token: string, value: string) {
+	values[token] = value
+	overridden[token] = true
+	saved = false
+	applyTheme({ [token]: value })
+}
+
+function handleResetToken(token: string) {
+	resetToken(token)
+	overridden[token] = false
+	saved = false
+	values[token] = readCurrent(token)
+}
+
+function handleResetAll() {
+	resetAll()
+	saved = false
+	for (const { token } of THEME_TOKENS) {
+		overridden[token] = false
+		values[token] = readCurrent(token)
+	}
+}
+
+async function handleSave() {
+	isSaving = true
+
+	const map: Record<string, string> = {}
+	for (const { token } of THEME_TOKENS) {
+		if (overridden[token]) map[token] = values[token]
+	}
+
+	const result = await putAppearance(map)
+	isSaving = false
+
+	if (result.ok) {
+		saved = true
+		toast.success('Color scheme saved')
+	} else {
+		toast.error(result.error)
+	}
+}
+</script>
+
+{#if isLoading}
+  <div class="flex h-full items-center justify-center">
+    <p class="text-muted-foreground">Loading…</p>
+  </div>
+{:else}
+  <header class="sticky top-0 z-10 border-b border-border bg-background">
+    <div class="flex items-center justify-between px-7 py-3.5">
+      <div class="flex min-w-0 items-center gap-2.5 text-[13px] text-muted-foreground">
+        <span class="font-medium text-foreground">Appearance</span>
+      </div>
+      <button
+        type="button"
+        onclick={handleSave}
+        disabled={isSaving}
+        class="bg-primary px-4 py-2 text-xs font-semibold tracking-wide text-primary-foreground rounded-lg shadow-sm transition-colors hover:bg-primary/90 disabled:opacity-60"
+      >
+        {isSaving ? 'Saving…' : 'Save'}
+      </button>
+    </div>
+
+    <div class="px-7 pb-5 pt-5">
+      <h1 class="font-display text-[28px] font-semibold leading-tight tracking-tight text-foreground">
+        Appearance
+      </h1>
+      <p class="mt-1 text-sm text-muted-foreground">
+        Customize the admin UI brand colors. Changes preview live here and apply across the
+        whole admin UI after a reload.
+      </p>
+    </div>
+  </header>
+
+  <div class="px-7 py-8">
+    <div class="max-w-2xl space-y-6">
+      {#if saved}
+        <div class="flex items-center justify-between gap-4 rounded-lg border border-border bg-secondary px-4 py-3">
+          <p class="text-sm text-foreground">
+            Color scheme saved. Reload to apply it across the admin UI.
+          </p>
+          <button
+            type="button"
+            onclick={() => window.location.reload()}
+            class="shrink-0 rounded-lg bg-primary px-3 py-1.5 text-xs font-semibold tracking-wide text-primary-foreground shadow-sm transition-colors hover:bg-primary/90"
+          >
+            Reload
+          </button>
+        </div>
+      {/if}
+
+      <div class="rounded-lg border border-border bg-card">
+        {#each THEME_TOKENS as { token, label }, i}
+          <div class="flex items-center gap-4 px-5 py-4 {i > 0 ? 'border-t border-border' : ''}">
+            <div class="min-w-0 flex-1">
+              <p class="text-sm font-medium text-foreground">{label}</p>
+              <p class="text-xs text-muted-foreground">
+                {overridden[token] ? 'Custom' : 'Default'}
+              </p>
+            </div>
+            <div class="flex items-center gap-2">
+              <input
+                type="color"
+                value={/^#[0-9a-fA-F]{6}$/.test(values[token]) ? values[token] : '#000000'}
+                oninput={(e) => handleChange(token, (e.target as HTMLInputElement).value)}
+                class="h-10 w-12 cursor-pointer rounded border border-border p-1"
+                aria-label="{label} color"
+              />
+              <input
+                type="text"
+                value={values[token]}
+                oninput={(e) => handleChange(token, (e.target as HTMLInputElement).value)}
+                class="h-10 w-32 rounded-md border border-border bg-background px-3 text-sm font-mono focus:outline-none focus:ring-2 focus:ring-ring"
+                placeholder="#000000"
+                maxlength={7}
+                aria-label="{label} hex value"
+              />
+            </div>
+            <button
+              type="button"
+              onclick={() => handleResetToken(token)}
+              disabled={!overridden[token]}
+              class="shrink-0 rounded-md border border-border px-3 py-2 text-xs font-medium text-foreground transition-colors hover:bg-secondary disabled:opacity-50"
+            >
+              Reset
+            </button>
+          </div>
+        {/each}
+      </div>
+
+      <div class="flex items-center justify-between">
+        <p class="text-xs text-muted-foreground">
+          Colors apply across the admin UI on the next page reload.
+        </p>
+        <button
+          type="button"
+          onclick={handleResetAll}
+          class="rounded-lg border border-border px-3 py-2 text-xs font-medium text-foreground transition-colors hover:bg-secondary"
+        >
+          Reset all to defaults
+        </button>
+      </div>
+    </div>
+  </div>
+{/if}