@setzkasten-cms/astro-admin 0.8.0 → 1.3.0

package/src/api-routes/history-rollback.ts

@@ -0,0 +1,144 @@
+import type { APIRoute } from 'astro'
+import { resolveStorageConfigForRequest } from './_storage-config'
+import { resolveGitHubTokenForRequest } from './_github-token'
+import { parseSession, requireAdmin } from './_auth-guard'
+import { withTrailers } from './_commit-trailers'
+import { invalidateCache } from './_github-cache'
+
+interface RollbackBody {
+  path?: string
+  sha?: string
+  /** Optional ETag-style guard: client sends the SHA they think is HEAD;
+   *  if HEAD has moved, we 409 to prevent stomping live edits. */
+  expectedHeadSha?: string
+}
+
+/**
+ * POST /api/setzkasten/history/rollback
+ *
+ * Body: { path, sha, expectedHeadSha? }
+ *
+ * Restores `path` to the contents from `sha` by writing a new commit
+ * (no `git revert` — JSON content is set wholesale). The original SHA
+ * stays in history so users can roll forward again.
+ *
+ * Conflict semantics: the client passes the SHA they currently render in
+ * the file picker. If the file's HEAD has moved between page-load and the
+ * rollback click, we return 409 with `code: 'head-moved'` so the UI can
+ * tell the user to refresh.
+ *
+ * Admin-only — editors can edit, but rollback is destructive enough to
+ * warrant the audit-log control.
+ */
+export const POST: APIRoute = async ({ request, cookies }) => {
+  const denied = requireAdmin(cookies.get('setzkasten_session')?.value)
+  if (denied) return denied
+
+  const session = parseSession(cookies.get('setzkasten_session')?.value)
+  if (!session) return new Response('Unauthorized', { status: 401 })
+
+  let body: RollbackBody
+  try {
+    body = (await request.json()) as RollbackBody
+  } catch {
+    return Response.json({ error: 'Invalid JSON body' }, { status: 400 })
+  }
+  const { path, sha, expectedHeadSha } = body
+  if (!path || !sha) {
+    return Response.json({ error: 'path and sha are required' }, { status: 400 })
+  }
+
+  const tokenResult = await resolveGitHubTokenForRequest(request)
+  if (!tokenResult.ok) return new Response(tokenResult.error.message, { status: 500 })
+
+  const storage = await resolveStorageConfigForRequest(request)
+  if (!storage) {
+    return Response.json({ error: 'Could not resolve owner/repo' }, { status: 400 })
+  }
+  const { owner, repo, branch } = storage
+
+  const headers = {
+    Authorization: `Bearer ${tokenResult.value}`,
+    Accept: 'application/vnd.github+json',
+    'X-GitHub-Api-Version': '2022-11-28',
+    'Content-Type': 'application/json',
+  }
+
+  // 1. Fetch contents of the file at the target sha
+  const versionRes = await fetch(
+    `https://api.github.com/repos/${owner}/${repo}/contents/${path}?ref=${sha}`,
+    { headers },
+  )
+  if (versionRes.status === 404) {
+    return Response.json(
+      { error: 'File did not exist at the requested sha', code: 'version-not-found' },
+      { status: 404 },
+    )
+  }
+  if (!versionRes.ok) {
+    return Response.json(
+      { error: `Failed to read version: ${versionRes.status}` },
+      { status: 502 },
+    )
+  }
+  const versionData = (await versionRes.json()) as {
+    content: string
+    encoding: string
+  }
+  const targetContent =
+    versionData.encoding === 'base64'
+      ? Buffer.from(versionData.content, 'base64').toString('utf-8')
+      : versionData.content
+
+  // 2. Fetch current HEAD SHA of the file (for conflict detection + PUT sha param)
+  const headRes = await fetch(
+    `https://api.github.com/repos/${owner}/${repo}/contents/${path}?ref=${branch}`,
+    { headers },
+  )
+  let currentSha: string | null = null
+  if (headRes.ok) {
+    const data = (await headRes.json()) as { sha: string }
+    currentSha = data.sha
+  }
+
+  if (expectedHeadSha && currentSha && expectedHeadSha !== currentSha) {
+    return Response.json(
+      {
+        error: 'Datei wurde inzwischen geändert. Bitte den Verlauf neu laden.',
+        code: 'head-moved',
+      },
+      { status: 409 },
+    )
+  }
+
+  // 3. Write new commit with the historical content
+  const shortSha = sha.slice(0, 7)
+  const fileName = path.split('/').pop() ?? path
+  const message = withTrailers(
+    `revert(${fileName}): rollback to ${shortSha}`,
+    session.user.email,
+  )
+
+  const putBody: Record<string, unknown> = {
+    message,
+    content: Buffer.from(targetContent).toString('base64'),
+    branch,
+  }
+  if (currentSha) putBody.sha = currentSha
+
+  const putRes = await fetch(
+    `https://api.github.com/repos/${owner}/${repo}/contents/${path}`,
+    { method: 'PUT', headers, body: JSON.stringify(putBody) },
+  )
+
+  if (!putRes.ok) {
+    const text = await putRes.text()
+    return Response.json({ error: `Rollback write failed: ${text}` }, { status: 502 })
+  }
+
+  // Invalidate history cache for this path — fresh commit shows up in lists.
+  invalidateCache(`history:${owner}/${repo}:${branch}:${path}:head`)
+
+  const putData = (await putRes.json()) as { commit: { sha: string } }
+  return Response.json({ ok: true, commitSha: putData.commit.sha })
+}

package/src/api-routes/history-version.ts

@@ -0,0 +1,57 @@
+import type { APIRoute } from 'astro'
+import { resolveStorageConfigForRequest } from './_storage-config'
+import { resolveGitHubTokenForRequest } from './_github-token'
+import { requireAdmin } from './_auth-guard'
+import { cachedFetch } from './_github-cache'
+
+/**
+ * GET /api/setzkasten/history/version?path=<file>&sha=<commit-sha>
+ *
+ * Returns the file content at a specific commit (for diff rendering).
+ * Cached per (path, sha) for 5 minutes — historical content is immutable.
+ */
+export const GET: APIRoute = async ({ request, url, cookies }) => {
+  const denied = requireAdmin(cookies.get('setzkasten_session')?.value)
+  if (denied) return denied
+
+  const path = url.searchParams.get('path')
+  const sha = url.searchParams.get('sha')
+  if (!path || !sha) {
+    return Response.json({ error: 'Missing required `path` or `sha`.' }, { status: 400 })
+  }
+
+  const tokenResult = await resolveGitHubTokenForRequest(request)
+  if (!tokenResult.ok) return new Response(tokenResult.error.message, { status: 500 })
+
+  const storage = await resolveStorageConfigForRequest(request)
+  if (!storage) {
+    return Response.json({ error: 'Could not resolve owner/repo' }, { status: 400 })
+  }
+  const { owner, repo } = storage
+
+  const cacheKey = `history-version:${owner}/${repo}:${path}:${sha}`
+  const result = await cachedFetch(cacheKey, 5 * 60_000, async () => {
+    const u = new URL(
+      `https://api.github.com/repos/${owner}/${repo}/contents/${path}`,
+    )
+    u.searchParams.set('ref', sha)
+    const res = await fetch(u, {
+      headers: {
+        Authorization: `Bearer ${tokenResult.value}`,
+        Accept: 'application/vnd.github+json',
+        'X-GitHub-Api-Version': '2022-11-28',
+      },
+    })
+    if (res.status === 404) return { ok: false as const, status: 404, error: 'File not found at given sha' }
+    if (!res.ok) return { ok: false as const, status: 502, error: `GitHub returned ${res.status}` }
+    const data = (await res.json()) as { content: string; encoding: string; sha: string }
+    const raw =
+      data.encoding === 'base64'
+        ? Buffer.from(data.content, 'base64').toString('utf-8')
+        : data.content
+    return { ok: true as const, value: { content: raw, sha: data.sha } }
+  })
+
+  if (!result.ok) return Response.json({ error: result.error }, { status: result.status })
+  return Response.json(result.value)
+}

package/src/api-routes/history.ts

@@ -0,0 +1,119 @@
+import type { APIRoute } from 'astro'
+import { resolveStorageConfigForRequest } from './_storage-config'
+import { resolveGitHubTokenForRequest } from './_github-token'
+import { requireAdmin } from './_auth-guard'
+import { parseCoAuthorTrailers, type CommitInfo } from '@setzkasten-cms/core'
+import { cachedFetch } from './_github-cache'
+
+/**
+ * GET /api/setzkasten/history?path=<contentPath>&before=<sha>
+ *
+ * Returns up to 5 most recent commits affecting the given file. Pagination
+ * via `before=<sha>` returns 10 more older commits — clients call this on
+ * "Mehr laden". Admin-only — editors can read content but not the audit
+ * trail (and certainly not roll back).
+ */
+export const GET: APIRoute = async ({ request, url, cookies }) => {
+  const denied = requireAdmin(cookies.get('setzkasten_session')?.value)
+  if (denied) return denied
+
+  const path = url.searchParams.get('path')
+  const before = url.searchParams.get('before')
+  if (!path) {
+    return Response.json({ error: 'Missing required `path` parameter.' }, { status: 400 })
+  }
+
+  const tokenResult = await resolveGitHubTokenForRequest(request)
+  if (!tokenResult.ok) return new Response(tokenResult.error.message, { status: 500 })
+
+  const storage = await resolveStorageConfigForRequest(request)
+  if (!storage) {
+    return Response.json({ error: 'Could not resolve owner/repo' }, { status: 400 })
+  }
+  const { owner, repo, branch } = storage
+  const perPage = before ? 10 : 5
+
+  // Cache history per (path, before) for 60s — invalidated by rollback.
+  const cacheKey = `history:${owner}/${repo}:${branch}:${path}:${before ?? 'head'}`
+  const commits = await cachedFetch(cacheKey, 60_000, () =>
+    fetchCommits(owner, repo, branch, path, perPage, before, tokenResult.value),
+  )
+
+  if (!commits.ok) {
+    return Response.json({ error: commits.error }, { status: commits.status })
+  }
+  return Response.json({ commits: commits.value })
+}
+
+interface CommitsListSuccess {
+  ok: true
+  value: readonly CommitInfo[]
+}
+interface CommitsListFailure {
+  ok: false
+  status: number
+  error: string
+}
+type CommitsResult = CommitsListSuccess | CommitsListFailure
+
+async function fetchCommits(
+  owner: string,
+  repo: string,
+  branch: string,
+  path: string,
+  perPage: number,
+  before: string | null,
+  token: string,
+): Promise<CommitsResult> {
+  // GitHub paginates by `?sha=<commit>` — passing `before` as `sha` gets
+  // commits older than (and including) that SHA. We start one before
+  // requested SHA so the same commit doesn't appear twice. The simplest
+  // way: pass sha=<before>, request perPage+1, and skip the first.
+  const sha = before ?? branch
+  const u = new URL(`https://api.github.com/repos/${owner}/${repo}/commits`)
+  u.searchParams.set('path', path)
+  u.searchParams.set('sha', sha)
+  u.searchParams.set('per_page', String(before ? perPage + 1 : perPage))
+
+  const res = await fetch(u, {
+    headers: {
+      Authorization: `Bearer ${token}`,
+      Accept: 'application/vnd.github+json',
+      'X-GitHub-Api-Version': '2022-11-28',
+    },
+  })
+
+  if (res.status === 404) return { ok: true, value: [] }
+  if (!res.ok) {
+    return { ok: false, status: 502, error: `GitHub returned ${res.status}` }
+  }
+
+  const data = (await res.json()) as Array<{
+    sha: string
+    commit: {
+      author: { name: string; email: string; date: string }
+      message: string
+    }
+    author: { avatar_url?: string } | null
+  }>
+
+  // Skip first if we paginated (the `before` SHA itself).
+  const start = before ? 1 : 0
+  const slice = data.slice(start, start + perPage)
+  const commits: CommitInfo[] = slice.map((c) => {
+    const [firstLine, ...rest] = c.commit.message.split('\n')
+    const body = rest.join('\n')
+    return {
+      sha: c.sha,
+      shortSha: c.sha.slice(0, 7),
+      authoredAt: c.commit.author.date,
+      authorName: c.commit.author.name,
+      authorEmail: c.commit.author.email,
+      authorAvatarUrl: c.author?.avatar_url,
+      coAuthors: parseCoAuthorTrailers(body),
+      message: firstLine ?? '',
+      body,
+    }
+  })
+  return { ok: true, value: commits }
+}

package/src/api-routes/init-add-section.ts

@@ -1,10 +1,11 @@
 import type { APIRoute } from 'astro'
 import type { InferredSection } from '@setzkasten-cms/core/init'
 import { addSectionToConfig } from '@setzkasten-cms/core/init'
-import { resolveStorageConfig, prefixPath } from './_storage-config'
+import { prefixPath, resolveStorageConfigForRequest } from './_storage-config'
 import { patchTemplateForFields, stripTemplateFallbacks } from '../init/template-patcher-v2'
 import type { RepeatedGroup } from '../init/analyzer-types'
 import { withTrailers } from './_commit-trailers'
+import { resolveGitHubTokenForRequest } from './_github-token'
 
 /**
  * POST /api/setzkasten/init/add-section
@@ -21,10 +22,11 @@ export const POST: APIRoute = async ({ request, cookies }) => {
     return new Response('Unauthorized', { status: 401 })
   }
 
-  const githubToken = import.meta.env.GITHUB_TOKEN ?? process.env.GITHUB_TOKEN
-  if (!githubToken) {
-    return new Response('GitHub token not configured', { status: 500 })
+  const tokenResult = await resolveGitHubTokenForRequest(request)
+  if (!tokenResult.ok) {
+    return new Response(tokenResult.error.message, { status: 500 })
   }
+  const githubToken = tokenResult.value
 
   try {
     const body = await request.json() as {
@@ -38,7 +40,7 @@ export const POST: APIRoute = async ({ request, cookies }) => {
       contentPath?: string
     }
 
-    const storage = resolveStorageConfig(body)
+    const storage = await resolveStorageConfigForRequest(request, body)
     if (!storage) {
       return Response.json({ error: 'Could not resolve owner/repo. Set SETZKASTEN_OWNER and SETZKASTEN_REPO env vars.' }, { status: 400 })
     }
@@ -292,6 +294,12 @@ export const POST: APIRoute = async ({ request, cookies }) => {
       return Response.json({ error: commitResult.error }, { status: 500 })
     }
 
+    const { recordPageEdit } = await import('./_pages-meta-store.js')
+    await recordPageEdit(
+      { owner, repo, branch, contentPath, token: tokenResult.value },
+      pageKey,
+    ).catch(() => {})
+
     return Response.json({
       success: true,
       commitSha: commitResult.sha,

package/src/api-routes/init-apply.ts

@@ -3,6 +3,7 @@ import { generateConfigFile, type InferredSection, type ConfigGeneratorInput } f
 import { patchAstroConfig } from '../init/astro-config-patcher'
 import { patchTemplateForFields } from '../init/template-patcher-v2'
 import { withTrailers } from './_commit-trailers'
+import { resolveGitHubTokenForRequest } from './_github-token'
 
 interface ApplyRequest {
   owner: string
@@ -36,10 +37,11 @@ export const POST: APIRoute = async ({ request, cookies }) => {
     return new Response('Unauthorized', { status: 401 })
   }
 
-  const githubToken = import.meta.env.GITHUB_TOKEN ?? process.env.GITHUB_TOKEN
-  if (!githubToken) {
-    return new Response('GitHub token not configured', { status: 500 })
+  const tokenResult = await resolveGitHubTokenForRequest(request)
+  if (!tokenResult.ok) {
+    return new Response(tokenResult.error.message, { status: 500 })
   }
+  const githubToken = tokenResult.value
 
   try {
     const body = await request.json() as ApplyRequest

package/src/api-routes/init-migrate.ts

@@ -1,8 +1,9 @@
 import type { APIRoute } from 'astro'
 import type { SetzKastenConfig } from '@setzkasten-cms/core'
-import { resolveStorageConfig, prefixPath } from './_storage-config'
+import { prefixPath, resolveStorageConfigForRequest } from './_storage-config'
 import { patchTemplateForFields } from '../init/template-patcher-v2'
 import { withTrailers } from './_commit-trailers'
+import { resolveGitHubTokenForRequest } from './_github-token'
 
 /**
  * POST /api/setzkasten/init/migrate
@@ -21,10 +22,11 @@ export const POST: APIRoute = async ({ request, cookies }) => {
     return new Response('Unauthorized', { status: 401 })
   }
 
-  const githubToken = import.meta.env.GITHUB_TOKEN ?? process.env.GITHUB_TOKEN
-  if (!githubToken) {
-    return new Response('GitHub token not configured', { status: 500 })
+  const tokenResult = await resolveGitHubTokenForRequest(request)
+  if (!tokenResult.ok) {
+    return new Response(tokenResult.error.message, { status: 500 })
   }
+  const githubToken = tokenResult.value
 
   try {
     const body = await request.json() as {
@@ -35,7 +37,7 @@ export const POST: APIRoute = async ({ request, cookies }) => {
       componentPath?: string
     }
 
-    const storage = resolveStorageConfig(body)
+    const storage = await resolveStorageConfigForRequest(request, body)
     if (!storage) {
       return Response.json({ error: 'Could not resolve owner/repo. Set SETZKASTEN_OWNER and SETZKASTEN_REPO env vars.' }, { status: 400 })
     }

package/src/api-routes/init-scan-page.ts

@@ -1,9 +1,28 @@
 import type { APIRoute } from 'astro'
 import type { SetzKastenConfig } from '@setzkasten-cms/core'
-import { resolveStorageConfig, prefixPath } from './_storage-config'
+import { prefixPath, resolveStorageConfigForRequest } from './_storage-config'
 import { extractSectionImports, extractLayoutImport } from '../init/astro-detector'
 import { analyzeAstroSection } from '../init/astro-section-analyzer-v2'
 import type { RepoFile } from '@setzkasten-cms/core/init'
+import { resolveGitHubTokenForRequest } from './_github-token'
+
+// Build-time constant injected by the Vite define plugin — always available in
+// compiled API routes (unlike page-ssr injectScript which only runs for SSR pages).
+declare const __SETZKASTEN_FULL_CONFIG__: SetzKastenConfig | null | undefined
+
+/**
+ * Resolves the full Setzkasten config.
+ * Reads the Vite build-time constant first; falls back to globalThis for
+ * local dev / test environments where the define is not applied.
+ *
+ * Without the build-time fallback, cold-start Vercel function invocations of
+ * this API route see managedSections={} and offer every adopted section
+ * (including _layout_header / _layout_footer) for re-adoption.
+ */
+export function resolveFullConfig(): SetzKastenConfig | undefined {
+  const buildConfig = typeof __SETZKASTEN_FULL_CONFIG__ !== 'undefined' ? __SETZKASTEN_FULL_CONFIG__ : null
+  return (buildConfig ?? (globalThis as any).__SETZKASTEN_FULL_CONFIG__) as SetzKastenConfig | undefined
+}
 
 /**
  * POST /api/setzkasten/init/scan-page
@@ -21,10 +40,11 @@ export const POST: APIRoute = async ({ request, cookies }) => {
     return new Response('Unauthorized', { status: 401 })
   }
 
-  const githubToken = import.meta.env.GITHUB_TOKEN ?? process.env.GITHUB_TOKEN
-  if (!githubToken) {
-    return new Response('GitHub token not configured', { status: 500 })
+  const tokenResult = await resolveGitHubTokenForRequest(request)
+  if (!tokenResult.ok) {
+    return new Response(tokenResult.error.message, { status: 500 })
   }
+  const githubToken = tokenResult.value
 
   try {
     const body = await request.json() as {
@@ -35,7 +55,7 @@ export const POST: APIRoute = async ({ request, cookies }) => {
       projectRoot?: string
     }
 
-    const storage = resolveStorageConfig(body)
+    const storage = await resolveStorageConfigForRequest(request, body)
     if (!storage) {
       return Response.json({ error: 'Could not resolve owner/repo. Set SETZKASTEN_OWNER and SETZKASTEN_REPO env vars.' }, { status: 400 })
     }
@@ -47,7 +67,7 @@ export const POST: APIRoute = async ({ request, cookies }) => {
     }
 
     // Get current schema to know which sections are already managed + their fields
-    const config = (globalThis as any).__SETZKASTEN_FULL_CONFIG__ as SetzKastenConfig | undefined
+    const config = resolveFullConfig()
     const managedSections = new Map<string, Set<string>>() // key → field keys
     if (config) {
       for (const product of Object.values(config.products)) {

package/src/api-routes/init-scan.ts

@@ -2,6 +2,7 @@ import type { APIRoute } from 'astro'
 import { analyzeProject, type RepoFile } from '@setzkasten-cms/core/init'
 import { findAstroPages, extractSectionImports } from '../init/astro-detector'
 import { analyzeAstroSection } from '../init/astro-section-analyzer-v2'
+import { resolveGitHubTokenForRequest } from './_github-token'
 
 /**
  * POST /api/setzkasten/init/scan
@@ -16,10 +17,11 @@ export const POST: APIRoute = async ({ request, cookies }) => {
     return new Response('Unauthorized', { status: 401 })
   }
 
-  const githubToken = import.meta.env.GITHUB_TOKEN ?? process.env.GITHUB_TOKEN
-  if (!githubToken) {
-    return new Response('GitHub token not configured', { status: 500 })
+  const tokenResult = await resolveGitHubTokenForRequest(request)
+  if (!tokenResult.ok) {
+    return new Response(tokenResult.error.message, { status: 500 })
   }
+  const githubToken = tokenResult.value
 
   try {
     const body = await request.json() as { owner: string; repo: string; branch?: string }