@structcms/api 0.1.0 → 0.1.1

package/dist/next/index.js

@@ -1,9 +1,20 @@
 // src/media/resolve.ts
 var UUID_PATTERN = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
-var MEDIA_FIELD_SUFFIXES = ["_image", "_media", "_photo", "_thumbnail", "_avatar", "_icon"];
+var MEDIA_FIELD_SUFFIXES = [
+  "_image",
+  "_media",
+  "_photo",
+  "_thumbnail",
+  "_avatar",
+  "_icon",
+  "_file",
+  "_document",
+  "_attachment",
+  "_download"
+];
 function isMediaField(fieldName) {
   const lower = fieldName.toLowerCase();
-  if (lower === "image" || lower === "media" || lower === "photo" || lower === "thumbnail" || lower === "avatar" || lower === "icon") {
+  if (lower === "image" || lower === "media" || lower === "photo" || lower === "thumbnail" || lower === "avatar" || lower === "icon" || lower === "file" || lower === "document" || lower === "attachment" || lower === "download") {
     return true;
   }
   return MEDIA_FIELD_SUFFIXES.some((suffix) => lower.endsWith(suffix));
@@ -74,6 +85,7 @@ async function handleGetPageBySlug(adapter, mediaAdapter, slug) {
 }
 
 // src/media/types.ts
+var MAX_FILE_SIZE = 50 * 1024 * 1024;
 var ALLOWED_MIME_TYPES = [
   "image/jpeg",
   "image/png",
@@ -81,6 +93,23 @@ var ALLOWED_MIME_TYPES = [
   "image/webp",
   "image/svg+xml"
 ];
+var ALLOWED_DOCUMENT_MIME_TYPES = [
+  "application/pdf",
+  "application/msword",
+  "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
+  "application/vnd.ms-excel",
+  "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
+  "application/vnd.ms-powerpoint",
+  "application/vnd.openxmlformats-officedocument.presentationml.presentation",
+  "text/plain",
+  "text/csv",
+  "application/zip",
+  "application/gzip"
+];
+var ALL_ALLOWED_MIME_TYPES = [
+  ...ALLOWED_MIME_TYPES,
+  ...ALLOWED_DOCUMENT_MIME_TYPES
+];
 
 // src/media/handlers.ts
 var MediaValidationError = class extends Error {
@@ -91,16 +120,25 @@ var MediaValidationError = class extends Error {
   }
 };
 function validateMimeType(mimeType) {
-  const allowed = ALLOWED_MIME_TYPES;
+  const allowed = ALL_ALLOWED_MIME_TYPES;
   if (!allowed.includes(mimeType)) {
     throw new MediaValidationError(
-      `Invalid file type: ${mimeType}. Allowed types: ${ALLOWED_MIME_TYPES.join(", ")}`,
+      `Invalid file type: ${mimeType}. Allowed types: ${ALL_ALLOWED_MIME_TYPES.join(", ")}`,
       "INVALID_MIME_TYPE"
     );
   }
 }
+function validateFileSize(size) {
+  if (size > MAX_FILE_SIZE) {
+    throw new MediaValidationError(
+      `File size exceeds maximum allowed size of ${MAX_FILE_SIZE / 1024 / 1024}MB`,
+      "FILE_TOO_LARGE"
+    );
+  }
+}
 async function handleUploadMedia(adapter, input) {
   validateMimeType(input.mimeType);
+  validateFileSize(input.size);
   return adapter.upload(input);
 }
 async function handleGetMedia(adapter, id) {
@@ -147,6 +185,12 @@ var SANITIZE_OPTIONS = {
 function sanitizeString(value) {
   return sanitizeHtml(value, SANITIZE_OPTIONS);
 }
+function stripTags(value) {
+  return sanitizeHtml(value, {
+    allowedTags: [],
+    allowedAttributes: {}
+  });
+}
 function sanitizeValue(value) {
   if (typeof value === "string") {
     return sanitizeString(value);
@@ -213,10 +257,11 @@ var StorageValidationError = class extends Error {
   }
 };
 async function handleCreatePage(adapter, input) {
-  if (!input.title.trim()) {
+  const sanitizedTitle = stripTags(input.title).trim();
+  if (!sanitizedTitle) {
     throw new StorageValidationError("Page title must not be empty", "EMPTY_TITLE");
   }
-  const slug = input.slug?.trim() || generateSlug(input.title);
+  const slug = input.slug?.trim() || generateSlug(sanitizedTitle);
   if (!slug) {
     throw new StorageValidationError(
       "Could not generate a valid slug from the provided title",
@@ -229,6 +274,7 @@ async function handleCreatePage(adapter, input) {
   const sanitizedSections = input.sections ? sanitizeSectionData(input.sections) : void 0;
   return adapter.createPage({
     ...input,
+    title: sanitizedTitle,
     slug: uniqueSlug,
     sections: sanitizedSections
   });
@@ -237,8 +283,12 @@ async function handleUpdatePage(adapter, input) {
   if (!input.id.trim()) {
     throw new StorageValidationError("Page ID must not be empty", "EMPTY_ID");
   }
-  if (input.title !== void 0 && !input.title.trim()) {
-    throw new StorageValidationError("Page title must not be empty", "EMPTY_TITLE");
+  let sanitizedTitle;
+  if (input.title !== void 0) {
+    sanitizedTitle = stripTags(input.title).trim();
+    if (!sanitizedTitle) {
+      throw new StorageValidationError("Page title must not be empty", "EMPTY_TITLE");
+    }
   }
   if (input.slug !== void 0) {
     const slug = input.slug.trim();
@@ -251,7 +301,11 @@ async function handleUpdatePage(adapter, input) {
       throw new StorageValidationError(`Slug "${slug}" is already in use`, "DUPLICATE_SLUG");
     }
   }
-  const sanitizedInput = input.sections ? { ...input, sections: sanitizeSectionData(input.sections) } : input;
+  const sanitizedInput = {
+    ...input,
+    ...sanitizedTitle !== void 0 && { title: sanitizedTitle },
+    ...input.sections && { sections: sanitizeSectionData(input.sections) }
+  };
   return adapter.updatePage(sanitizedInput);
 }
 async function handleDeletePage(adapter, id) {
@@ -261,38 +315,46 @@ async function handleDeletePage(adapter, id) {
   return adapter.deletePage(id);
 }
 async function handleCreateNavigation(adapter, input) {
-  if (!input.name.trim()) {
+  const sanitizedName = stripTags(input.name).trim();
+  if (!sanitizedName) {
     throw new StorageValidationError("Navigation name must not be empty", "EMPTY_NAME");
   }
   const existingNavigations = await adapter.listNavigations();
   const existingNames = existingNavigations.map((n) => n.name);
-  if (existingNames.includes(input.name.trim())) {
+  if (existingNames.includes(sanitizedName)) {
     throw new StorageValidationError(
-      `Navigation name "${input.name.trim()}" is already in use`,
+      `Navigation name "${sanitizedName}" is already in use`,
       "DUPLICATE_NAME"
     );
   }
-  return adapter.createNavigation(input);
+  return adapter.createNavigation({
+    ...input,
+    name: sanitizedName
+  });
 }
 async function handleUpdateNavigation(adapter, input) {
   if (!input.id.trim()) {
     throw new StorageValidationError("Navigation ID must not be empty", "EMPTY_ID");
   }
+  let sanitizedName;
   if (input.name !== void 0) {
-    const name = input.name.trim();
-    if (!name) {
+    sanitizedName = stripTags(input.name).trim();
+    if (!sanitizedName) {
       throw new StorageValidationError("Navigation name must not be empty", "EMPTY_NAME");
     }
     const existingNavigations = await adapter.listNavigations();
     const existingNames = existingNavigations.filter((n) => n.id !== input.id).map((n) => n.name);
-    if (existingNames.includes(name)) {
+    if (existingNames.includes(sanitizedName)) {
       throw new StorageValidationError(
-        `Navigation name "${name}" is already in use`,
+        `Navigation name "${sanitizedName}" is already in use`,
         "DUPLICATE_NAME"
       );
     }
   }
-  return adapter.updateNavigation(input);
+  return adapter.updateNavigation({
+    ...input,
+    ...sanitizedName !== void 0 && { name: sanitizedName }
+  });
 }
 async function handleDeleteNavigation(adapter, id) {
   if (!id.trim()) {
@@ -328,7 +390,7 @@ function errorResponse(error, fallbackStatus = 500) {
   if (error instanceof StorageValidationError || error instanceof MediaValidationError || error instanceof SyntaxError) {
     return jsonResponse({ error: getErrorMessage(error) }, 400);
   }
-  return jsonResponse({ error: getErrorMessage(error) }, fallbackStatus);
+  return jsonResponse({ error: "Internal Server Error" }, fallbackStatus);
 }
 async function resolveParams(context) {
   return context.params;
@@ -652,11 +714,51 @@ function createNextPageByIdRoute(config) {
     }
   };
 }
+function getQueryParam(url, name) {
+  const queryStart = url.indexOf("?");
+  if (queryStart === -1) return null;
+  for (const pair of url.slice(queryStart + 1).split("&")) {
+    const eqIndex = pair.indexOf("=");
+    const key = decodeURIComponent(eqIndex === -1 ? pair : pair.slice(0, eqIndex));
+    if (key === name) return eqIndex === -1 ? "" : decodeURIComponent(pair.slice(eqIndex + 1));
+  }
+  return null;
+}
+function parseMediaFilter(request) {
+  if (!request.url) {
+    return void 0;
+  }
+  const category = getQueryParam(request.url, "category");
+  const limit = getQueryParam(request.url, "limit");
+  const offset = getQueryParam(request.url, "offset");
+  const filter = {};
+  let hasFilter = false;
+  if (category === "image" || category === "document") {
+    filter.category = category;
+    hasFilter = true;
+  }
+  if (limit) {
+    const parsed = Number.parseInt(limit, 10);
+    if (!Number.isNaN(parsed) && parsed > 0) {
+      filter.limit = parsed;
+      hasFilter = true;
+    }
+  }
+  if (offset) {
+    const parsed = Number.parseInt(offset, 10);
+    if (!Number.isNaN(parsed) && parsed >= 0) {
+      filter.offset = parsed;
+      hasFilter = true;
+    }
+  }
+  return hasFilter ? filter : void 0;
+}
 function createNextMediaRoute(config) {
   return {
-    GET: async (_request) => {
+    GET: async (request) => {
       try {
-        const media = await handleListMedia(config.mediaAdapter);
+        const filter = parseMediaFilter(request);
+        const media = await handleListMedia(config.mediaAdapter, filter);
         return jsonResponse(media);
       } catch (error) {
         return errorResponse(error);
@@ -917,8 +1019,10 @@ function createNextAuthOAuthRoute(config, Response) {
           { status: 400 }
         );
       }
-      const message = err instanceof Error ? err.message : "OAuth initialization failed";
-      return Response.json({ error: { message, code: "OAUTH_ERROR" } }, { status: 500 });
+      return Response.json(
+        { error: { message: "Internal Server Error", code: "OAUTH_ERROR" } },
+        { status: 500 }
+      );
     }
   };
 }
@@ -936,8 +1040,10 @@ function createNextAuthSignInRoute(config, Response) {
           { status: 400 }
         );
       }
-      const message = err instanceof Error ? err.message : "Sign in failed";
-      return Response.json({ error: { message, code: "AUTH_ERROR" } }, { status: 401 });
+      return Response.json(
+        { error: { message: "Invalid credentials", code: "AUTH_ERROR" } },
+        { status: 401 }
+      );
     }
   };
 }
@@ -954,8 +1060,10 @@ function createNextAuthSignOutRoute(config, Response) {
       await handleSignOut(config.authAdapter, token);
       return Response.json({ message: "Signed out successfully" }, { status: 200 });
     } catch (error) {
-      const message = error instanceof Error ? error.message : "Sign out failed";
-      return Response.json({ error: { message, code: "SIGNOUT_ERROR" } }, { status: 500 });
+      return Response.json(
+        { error: { message: "Internal Server Error", code: "SIGNOUT_ERROR" } },
+        { status: 500 }
+      );
     }
   };
 }
@@ -978,8 +1086,10 @@ function createNextAuthVerifyRoute(config, Response) {
       }
       return Response.json(user, { status: 200 });
     } catch (error) {
-      const message = error instanceof Error ? error.message : "Verification failed";
-      return Response.json({ error: { message, code: "VERIFY_ERROR" } }, { status: 401 });
+      return Response.json(
+        { error: { message: "Authentication failed", code: "VERIFY_ERROR" } },
+        { status: 401 }
+      );
     }
   };
 }
@@ -997,8 +1107,10 @@ function createNextAuthRefreshRoute(config, Response) {
       const session = await handleRefreshSession(config.authAdapter, refreshToken);
       return Response.json(session, { status: 200 });
     } catch (error) {
-      const message = error instanceof Error ? error.message : "Refresh failed";
-      return Response.json({ error: { message, code: "REFRESH_ERROR" } }, { status: 401 });
+      return Response.json(
+        { error: { message: "Session refresh failed", code: "REFRESH_ERROR" } },
+        { status: 401 }
+      );
     }
   };
 }
@@ -1021,8 +1133,10 @@ function createNextAuthCurrentUserRoute(config, Response) {
       }
       return Response.json(user, { status: 200 });
     } catch (error) {
-      const message = error instanceof Error ? error.message : "Failed to get user";
-      return Response.json({ error: { message, code: "GET_USER_ERROR" } }, { status: 500 });
+      return Response.json(
+        { error: { message: "Internal Server Error", code: "GET_USER_ERROR" } },
+        { status: 500 }
+      );
     }
   };
 }