backend-manager 5.0.203 → 5.1.1

package/src/manager/routes/admin/post/deduplicate-image-alts.js

@@ -0,0 +1,52 @@
+/**
+ * Deduplicate alt-text across DIFFERENT image URLs.
+ *
+ * Image filenames in the admin/post route are derived from the markdown image's
+ * alt-text. Two images sharing alt-text would otherwise produce the same filename
+ * and overwrite each other on upload, causing the second image to "disappear"
+ * (both `@post/` references in the body resolve to the same file).
+ *
+ * Strategy: when a non-header image's alt collides with an earlier image's alt
+ * AND its URL is different, suffix the alt with ` (N)` (where N is the
+ * occurrence count). Same URL keeps its original alt — repeated embeds of the
+ * exact same image are not a collision and should resolve to the same file.
+ *
+ * @param {Array<{src: string, alt: string, header?: boolean}>} images — image
+ *   entries extracted from the body (plus optional header). Mutated in place:
+ *   `image.alt` is rewritten when a collision is detected.
+ * @param {string} body — markdown body string. Returned with any
+ *   `![oldAlt](src)` rewritten to `![newAlt](src)` for collisions.
+ * @returns {{images: Array, body: string}} mutated images array and rewritten body.
+ */
+module.exports = function deduplicateImageAlts(images, body) {
+  const seenAltByUrl = new Map();
+  const altCountByAlt = new Map();
+  let rewrittenBody = body;
+
+  for (const image of images) {
+    if (image.header) {
+      continue;
+    }
+
+    const existingForUrl = seenAltByUrl.get(image.src);
+    if (existingForUrl) {
+      // Same URL appeared earlier — reuse its (possibly already-suffixed) alt.
+      // Repeated embeds of the same image should resolve to the same upload.
+      image.alt = existingForUrl;
+      continue;
+    }
+
+    const count = (altCountByAlt.get(image.alt) || 0) + 1;
+    altCountByAlt.set(image.alt, count);
+
+    if (count > 1) {
+      const newAlt = `${image.alt} (${count})`;
+      rewrittenBody = rewrittenBody.split(`![${image.alt}](${image.src})`).join(`![${newAlt}](${image.src})`);
+      image.alt = newAlt;
+    }
+
+    seenAltByUrl.set(image.src, image.alt);
+  }
+
+  return { images, body: rewrittenBody };
+};

package/src/manager/routes/admin/post/post.js

@@ -11,6 +11,8 @@ const path = require('path');
 const { Octokit } = require('@octokit/rest');
 const { get, set } = require('lodash');
 
+const deduplicateImageAlts = require('./deduplicate-image-alts');
+
 const POST_TEMPLATE = jetpack.read(`${__dirname}/templates/post.html`);
 const IMAGE_PATH_SRC = `src/assets/images/blog/post-{id}/`;
 const IMAGE_REGEX = /(?:!\[(.*?)\]\((.*?)\))/img;
@@ -63,14 +65,8 @@ module.exports = async ({ assistant, Manager, user, settings, analytics }) => {
     return assistant.respond('Missing required parameter: body', { code: 400 });
   }
 
-  // Fix URL
-  settings.url = settings.url
-    .replace(/blog\//ig, '')
-    .replace(/^\/|\/$/g, '')
-    .replace(/[^a-zA-Z0-9]/g, '-')
-    .replace(/-+/g, '-')
-    .replace(/^-+|-+$/g, '')
-    .toLowerCase();
+  // Fix URL — strip blog/ prefix then slugify (slugify handles slashes/special chars)
+  settings.url = Manager.Utilities().slugify(settings.url.replace(/blog\//ig, ''));
 
   // Fix body
   settings.body = settings.body
@@ -159,6 +155,11 @@ async function downloadImages(assistant, settings) {
     header: true,
   });
 
+  // Deduplicate alt-text across different image URLs (mutates images in place,
+  // returns rewritten body). See deduplicate-image-alts.js for full rationale.
+  const dedup = deduplicateImageAlts(images, settings.body);
+  settings.body = dedup.body;
+
   assistant.log('downloadImages(): images', images);
 
   if (!images.length) {
@@ -199,7 +200,7 @@ async function downloadImages(assistant, settings) {
 // Helper: Download image
 async function downloadImage(assistant, src, alt) {
   const fetch = assistant.Manager.require('wonderful-fetch');
-  const hyphenated = hyphenate(alt);
+  const hyphenated = assistant.Manager.Utilities().slugify(alt);
 
   assistant.log(`downloadImage(): src=${src}, alt=${alt}, hyphenated=${hyphenated}`);
 
@@ -325,11 +326,3 @@ function formatClone(payload) {
   return payload;
 }
 
-// Helper: Hyphenate string
-function hyphenate(s) {
-  return s
-    .replace(/[^a-zA-Z0-9]/g, '-')
-    .replace(/-+/g, '-')
-    .replace(/^-|-$/g, '')
-    .toLowerCase();
-}

package/src/manager/routes/marketing/contact/post.js

@@ -41,7 +41,7 @@ module.exports = async ({ assistant, Manager, settings, analytics }) => {
       return assistant.respond({ success: true });
     }
 
-    const { format, localPart, disposable } = validation.checks;
+    const { format, localPart, disposable, corporate } = validation.checks;
 
     if (format && !format.valid) {
       return assistant.respond('Invalid email format', { code: 400 });
@@ -55,6 +55,10 @@ module.exports = async ({ assistant, Manager, settings, analytics }) => {
       return assistant.respond(`Disposable email domain not allowed: ${disposable.domain}`, { code: 400 });
     }
 
+    if (corporate && !corporate.valid) {
+      return assistant.respond(`Corporate/social-media domain not allowed: ${corporate.domain}`, { code: 400 });
+    }
+
     return assistant.respond('Email validation failed', { code: 400 });
   }
 

package/templates/_.env

@@ -3,6 +3,7 @@
 BACKEND_MANAGER_KEY=""
 BACKEND_MANAGER_NAMESPACE=""
 BACKEND_MANAGER_OPENAI_API_KEY=""
+BACKEND_MANAGER_ANTHROPIC_API_KEY=""
 
 # GitHub
 GITHUB_TOKEN=""
@@ -10,6 +11,9 @@ GITHUB_TOKEN=""
 # OpenAI
 OPENAI_API_KEY=""
 
+# Anthropic
+ANTHROPIC_API_KEY=""
+
 # Payment Processors
 PAYPAL_CLIENT_SECRET=""
 STRIPE_SECRET_KEY=""

package/templates/_.gitignore

@@ -48,6 +48,7 @@ node_modules/
 .runtimeconfig.json
 service-account*.json
 bem-reload-trigger.js
+.temp/
 _legacy
 
 # ========== Custom Values ==========

package/templates/backend-manager-config.json

@@ -7,6 +7,18 @@
     contact: {
       email: 'support@example.com',
     },
+    // Physical postal address — required by CAN-SPAM in commercial email footers.
+    // Rendered in the newsletter footer + transactional email footers.
+    // Structured so the renderer can format it consistently across locales
+    // and break onto multiple lines if needed. line2/region/postalCode are optional.
+    address: {
+      line1: '123 Main St',
+      line2: 'Suite 100',
+      city: 'City',
+      region: 'ST',
+      postalCode: '12345',
+      country: 'United States',
+    },
     images: {
       wordmark: 'https://example.com/wordmark.png',
       brandmark: 'https://example.com/wordmark.png',
@@ -17,6 +29,7 @@
     user: 'username',
     repo_website: 'https://github.com/username/backend-manager',
   },
+  parent: '',  // URL of the parent BEM instance (e.g., 'https://api.itwcreativeworks.com') — used by newsletter generator to pull sources
   sentry: {
     dsn: 'https://d965557418748jd749d837asf00552f@o777489.ingest.sentry.io/8789941',
   },
@@ -129,14 +142,45 @@
     beehiiv: {
       enabled: false,
       // publicationId: 'pub_xxxxx',  // Set to skip fuzzy-match API call
+      // Content pipeline. Lives under the provider that publishes the result —
+      // Beehiiv for newsletters, eventually SendGrid for promo blasts. The
+      // shape is the same regardless of provider: sources, tone, template,
+      // theme, sponsorships. `beehiiv.enabled: false` above disables it all.
+      content: {
+        categories: [],  // e.g., ['social-media', 'marketing'] — content categories to pull from parent server
+        // AI-customization fields below are all optional with sensible defaults
+        instructions: '',  // free-form text passed to the AI ("focus on X", "avoid Y", brand voice notes)
+        tone: 'professional',  // 'professional', 'casual', 'actionable', 'witty', etc. — passed to AI prompt
+        template: 'clean',   // 'clean' | 'editorial' | 'field-report' — layout template (each owns its own content shape and aesthetic)
+        theme: {
+          primaryColor: '#5B5BFF',   // accent color: buttons, links, brand text
+          secondaryColor: '#1E1E2A', // body text color
+          accentColor: '#F6F7FB',    // page background outside the 600px body
+          font: 'Inter, system-ui, sans-serif',
+        },
+        // AI provider defaults are hard-coded in the library (openai for structure,
+        // anthropic for SVG — each chosen for what each model does best). Override
+        // per-run only via env: NEWSLETTER_PROVIDER_STRUCTURE / NEWSLETTER_PROVIDER_SVG.
+        // Brand-owned sponsorship/promo slots — rendered as "sponsored" blocks inline
+        // with the newsletter. Use for promoting your own products, affiliate offers,
+        // or paid placements. Each entry can be positioned at 'top', 'middle', or 'end'.
+        // Per-campaign overrides via settings.sponsorships on a marketing-campaigns doc.
+        sponsorships: [
+          // {
+          //   label:       'Sponsored',                 // optional eyebrow label (defaults to "Sponsored")
+          //   headline:    'Grow your audience faster', // bold headline
+          //   body:        'Short pitch text…',         // 1-2 sentence body
+          //   url:         'https://somiibo.com/promo', // click destination
+          //   image:       'https://...png',            // optional image URL
+          //   ctaLabel:    'Try Somiibo',               // button text (default: "Learn more")
+          //   position:    'middle',                    // 'top' | 'middle' | 'end' (default: 'middle')
+          // },
+        ],
+      },
     },
     prune: {
       enabled: true,
     },
-    newsletter: {
-      enabled: false,
-      categories: [],  // e.g., ['social-media', 'marketing'] — content categories to pull from parent server
-    },
   },
   firebaseConfig: {
     apiKey: '123-456',

package/test/helpers/email-validation.js

@@ -5,7 +5,7 @@
  * Format, local part, and disposable tests always run (free, regex-based).
  * Mailbox verification tests require TEST_EXTENDED_MODE + ZEROBOUNCE_API_KEY.
  */
-const { validate, isDisposable, DEFAULT_CHECKS, ALL_CHECKS } = require('../../src/manager/libraries/email/validation.js');
+const { validate, isDisposable, isCorporate, DEFAULT_CHECKS, ALL_CHECKS } = require('../../src/manager/libraries/email/validation.js');
 
 module.exports = {
   description: 'Email validation',
@@ -287,6 +287,144 @@ module.exports = {
       },
     },
 
+    // --- Corporate / social-media domain checks ---
+
+    {
+      name: 'corporate-meta-blocked',
+      timeout: 5000,
+
+      async run({ assert }) {
+        const result = await validate('ian@meta.com');
+
+        assert.equal(result.valid, false, 'meta.com should be blocked');
+        assert.propertyEquals(result, 'checks.corporate.blocked', true, 'Should be flagged as blocked');
+        assert.propertyEquals(result, 'checks.corporate.domain', 'meta.com', 'Should include blocked domain');
+        assert.propertyEquals(result, 'checks.corporate.reason', 'Corporate/social-media domain', 'Should have human-readable reason');
+      },
+    },
+
+    {
+      name: 'corporate-instagram-blocked',
+      timeout: 5000,
+
+      async run({ assert }) {
+        const result = await validate('rachel.greene@instagram.com');
+
+        assert.equal(result.valid, false, 'instagram.com should be blocked');
+        assert.propertyEquals(result, 'checks.corporate.blocked', true, 'Should be flagged as blocked');
+      },
+    },
+
+    {
+      name: 'corporate-soundcloud-blocked',
+      timeout: 5000,
+
+      async run({ assert }) {
+        const result = await validate('user@soundcloud.com');
+
+        assert.equal(result.valid, false, 'soundcloud.com should be blocked');
+        assert.propertyEquals(result, 'checks.corporate.blocked', true, 'Should be flagged as blocked');
+      },
+    },
+
+    {
+      name: 'corporate-gmail-allowed',
+      timeout: 5000,
+
+      async run({ assert }) {
+        const result = await validate('rachel.greene@gmail.com');
+
+        assert.equal(result.valid, true, 'gmail.com should NOT be flagged as corporate');
+        assert.propertyEquals(result, 'checks.corporate.valid', true, 'Corporate check should pass');
+        assert.propertyEquals(result, 'checks.corporate.blocked', false, 'Should not be blocked');
+      },
+    },
+
+    {
+      name: 'corporate-runs-before-localpart',
+      timeout: 5000,
+
+      async run({ assert }) {
+        // "test@meta.com" would be blocked by BOTH corporate and localPart;
+        // corporate runs first, so we should see corporate (not localPart) in the result.
+        const result = await validate('test@meta.com');
+
+        assert.equal(result.valid, false, 'Should be blocked');
+        assert.propertyEquals(result, 'checks.corporate.blocked', true, 'Corporate should be the failure reason');
+        assert.equal(result.checks.localPart, undefined, 'localPart should not run after corporate fails');
+      },
+    },
+
+    {
+      name: 'corporate-can-be-skipped-via-checks-option',
+      timeout: 5000,
+
+      async run({ assert }) {
+        // Allow a caller to bypass the corporate check (e.g., during signup, where Meta employees are real users)
+        const result = await validate('ian@meta.com', { checks: ['format', 'disposable', 'localPart'] });
+
+        assert.equal(result.valid, true, 'Without corporate check, meta.com should pass');
+        assert.equal(result.checks.corporate, undefined, 'corporate should not run');
+      },
+    },
+
+    // --- isCorporate helper ---
+
+    {
+      name: 'isCorporate-social-domain-detected',
+      timeout: 5000,
+
+      async run({ assert }) {
+        assert.equal(isCorporate('user@meta.com'), true, 'meta.com should be corporate');
+        assert.equal(isCorporate('user@instagram.com'), true, 'instagram.com should be corporate');
+        assert.equal(isCorporate('user@soundcloud.com'), true, 'soundcloud.com should be corporate');
+        assert.equal(isCorporate('user@tiktok.com'), true, 'tiktok.com should be corporate');
+        assert.equal(isCorporate('user@linkedin.com'), true, 'linkedin.com should be corporate');
+      },
+    },
+
+    {
+      name: 'isCorporate-legitimate-domain-passes',
+      timeout: 5000,
+
+      async run({ assert }) {
+        assert.equal(isCorporate('user@gmail.com'), false, 'gmail.com should not be corporate');
+        assert.equal(isCorporate('user@somiibo.com'), false, 'Custom domain should not be corporate');
+        assert.equal(isCorporate('user@mailinator.com'), false, 'Disposable is a separate category');
+      },
+    },
+
+    {
+      name: 'isCorporate-accepts-domain-only',
+      timeout: 5000,
+
+      async run({ assert }) {
+        assert.equal(isCorporate('meta.com'), true, 'Should work with bare domain');
+        assert.equal(isCorporate('gmail.com'), false, 'Should work with bare domain');
+      },
+    },
+
+    {
+      name: 'isCorporate-handles-edge-cases',
+      timeout: 5000,
+
+      async run({ assert }) {
+        assert.equal(isCorporate(''), false, 'Empty string should return false');
+        assert.equal(isCorporate(null), false, 'Null should return false');
+        assert.equal(isCorporate(undefined), false, 'Undefined should return false');
+      },
+    },
+
+    {
+      name: 'isCorporate-case-insensitive',
+      timeout: 5000,
+
+      async run({ assert }) {
+        assert.equal(isCorporate('user@META.COM'), true, 'Should be case-insensitive');
+        assert.equal(isCorporate('USER@Instagram.Com'), true, 'Should be case-insensitive');
+      },
+    },
+
     // --- isDisposable helper ---
 
     {
@@ -389,8 +527,8 @@ module.exports = {
       timeout: 5000,
 
       async run({ assert }) {
-        assert.deepEqual(DEFAULT_CHECKS, ['format', 'disposable', 'localPart'], 'DEFAULT_CHECKS should be format + disposable + localPart');
-        assert.deepEqual(ALL_CHECKS, ['format', 'disposable', 'localPart', 'mailbox'], 'ALL_CHECKS should include mailbox');
+        assert.deepEqual(DEFAULT_CHECKS, ['format', 'disposable', 'corporate', 'localPart'], 'DEFAULT_CHECKS should be format + disposable + corporate + localPart');
+        assert.deepEqual(ALL_CHECKS, ['format', 'disposable', 'corporate', 'localPart', 'mailbox'], 'ALL_CHECKS should include mailbox');
       },
     },