cms-renderer 0.1.0 → 0.1.2

package/dist/lib/proxy.d.ts

@@ -0,0 +1,52 @@
+import { NextRequest, NextResponse } from 'next/server';
+
+/**
+ * Configuration options for the CMS proxy.
+ */
+interface ProxyConfig {
+    /**
+     * The upstream CMS server URL (e.g., 'https://cms.example.com').
+     * Defaults to ADMIN_UPSTREAM_ORIGIN environment variable.
+     */
+    upstream?: string;
+    /**
+     * Additional path prefixes to proxy (beyond /admin, /api, /auth).
+     */
+    additionalPaths?: string[];
+}
+/**
+ * Creates a proxy middleware function for Next.js.
+ *
+ * @example
+ * ```ts
+ * // middleware.ts
+ * import { createCmsProxy } from 'cms-renderer/lib/proxy';
+ *
+ * const cmsProxy = createCmsProxy({
+ *   upstream: process.env.ADMIN_UPSTREAM_ORIGIN,
+ * });
+ *
+ * export async function middleware(request: NextRequest) {
+ *   return cmsProxy(request);
+ * }
+ *
+ * export const config = {
+ *   matcher: cmsProxyMatcher,
+ * };
+ * ```
+ */
+declare function createCmsProxy(config?: ProxyConfig): (request: NextRequest) => Promise<NextResponse>;
+/**
+ * Default matcher configuration for the CMS proxy middleware.
+ * Use this in your middleware.ts config export.
+ *
+ * @example
+ * ```ts
+ * export const config = {
+ *   matcher: cmsProxyMatcher,
+ * };
+ * ```
+ */
+declare const cmsProxyMatcher: string[];
+
+export { type ProxyConfig, cmsProxyMatcher, createCmsProxy };

package/dist/lib/proxy.js

@@ -0,0 +1,143 @@
+// lib/proxy.ts
+import { NextResponse } from "next/server";
+var STATIC_FILE_REGEX = /\.(css|js|map|png|jpg|jpeg|gif|svg|ico|webp|avif|woff|woff2|ttf|eot|txt|xml)$/;
+function isFromAdminPage(request) {
+  const referer = request.headers.get("referer");
+  if (!referer) return false;
+  try {
+    const refererUrl = new URL(referer);
+    return refererUrl.pathname.startsWith("/admin");
+  } catch {
+    return false;
+  }
+}
+async function proxyToUpstream(request, pathname, upstream) {
+  const upstreamUrl = new URL(pathname, upstream);
+  upstreamUrl.search = request.nextUrl.search;
+  const headers = new Headers(request.headers);
+  headers.set("x-forwarded-host", request.headers.get("host") ?? "");
+  headers.set("x-forwarded-proto", request.nextUrl.protocol.replace(":", ""));
+  headers.set("x-forwarded-for", request.headers.get("x-forwarded-for") ?? "");
+  const response = await fetch(upstreamUrl.toString(), {
+    method: request.method,
+    headers,
+    body: request.body,
+    // @ts-expect-error - duplex is required for streaming bodies
+    duplex: "half",
+    redirect: "manual"
+    // Don't follow redirects, let the client handle them
+  });
+  const responseHeaders = new Headers();
+  const upstreamUrlObj = new URL(upstream);
+  const upstreamOrigin = upstreamUrlObj.origin;
+  const currentOrigin = request.nextUrl.origin;
+  response.headers.forEach((value, key) => {
+    const lowerKey = key.toLowerCase();
+    if (lowerKey === "set-cookie") {
+      let modifiedCookie = value;
+      modifiedCookie = modifiedCookie.replace(/;\s*Domain=[^;]*/gi, "");
+      if (!/;\s*Path=/i.test(modifiedCookie)) {
+        modifiedCookie += "; Path=/";
+      }
+      if (!/;\s*SameSite=/i.test(modifiedCookie)) {
+        modifiedCookie += "; SameSite=Lax";
+      }
+      responseHeaders.append(key, modifiedCookie);
+    } else if (lowerKey === "location") {
+      try {
+        const locationUrl = new URL(value, upstream);
+        if (locationUrl.origin === upstreamOrigin) {
+          const newLocation = `${currentOrigin}${locationUrl.pathname}${locationUrl.search}`;
+          responseHeaders.set(key, newLocation);
+        } else {
+          let finalLocation = value;
+          const redirectUri = locationUrl.searchParams.get("redirect_uri");
+          if (redirectUri) {
+            try {
+              const redirectUriUrl = new URL(redirectUri);
+              if (redirectUriUrl.host === upstreamUrlObj.host) {
+                const newRedirectUri = `${currentOrigin}${redirectUriUrl.pathname}${redirectUriUrl.search}`;
+                locationUrl.searchParams.set("redirect_uri", newRedirectUri);
+                finalLocation = locationUrl.toString();
+              }
+            } catch {
+            }
+          }
+          responseHeaders.set(key, finalLocation);
+        }
+      } catch {
+        responseHeaders.set(key, value);
+      }
+    } else if (lowerKey !== "transfer-encoding" && lowerKey !== "content-encoding" && lowerKey !== "content-length") {
+      responseHeaders.set(key, value);
+    }
+  });
+  responseHeaders.set("x-proxied-by", "cms-proxy");
+  const contentType = response.headers.get("content-type") ?? "";
+  if (contentType.includes("text/html") && response.body) {
+    let text = await response.text();
+    const upstreamHost = upstreamUrlObj.host;
+    text = text.replaceAll(upstreamOrigin, currentOrigin);
+    text = text.replaceAll(`//${upstreamHost}`, `//${request.nextUrl.host}`);
+    text = text.replaceAll(`https://${upstreamHost}`, currentOrigin);
+    text = text.replaceAll(`http://${upstreamHost}`, currentOrigin);
+    return new NextResponse(text, {
+      status: response.status,
+      statusText: response.statusText,
+      headers: responseHeaders
+    });
+  }
+  return new NextResponse(response.body, {
+    status: response.status,
+    statusText: response.statusText,
+    headers: responseHeaders
+  });
+}
+function createCmsProxy(config = {}) {
+  const upstream = (config.upstream ?? process.env.ADMIN_UPSTREAM_ORIGIN ?? "").replace(/\/$/, "");
+  const additionalPaths = config.additionalPaths ?? [];
+  if (!upstream) {
+    console.warn(
+      "[cms-proxy] No upstream URL configured. Set ADMIN_UPSTREAM_ORIGIN or pass upstream option."
+    );
+  }
+  return async function cmsProxy(request) {
+    if (!upstream) {
+      return NextResponse.next();
+    }
+    const { pathname } = request.nextUrl;
+    if (pathname.startsWith("/admin")) {
+      return proxyToUpstream(request, pathname, upstream);
+    }
+    if (pathname.startsWith("/api")) {
+      return proxyToUpstream(request, pathname, upstream);
+    }
+    if (pathname.startsWith("/auth")) {
+      return proxyToUpstream(request, pathname, upstream);
+    }
+    for (const pathPrefix of additionalPaths) {
+      if (pathname.startsWith(pathPrefix)) {
+        return proxyToUpstream(request, pathname, upstream);
+      }
+    }
+    if (isFromAdminPage(request)) {
+      if (pathname.startsWith("/_next") || STATIC_FILE_REGEX.test(pathname)) {
+        return proxyToUpstream(request, pathname, upstream);
+      }
+    }
+    return NextResponse.next();
+  };
+}
+var cmsProxyMatcher = [
+  "/admin",
+  "/admin/:path*",
+  "/api/:path*",
+  "/auth/:path*",
+  "/_next/:path*",
+  "/((?:.*\\.(?:css|js|map|png|jpg|jpeg|gif|svg|ico|webp|avif|woff|woff2|ttf|eot|txt|xml))$)"
+];
+export {
+  cmsProxyMatcher,
+  createCmsProxy
+};
+//# sourceMappingURL=proxy.js.map

package/dist/lib/proxy.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../lib/proxy.ts"],"sourcesContent":["import { type NextRequest, NextResponse } from 'next/server';\n\n/**\n * Configuration options for the CMS proxy.\n */\nexport interface ProxyConfig {\n  /**\n   * The upstream CMS server URL (e.g., 'https://cms.example.com').\n   * Defaults to ADMIN_UPSTREAM_ORIGIN environment variable.\n   */\n  upstream?: string;\n  /**\n   * Additional path prefixes to proxy (beyond /admin, /api, /auth).\n   */\n  additionalPaths?: string[];\n}\n\n// Static file extensions to proxy to upstream\nconst STATIC_FILE_REGEX =\n  /\\.(css|js|map|png|jpg|jpeg|gif|svg|ico|webp|avif|woff|woff2|ttf|eot|txt|xml)$/;\n\n/**\n * Check if the request originates from an admin page (via Referer header).\n */\nfunction isFromAdminPage(request: NextRequest): boolean {\n  const referer = request.headers.get('referer');\n  if (!referer) return false;\n\n  try {\n    const refererUrl = new URL(referer);\n    return refererUrl.pathname.startsWith('/admin');\n  } catch {\n    return false;\n  }\n}\n\n/**\n * Proxy a request to the upstream CMS server with proper cookie handling.\n */\nasync function proxyToUpstream(\n  request: NextRequest,\n  pathname: string,\n  upstream: string\n): Promise<NextResponse> {\n  const upstreamUrl = new URL(pathname, upstream);\n  upstreamUrl.search = request.nextUrl.search;\n\n  // Clone all headers from the request\n  const headers = new Headers(request.headers);\n\n  // Keep the original host header so the upstream app knows the real origin\n  // This is important for auth redirects (WorkOS) to use the correct domain\n  // The x-forwarded-* headers provide additional context\n  headers.set('x-forwarded-host', request.headers.get('host') ?? '');\n  headers.set('x-forwarded-proto', request.nextUrl.protocol.replace(':', ''));\n  headers.set('x-forwarded-for', request.headers.get('x-forwarded-for') ?? '');\n\n  const response = await fetch(upstreamUrl.toString(), {\n    method: request.method,\n    headers,\n    body: request.body,\n    // @ts-expect-error - duplex is required for streaming bodies\n    duplex: 'half',\n    redirect: 'manual', // Don't follow redirects, let the client handle them\n  });\n\n  // Create response with proper header handling\n  const responseHeaders = new Headers();\n\n  const upstreamUrlObj = new URL(upstream);\n  const upstreamOrigin = upstreamUrlObj.origin;\n  const currentOrigin = request.nextUrl.origin;\n\n  // Copy headers from upstream response\n  response.headers.forEach((value, key) => {\n    const lowerKey = key.toLowerCase();\n\n    // Handle Set-Cookie specially - rewrite domain to current host\n    if (lowerKey === 'set-cookie') {\n      let modifiedCookie = value;\n\n      // Remove Domain attribute so cookie defaults to current host\n      modifiedCookie = modifiedCookie.replace(/;\\s*Domain=[^;]*/gi, '');\n\n      // Ensure Path is set (usually /admin or /)\n      if (!/;\\s*Path=/i.test(modifiedCookie)) {\n        modifiedCookie += '; Path=/';\n      }\n\n      // For secure cookies in production, ensure SameSite is appropriate\n      if (!/;\\s*SameSite=/i.test(modifiedCookie)) {\n        modifiedCookie += '; SameSite=Lax';\n      }\n\n      responseHeaders.append(key, modifiedCookie);\n    }\n    // Handle Location header - rewrite upstream URLs to current host\n    else if (lowerKey === 'location') {\n      try {\n        // Parse the location (handles both absolute and relative URLs)\n        const locationUrl = new URL(value, upstream);\n\n        // If redirect points to upstream, rewrite to current origin\n        if (locationUrl.origin === upstreamOrigin) {\n          const newLocation = `${currentOrigin}${locationUrl.pathname}${locationUrl.search}`;\n          responseHeaders.set(key, newLocation);\n        } else {\n          // External redirect (e.g., to WorkOS)\n          // Rewrite redirect_uri parameter if it points to upstream\n          let finalLocation = value;\n\n          // Check if this is a WorkOS/OAuth redirect with redirect_uri parameter\n          const redirectUri = locationUrl.searchParams.get('redirect_uri');\n          if (redirectUri) {\n            try {\n              const redirectUriUrl = new URL(redirectUri);\n              // If redirect_uri points to upstream, rewrite to current origin\n              if (redirectUriUrl.host === upstreamUrlObj.host) {\n                const newRedirectUri = `${currentOrigin}${redirectUriUrl.pathname}${redirectUriUrl.search}`;\n                locationUrl.searchParams.set('redirect_uri', newRedirectUri);\n                finalLocation = locationUrl.toString();\n              }\n            } catch {\n              // If redirect_uri parsing fails, keep original\n            }\n          }\n\n          responseHeaders.set(key, finalLocation);\n        }\n      } catch {\n        // If URL parsing fails, keep original\n        responseHeaders.set(key, value);\n      }\n    }\n    // Skip headers that cause issues after fetch decompresses the body\n    else if (\n      lowerKey !== 'transfer-encoding' &&\n      lowerKey !== 'content-encoding' &&\n      lowerKey !== 'content-length'\n    ) {\n      responseHeaders.set(key, value);\n    }\n  });\n\n  // Add debug header to verify middleware is running\n  responseHeaders.set('x-proxied-by', 'cms-proxy');\n\n  // For HTML responses, rewrite upstream URLs in the body\n  const contentType = response.headers.get('content-type') ?? '';\n  if (contentType.includes('text/html') && response.body) {\n    let text = await response.text();\n\n    // Get the upstream host for more comprehensive replacement\n    const upstreamHost = upstreamUrlObj.host;\n\n    // Replace full origin (https://cms.example.com)\n    text = text.replaceAll(upstreamOrigin, currentOrigin);\n\n    // Replace protocol-relative URLs (//cms.example.com)\n    text = text.replaceAll(`//${upstreamHost}`, `//${request.nextUrl.host}`);\n\n    // Replace any remaining absolute URLs with the upstream host\n    // This catches cases where protocol might differ\n    text = text.replaceAll(`https://${upstreamHost}`, currentOrigin);\n    text = text.replaceAll(`http://${upstreamHost}`, currentOrigin);\n\n    return new NextResponse(text, {\n      status: response.status,\n      statusText: response.statusText,\n      headers: responseHeaders,\n    });\n  }\n\n  return new NextResponse(response.body, {\n    status: response.status,\n    statusText: response.statusText,\n    headers: responseHeaders,\n  });\n}\n\n/**\n * Creates a proxy middleware function for Next.js.\n *\n * @example\n * ```ts\n * // middleware.ts\n * import { createCmsProxy } from 'cms-renderer/lib/proxy';\n *\n * const cmsProxy = createCmsProxy({\n *   upstream: process.env.ADMIN_UPSTREAM_ORIGIN,\n * });\n *\n * export async function middleware(request: NextRequest) {\n *   return cmsProxy(request);\n * }\n *\n * export const config = {\n *   matcher: cmsProxyMatcher,\n * };\n * ```\n */\nexport function createCmsProxy(config: ProxyConfig = {}) {\n  const upstream = (config.upstream ?? process.env.ADMIN_UPSTREAM_ORIGIN ?? '').replace(/\\/$/, '');\n  const additionalPaths = config.additionalPaths ?? [];\n\n  if (!upstream) {\n    console.warn(\n      '[cms-proxy] No upstream URL configured. Set ADMIN_UPSTREAM_ORIGIN or pass upstream option.'\n    );\n  }\n\n  return async function cmsProxy(request: NextRequest): Promise<NextResponse> {\n    if (!upstream) {\n      return NextResponse.next();\n    }\n\n    const { pathname } = request.nextUrl;\n\n    // Proxy /admin routes to the upstream CMS\n    if (pathname.startsWith('/admin')) {\n      return proxyToUpstream(request, pathname, upstream);\n    }\n\n    // Proxy /api routes to the upstream CMS\n    if (pathname.startsWith('/api')) {\n      return proxyToUpstream(request, pathname, upstream);\n    }\n\n    // Proxy auth routes to the upstream CMS (WorkOS callbacks, signin, etc.)\n    if (pathname.startsWith('/auth')) {\n      return proxyToUpstream(request, pathname, upstream);\n    }\n\n    // Proxy additional custom paths\n    for (const pathPrefix of additionalPaths) {\n      if (pathname.startsWith(pathPrefix)) {\n        return proxyToUpstream(request, pathname, upstream);\n      }\n    }\n\n    // Only proxy /_next and static files if the request comes from an admin page\n    // This prevents breaking the web app's own assets\n    if (isFromAdminPage(request)) {\n      if (pathname.startsWith('/_next') || STATIC_FILE_REGEX.test(pathname)) {\n        return proxyToUpstream(request, pathname, upstream);\n      }\n    }\n\n    return NextResponse.next();\n  };\n}\n\n/**\n * Default matcher configuration for the CMS proxy middleware.\n * Use this in your middleware.ts config export.\n *\n * @example\n * ```ts\n * export const config = {\n *   matcher: cmsProxyMatcher,\n * };\n * ```\n */\nexport const cmsProxyMatcher = [\n  '/admin',\n  '/admin/:path*',\n  '/api/:path*',\n  '/auth/:path*',\n  '/_next/:path*',\n  '/((?:.*\\\\.(?:css|js|map|png|jpg|jpeg|gif|svg|ico|webp|avif|woff|woff2|ttf|eot|txt|xml))$)',\n];\n"],"mappings":";AAAA,SAA2B,oBAAoB;AAkB/C,IAAM,oBACJ;AAKF,SAAS,gBAAgB,SAA+B;AACtD,QAAM,UAAU,QAAQ,QAAQ,IAAI,SAAS;AAC7C,MAAI,CAAC,QAAS,QAAO;AAErB,MAAI;AACF,UAAM,aAAa,IAAI,IAAI,OAAO;AAClC,WAAO,WAAW,SAAS,WAAW,QAAQ;AAAA,EAChD,QAAQ;AACN,WAAO;AAAA,EACT;AACF;AAKA,eAAe,gBACb,SACA,UACA,UACuB;AACvB,QAAM,cAAc,IAAI,IAAI,UAAU,QAAQ;AAC9C,cAAY,SAAS,QAAQ,QAAQ;AAGrC,QAAM,UAAU,IAAI,QAAQ,QAAQ,OAAO;AAK3C,UAAQ,IAAI,oBAAoB,QAAQ,QAAQ,IAAI,MAAM,KAAK,EAAE;AACjE,UAAQ,IAAI,qBAAqB,QAAQ,QAAQ,SAAS,QAAQ,KAAK,EAAE,CAAC;AAC1E,UAAQ,IAAI,mBAAmB,QAAQ,QAAQ,IAAI,iBAAiB,KAAK,EAAE;AAE3E,QAAM,WAAW,MAAM,MAAM,YAAY,SAAS,GAAG;AAAA,IACnD,QAAQ,QAAQ;AAAA,IAChB;AAAA,IACA,MAAM,QAAQ;AAAA;AAAA,IAEd,QAAQ;AAAA,IACR,UAAU;AAAA;AAAA,EACZ,CAAC;AAGD,QAAM,kBAAkB,IAAI,QAAQ;AAEpC,QAAM,iBAAiB,IAAI,IAAI,QAAQ;AACvC,QAAM,iBAAiB,eAAe;AACtC,QAAM,gBAAgB,QAAQ,QAAQ;AAGtC,WAAS,QAAQ,QAAQ,CAAC,OAAO,QAAQ;AACvC,UAAM,WAAW,IAAI,YAAY;AAGjC,QAAI,aAAa,cAAc;AAC7B,UAAI,iBAAiB;AAGrB,uBAAiB,eAAe,QAAQ,sBAAsB,EAAE;AAGhE,UAAI,CAAC,aAAa,KAAK,cAAc,GAAG;AACtC,0BAAkB;AAAA,MACpB;AAGA,UAAI,CAAC,iBAAiB,KAAK,cAAc,GAAG;AAC1C,0BAAkB;AAAA,MACpB;AAEA,sBAAgB,OAAO,KAAK,cAAc;AAAA,IAC5C,WAES,aAAa,YAAY;AAChC,UAAI;AAEF,cAAM,cAAc,IAAI,IAAI,OAAO,QAAQ;AAG3C,YAAI,YAAY,WAAW,gBAAgB;AACzC,gBAAM,cAAc,GAAG,aAAa,GAAG,YAAY,QAAQ,GAAG,YAAY,MAAM;AAChF,0BAAgB,IAAI,KAAK,WAAW;AAAA,QACtC,OAAO;AAGL,cAAI,gBAAgB;AAGpB,gBAAM,cAAc,YAAY,aAAa,IAAI,cAAc;AAC/D,cAAI,aAAa;AACf,gBAAI;AACF,oBAAM,iBAAiB,IAAI,IAAI,WAAW;AAE1C,kBAAI,eAAe,SAAS,eAAe,MAAM;AAC/C,sBAAM,iBAAiB,GAAG,aAAa,GAAG,eAAe,QAAQ,GAAG,eAAe,MAAM;AACzF,4BAAY,aAAa,IAAI,gBAAgB,cAAc;AAC3D,gCAAgB,YAAY,SAAS;AAAA,cACvC;AAAA,YACF,QAAQ;AAAA,YAER;AAAA,UACF;AAEA,0BAAgB,IAAI,KAAK,aAAa;AAAA,QACxC;AAAA,MACF,QAAQ;AAEN,wBAAgB,IAAI,KAAK,KAAK;AAAA,MAChC;AAAA,IACF,WAGE,aAAa,uBACb,aAAa,sBACb,aAAa,kBACb;AACA,sBAAgB,IAAI,KAAK,KAAK;AAAA,IAChC;AAAA,EACF,CAAC;AAGD,kBAAgB,IAAI,gBAAgB,WAAW;AAG/C,QAAM,cAAc,SAAS,QAAQ,IAAI,cAAc,KAAK;AAC5D,MAAI,YAAY,SAAS,WAAW,KAAK,SAAS,MAAM;AACtD,QAAI,OAAO,MAAM,SAAS,KAAK;AAG/B,UAAM,eAAe,eAAe;AAGpC,WAAO,KAAK,WAAW,gBAAgB,aAAa;AAGpD,WAAO,KAAK,WAAW,KAAK,YAAY,IAAI,KAAK,QAAQ,QAAQ,IAAI,EAAE;AAIvE,WAAO,KAAK,WAAW,WAAW,YAAY,IAAI,aAAa;AAC/D,WAAO,KAAK,WAAW,UAAU,YAAY,IAAI,aAAa;AAE9D,WAAO,IAAI,aAAa,MAAM;AAAA,MAC5B,QAAQ,SAAS;AAAA,MACjB,YAAY,SAAS;AAAA,MACrB,SAAS;AAAA,IACX,CAAC;AAAA,EACH;AAEA,SAAO,IAAI,aAAa,SAAS,MAAM;AAAA,IACrC,QAAQ,SAAS;AAAA,IACjB,YAAY,SAAS;AAAA,IACrB,SAAS;AAAA,EACX,CAAC;AACH;AAuBO,SAAS,eAAe,SAAsB,CAAC,GAAG;AACvD,QAAM,YAAY,OAAO,YAAY,QAAQ,IAAI,yBAAyB,IAAI,QAAQ,OAAO,EAAE;AAC/F,QAAM,kBAAkB,OAAO,mBAAmB,CAAC;AAEnD,MAAI,CAAC,UAAU;AACb,YAAQ;AAAA,MACN;AAAA,IACF;AAAA,EACF;AAEA,SAAO,eAAe,SAAS,SAA6C;AAC1E,QAAI,CAAC,UAAU;AACb,aAAO,aAAa,KAAK;AAAA,IAC3B;AAEA,UAAM,EAAE,SAAS,IAAI,QAAQ;AAG7B,QAAI,SAAS,WAAW,QAAQ,GAAG;AACjC,aAAO,gBAAgB,SAAS,UAAU,QAAQ;AAAA,IACpD;AAGA,QAAI,SAAS,WAAW,MAAM,GAAG;AAC/B,aAAO,gBAAgB,SAAS,UAAU,QAAQ;AAAA,IACpD;AAGA,QAAI,SAAS,WAAW,OAAO,GAAG;AAChC,aAAO,gBAAgB,SAAS,UAAU,QAAQ;AAAA,IACpD;AAGA,eAAW,cAAc,iBAAiB;AACxC,UAAI,SAAS,WAAW,UAAU,GAAG;AACnC,eAAO,gBAAgB,SAAS,UAAU,QAAQ;AAAA,MACpD;AAAA,IACF;AAIA,QAAI,gBAAgB,OAAO,GAAG;AAC5B,UAAI,SAAS,WAAW,QAAQ,KAAK,kBAAkB,KAAK,QAAQ,GAAG;AACrE,eAAO,gBAAgB,SAAS,UAAU,QAAQ;AAAA,MACpD;AAAA,IACF;AAEA,WAAO,aAAa,KAAK;AAAA,EAC3B;AACF;AAaO,IAAM,kBAAkB;AAAA,EAC7B;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EACA;AACF;","names":[]}

package/dist/lib/renderer.d.ts

@@ -1,4 +1,4 @@
-import * as react from 'react';
+import * as React from 'react';
 import { Metadata } from 'next';
 import { BlockComponentRegistry } from './types.js';
 import '@repo/cms-schema/blocks';
@@ -7,9 +7,16 @@ type PageProps = {
     params: Promise<{
         slug: string[];
     }>;
+    searchParams?: Promise<{
+        [key: string]: string | string[] | undefined;
+    }>;
+    /** CMS API base URL (e.g., 'http://localhost:3000') */
+    cmsUrl: string;
     registry?: Partial<BlockComponentRegistry>;
     /** API key for CMS API authentication */
     apiKey?: string;
+    /** Website ID (required if not using env variables) */
+    websiteId?: string;
 };
 /**
  * Force dynamic rendering to ensure routes are always fresh.
@@ -25,12 +32,12 @@ declare const dynamic = "force-dynamic";
  *
  * Reconstructs the full path and fetches route via tRPC.
  */
-declare function ParametricRoutePage({ params, registry, apiKey }: PageProps): Promise<react.JSX.Element>;
+declare function ParametricRoutePage({ params, searchParams, registry, apiKey, cmsUrl, websiteId: providedWebsiteId, }: PageProps): Promise<React.JSX.Element>;
 /**
  * Generate metadata for the page.
  * Uses Next.js 15+ async params pattern.
  */
-declare function generateMetadata({ params, apiKey }: PageProps): Promise<Metadata>;
+declare function generateMetadata({ params, apiKey, cmsUrl, websiteId: providedWebsiteId, }: PageProps): Promise<Metadata>;
 declare function normalizePath(path: string): string;
 
 export { ParametricRoutePage as default, dynamic, generateMetadata, normalizePath };

package/dist/lib/renderer.js

@@ -1,9 +1,10 @@
 import {
   BlockRenderer
-} from "../chunk-RPM73PQZ.js";
+} from "../chunk-SJZTIW2I.js";
+import "../chunk-TIR3RJMY.js";
 import {
   getCmsClient
-} from "../chunk-G22U6UHQ.js";
+} from "../chunk-JHKDRASN.js";
 
 // ../../packages/cms-schema/src/blocks/article.ts
 function normalizeArticleContent(payload) {
@@ -204,7 +205,7 @@ var HeroBlockContentSchema = z6.object({
       message: "URL must be a valid full URL (http://... or https://...), relative path (/path), anchor (#anchor), or empty string"
     }
   ).optional().or(z6.literal("")),
-  backgroundImage: ImageReferenceSchema.optional(),
+  backgroundImage: ImageReferenceSchema.nullable().optional(),
   alignment: z6.enum(HeroAlignment).default("center")
 });
 var HERO_BLOCK_SCHEMA_NAME = "hero-block";
@@ -249,33 +250,86 @@ function isValidBlockSchemaName(name) {
 import { unstable_noStore } from "next/cache";
 import { notFound } from "next/navigation";
 import { jsx } from "react/jsx-runtime";
+function getWebsiteId(providedWebsiteId) {
+  const websiteId = providedWebsiteId ?? process.env.NEXT_PUBLIC_WEBSITE_ID ?? process.env.WEBSITE_ID ?? process.env.CMS_WEBSITE_ID;
+  if (!websiteId) {
+    throw new Error(
+      "Missing websiteId for website renderer. Either pass websiteId prop or set NEXT_PUBLIC_WEBSITE_ID (or WEBSITE_ID/CMS_WEBSITE_ID) to a valid UUID."
+    );
+  }
+  const uuidRegex = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+  if (!uuidRegex.test(websiteId)) {
+    throw new Error(
+      `Invalid websiteId "${websiteId}". Provide a valid UUID via prop or set NEXT_PUBLIC_WEBSITE_ID (or WEBSITE_ID/CMS_WEBSITE_ID).`
+    );
+  }
+  return websiteId;
+}
 var dynamic = "force-dynamic";
-async function ParametricRoutePage({ params, registry, apiKey }) {
+async function ParametricRoutePage({
+  params,
+  searchParams,
+  registry,
+  apiKey,
+  cmsUrl,
+  websiteId: providedWebsiteId
+}) {
   unstable_noStore();
+  const websiteId = getWebsiteId(providedWebsiteId);
   const { slug } = await params;
+  const resolvedSearchParams = await searchParams;
+  let aiPreviewIndex = null;
+  const aiPreviewParam = resolvedSearchParams?.ai_preview;
+  if (aiPreviewParam) {
+    const paramValue = Array.isArray(aiPreviewParam) ? aiPreviewParam[0] : aiPreviewParam;
+    if (paramValue) {
+      const parsed = parseInt(paramValue, 10);
+      if (!Number.isNaN(parsed)) {
+        aiPreviewIndex = parsed;
+      }
+    }
+  }
+  const editModeParam = resolvedSearchParams?.edit_mode;
+  const editMode = editModeParam === "true" || editModeParam === "1";
   const rawPath = `/${slug.join("/")}`;
   const path = normalizePath(rawPath);
-  const client = getCmsClient({ apiKey });
+  const client = getCmsClient({ apiKey, cmsUrl });
   try {
-    const { route } = await client.route.getByPath.query({ path });
+    const { route } = await client.route.getByPath.query({ websiteId, path });
     if (route.state !== "Live") {
       console.error(`Route found but not Live. Path: ${path}, State: ${route.state}`);
       notFound();
     }
     const blockPromises = route.block_ids.map(async (blockId) => {
       try {
-        const result = await client.block.getById.query({ id: blockId });
+        const result = await client.block.getById.query({ websiteId, id: blockId });
         return result.block;
       } catch (error) {
         console.error(`Failed to fetch block ${blockId}:`, error);
         return null;
       }
     });
-    const blockResults = await Promise.all(blockPromises);
+    const generatedBlocksPromise = aiPreviewIndex !== null ? client.block.getGeneratedByBlockIds.query({ websiteId, blockIds: route.block_ids }).catch((error) => {
+      console.error("Failed to fetch generated blocks:", error);
+      return { generatedBlocks: {} };
+    }) : Promise.resolve({ generatedBlocks: {} });
+    const [blockResults, { generatedBlocks }] = await Promise.all([
+      Promise.all(blockPromises),
+      generatedBlocksPromise
+    ]);
     const blocks = [];
     for (const block of blockResults) {
       if (!block || block.published_content === null) continue;
-      const content = block.published_content;
+      let content = null;
+      if (aiPreviewIndex !== null) {
+        const generatedBlock = generatedBlocks[block.id];
+        const variantIndex = aiPreviewIndex - 1;
+        const variants = generatedBlock?.generated_content;
+        if (variants && Array.isArray(variants) && variants[variantIndex]) {
+          content = variants[variantIndex].content;
+        }
+      }
+      content = content ?? block.published_content;
       if (!content) continue;
       if (block.schema_name === "article") {
         const article = normalizeArticleContent(content);
@@ -294,7 +348,15 @@ async function ParametricRoutePage({ params, registry, apiKey }) {
         content
       });
     }
-    return /* @__PURE__ */ jsx("main", { children: blocks.map((block) => /* @__PURE__ */ jsx(BlockRenderer, { registry: registry ?? {}, block }, block.id)) });
+    return /* @__PURE__ */ jsx("main", { children: blocks.map((block) => /* @__PURE__ */ jsx(
+      BlockRenderer,
+      {
+        block,
+        registry: registry ?? {},
+        disableEditable: !editMode
+      },
+      block.id
+    )) });
   } catch (error) {
     console.error(`Route fetch error for path: ${path}`, error);
     const errorCode = error instanceof Error && "data" in error ? error.data?.code : error instanceof Error && "code" in error ? error.code : void 0;
@@ -304,13 +366,19 @@ async function ParametricRoutePage({ params, registry, apiKey }) {
     throw error;
   }
 }
-async function generateMetadata({ params, apiKey }) {
+async function generateMetadata({
+  params,
+  apiKey,
+  cmsUrl,
+  websiteId: providedWebsiteId
+}) {
+  const websiteId = getWebsiteId(providedWebsiteId);
   const { slug } = await params;
   const rawPath = `/${slug.join("/")}`;
   const path = normalizePath(rawPath);
-  const client = getCmsClient({ apiKey });
+  const client = getCmsClient({ apiKey, cmsUrl });
   try {
-    const { route } = await client.route.getByPath.query({ path });
+    const { route } = await client.route.getByPath.query({ websiteId, path });
     return {
       title: `${route.path} | Website`,
       description: `Content page: ${route.path}`