npm - create-nextblock - Versions diffs - 0.2.78 → 0.8.0 - Mend

create-nextblock 0.2.78 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (413) hide show

package/templates/nextblock-template/lib/media/resolveMediaUrl.ts ADDED Viewed

@@ -0,0 +1,45 @@
+const BUNDLED_PUBLIC_MEDIA_KEYS = new Set([
+  'images/NBcover.webp',
+  'images/cap.webp',
+  'images/commerce-plan.webp',
+  'images/commerce-square.webp',
+  'images/commerce-wide.webp',
+  'images/cortex-ai-square.webp',
+  'images/cortex-ai.webp',
+  'images/developer.webp',
+  'images/extensibility.webp',
+  'images/goals.webp',
+  'images/included.webp',
+  'images/metadata_image.webp',
+  'images/nextblock-logo-small.webp',
+  'images/nx-graph.webp',
+  'images/pants.webp',
+  'images/programmer-upscaled.webp',
+  'images/t-shirt.webp',
+]);
+export function resolveMediaUrl(
+  objectKey?: string | null,
+  baseUrl = process.env.NEXT_PUBLIC_R2_BASE_URL || ''
+) {
+  if (!objectKey) return null;
+  if (objectKey.startsWith('http://') || objectKey.startsWith('https://')) {
+    return objectKey;
+  }
+  if (objectKey.startsWith('/')) {
+    return objectKey;
+  }
+  if (BUNDLED_PUBLIC_MEDIA_KEYS.has(objectKey)) {
+    return `/${objectKey}`;
+  }
+  const normalizedBaseUrl = baseUrl.replace(/\/+$/, '');
+  const normalizedObjectKey = objectKey.replace(/^\/+/, '');
+  return normalizedBaseUrl
+    ? `${normalizedBaseUrl}/${normalizedObjectKey}`
+    : `/${normalizedObjectKey}`;
+}

package/templates/nextblock-template/lib/posts/readTime.ts ADDED Viewed

@@ -0,0 +1,60 @@
+import type { Database } from '@nextblock-cms/db';
+type BlockRow = Database['public']['Tables']['blocks']['Row'];
+const WORDS_PER_MINUTE = 200;
+function extractPlainTextFromHtml(html: string) {
+  return html
+    .replace(/<style[\s\S]*?<\/style>/gi, ' ')
+    .replace(/<script[\s\S]*?<\/script>/gi, ' ')
+    .replace(/<[^>]+>/g, ' ')
+    .replace(/&nbsp;/g, ' ')
+    .replace(/&amp;/g, '&')
+    .replace(/\s+/g, ' ')
+    .trim();
+}
+function countWords(text: string) {
+  if (!text) {
+    return 0;
+  }
+  return text.split(' ').length;
+}
+export function estimateReadTimeMinutesFromHtmlFragments(htmlFragments: string[]) {
+  const words = htmlFragments.reduce((total, html) => {
+    const plainText = extractPlainTextFromHtml(html);
+    return total + countWords(plainText);
+  }, 0);
+  return Math.max(1, Math.round(words / WORDS_PER_MINUTE));
+}
+export function estimateReadTimeMinutesFromBlocks(
+  blocks: Array<Pick<BlockRow, 'block_type' | 'content'>> | undefined
+) {
+  if (!blocks || blocks.length === 0) {
+    return 1;
+  }
+  const htmlFragments = blocks.reduce<string[]>((fragments, block) => {
+    if (block.block_type !== 'text') {
+      return fragments;
+    }
+    const html =
+      typeof block.content === 'object' && block.content && 'html_content' in block.content
+        ? String((block.content as { html_content?: string }).html_content ?? '')
+        : '';
+    if (html) {
+      fragments.push(html);
+    }
+    return fragments;
+  }, []);
+  return estimateReadTimeMinutesFromHtmlFragments(htmlFragments);
+}

package/templates/nextblock-template/lib/privacy/consent-client.ts ADDED Viewed

@@ -0,0 +1,57 @@
+// Client-side consent cookie helpers. Safe to import from client components only.
+// The cookie is intentionally NOT HttpOnly so the analytics guard can read it
+// before any third-party request is made.
+import {
+  CONSENT_COOKIE_MAX_AGE,
+  CONSENT_COOKIE_NAME,
+  type ConsentPreference,
+} from './types';
+/** Window event dispatched when the visitor changes their consent choice. */
+export const CONSENT_CHANGE_EVENT = 'nb:consent-change';
+export function readConsent(): ConsentPreference | null {
+  if (typeof document === 'undefined') return null;
+  const entry = document.cookie
+    .split('; ')
+    .find((row) => row.startsWith(`${CONSENT_COOKIE_NAME}=`));
+  if (!entry) return null;
+  try {
+    const raw = decodeURIComponent(entry.slice(CONSENT_COOKIE_NAME.length + 1));
+    const parsed = JSON.parse(raw) as Partial<ConsentPreference>;
+    if (!parsed || typeof parsed !== 'object') return null;
+    return {
+      necessary: true,
+      analytics: Boolean(parsed.analytics),
+      marketing: Boolean(parsed.marketing),
+      token: typeof parsed.token === 'string' ? parsed.token : '',
+      ts: typeof parsed.ts === 'number' ? parsed.ts : 0,
+    };
+  } catch {
+    return null;
+  }
+}
+function randomToken(): string {
+  if (typeof window !== 'undefined' && window.crypto?.randomUUID) {
+    return window.crypto.randomUUID();
+  }
+  return `${Math.random().toString(36).slice(2)}${Date.now().toString(36)}`;
+}
+/** Persist a consent decision, broadcast the change, and return the record. */
+export function writeConsent(choice: { analytics: boolean; marketing: boolean }): ConsentPreference {
+  const value: ConsentPreference = {
+    necessary: true,
+    analytics: choice.analytics,
+    marketing: choice.marketing,
+    token: randomToken(),
+    ts: Date.now(),
+  };
+  const secure = typeof location !== 'undefined' && location.protocol === 'https:' ? '; Secure' : '';
+  document.cookie =
+    `${CONSENT_COOKIE_NAME}=${encodeURIComponent(JSON.stringify(value))}` +
+    `; Max-Age=${CONSENT_COOKIE_MAX_AGE}; Path=/; SameSite=Lax${secure}`;
+  window.dispatchEvent(new CustomEvent<ConsentPreference>(CONSENT_CHANGE_EVENT, { detail: value }));
+  return value;
+}

package/templates/nextblock-template/lib/privacy/settings.ts ADDED Viewed

@@ -0,0 +1,103 @@
+// Server-only read/write for the `privacy_settings` and `security_settings`
+// rows in the site_settings key-value table. Mirrors the copyright/bot-protection
+// pattern (createClient + RLS for writes; revalidatePath handled by callers).
+import { createClient } from '@nextblock-cms/db/server';
+import {
+  DEFAULT_PRIVACY_SETTINGS,
+  DEFAULT_SECURITY_SETTINGS,
+  MAX_TRUSTED_DEVICE_DAYS,
+  MIN_TRUSTED_DEVICE_DAYS,
+  type CorporateIdentity,
+  type PrivacySettings,
+  type SecuritySettings,
+} from './types';
+const PRIVACY_KEY = 'privacy_settings';
+const SECURITY_KEY = 'security_settings';
+function asString(value: unknown, fallback = ''): string {
+  return typeof value === 'string' ? value : fallback;
+}
+function asBool(value: unknown, fallback: boolean): boolean {
+  if (typeof value === 'boolean') return value;
+  if (typeof value === 'string') return value === 'true' || value === 'on';
+  return fallback;
+}
+function normalizePrivacy(value: unknown): PrivacySettings {
+  const raw = (value && typeof value === 'object' ? value : {}) as Record<string, unknown>;
+  const corporateRaw = (raw.corporate && typeof raw.corporate === 'object'
+    ? raw.corporate
+    : {}) as Record<string, unknown>;
+  const corporate: CorporateIdentity = {
+    legal_name: asString(corporateRaw.legal_name),
+    address: asString(corporateRaw.address),
+    support_email: asString(corporateRaw.support_email),
+  };
+  return {
+    banner_enabled: asBool(raw.banner_enabled, DEFAULT_PRIVACY_SETTINGS.banner_enabled),
+    gtm_id: asString(raw.gtm_id),
+    ga_measurement_id: asString(raw.ga_measurement_id),
+    custom_scripts: asString(raw.custom_scripts),
+    corporate,
+  };
+}
+function clampTrustDays(value: unknown): number {
+  const n = typeof value === 'number' ? value : Number.parseInt(asString(value), 10);
+  if (!Number.isFinite(n)) return DEFAULT_SECURITY_SETTINGS.trusted_device_days;
+  return Math.min(MAX_TRUSTED_DEVICE_DAYS, Math.max(MIN_TRUSTED_DEVICE_DAYS, Math.round(n)));
+}
+function normalizeSecurity(value: unknown): SecuritySettings {
+  const raw = (value && typeof value === 'object' ? value : {}) as Record<string, unknown>;
+  return {
+    trusted_device_days: clampTrustDays(raw.trusted_device_days),
+    enforce_staff_2fa: asBool(raw.enforce_staff_2fa, DEFAULT_SECURITY_SETTINGS.enforce_staff_2fa),
+  };
+}
+export async function getPrivacySettings(): Promise<PrivacySettings> {
+  const supabase = createClient();
+  const { data } = await supabase
+    .from('site_settings')
+    .select('value')
+    .eq('key', PRIVACY_KEY)
+    .maybeSingle();
+  return normalizePrivacy(data?.value);
+}
+export async function getSecuritySettings(): Promise<SecuritySettings> {
+  const supabase = createClient();
+  const { data } = await supabase
+    .from('site_settings')
+    .select('value')
+    .eq('key', SECURITY_KEY)
+    .maybeSingle();
+  return normalizeSecurity(data?.value);
+}
+export async function savePrivacySettings(input: PrivacySettings): Promise<void> {
+  const supabase = createClient();
+  const value = normalizePrivacy(input);
+  const { error } = await supabase
+    .from('site_settings')
+    .upsert({ key: PRIVACY_KEY, value });
+  if (error) {
+    console.error('Error saving privacy settings:', error.message);
+    throw new Error('Failed to save privacy settings.');
+  }
+}
+export async function saveSecuritySettings(input: SecuritySettings): Promise<void> {
+  const supabase = createClient();
+  const value = normalizeSecurity(input);
+  const { error } = await supabase
+    .from('site_settings')
+    .upsert({ key: SECURITY_KEY, value });
+  if (error) {
+    console.error('Error saving security settings:', error.message);
+    throw new Error('Failed to save security settings.');
+  }
+}

package/templates/nextblock-template/lib/privacy/types.ts ADDED Viewed

@@ -0,0 +1,67 @@
+// Pure, client-safe privacy/security types and constants.
+// Importable from both client and server modules (no server-only dependencies).
+/** Cookie that stores the visitor's consent decision. Readable client-side so the
+ *  analytics guard can gate third-party scripts before any network request. */
+export const CONSENT_COOKIE_NAME = 'nb_consent_preference';
+/** How long a stored consent decision is honoured before we re-ask (seconds). */
+export const CONSENT_COOKIE_MAX_AGE = 365 * 24 * 60 * 60;
+export interface ConsentCategories {
+  /** Strictly necessary cookies are always on and cannot be declined. */
+  necessary: true;
+  analytics: boolean;
+  marketing: boolean;
+}
+export interface ConsentPreference extends ConsentCategories {
+  /** Opaque token also written to privacy_consent_logs for auditability. */
+  token: string;
+  /** Epoch milliseconds the decision was recorded. */
+  ts: number;
+}
+export interface CorporateIdentity {
+  legal_name: string;
+  address: string;
+  support_email: string;
+}
+export interface PrivacySettings {
+  /** Master switch for the Law 25 consent banner. */
+  banner_enabled: boolean;
+  /** Google Tag Manager container id (GTM-XXXX). Loaded only after consent. */
+  gtm_id: string;
+  /** Optional GA4 measurement id, surfaced for reference / future use. */
+  ga_measurement_id: string;
+  /** Arbitrary extra <script> markup, injected only after analytics consent. */
+  custom_scripts: string;
+  corporate: CorporateIdentity;
+}
+export interface SecuritySettings {
+  /** Default lifetime of a "remember this device" trust, in days. */
+  trusted_device_days: number;
+  /** When true, staff (ADMIN/WRITER) are expected to configure 2FA. Advisory. */
+  enforce_staff_2fa: boolean;
+}
+export const DEFAULT_PRIVACY_SETTINGS: PrivacySettings = {
+  banner_enabled: true,
+  gtm_id: '',
+  ga_measurement_id: '',
+  custom_scripts: '',
+  corporate: { legal_name: '', address: '', support_email: '' },
+};
+export const MIN_TRUSTED_DEVICE_DAYS = 1;
+export const MAX_TRUSTED_DEVICE_DAYS = 3650; // 10 years
+export const DEFAULT_TRUSTED_DEVICE_DAYS = 30;
+export const DEFAULT_SECURITY_SETTINGS: SecuritySettings = {
+  trusted_device_days: DEFAULT_TRUSTED_DEVICE_DAYS,
+  enforce_staff_2fa: false,
+};
+export type MfaType = 'totp' | 'email';

package/templates/nextblock-template/lib/promotions/server.test.ts ADDED Viewed

@@ -0,0 +1,74 @@
+import { describe, expect, it, vi } from "vitest";
+vi.mock("server-only", () => ({}));
+vi.mock("@nextblock-cms/db/server", () => ({
+  getServiceRoleSupabaseClient: () => ({}),
+}));
+vi.mock("@nextblock-cms/ecommerce/server", () => ({
+  syncProductSaleCouponToFreemius: vi.fn(),
+}));
+import { normalizeDateInput, parsePriceCell } from "./server";
+describe("normalizeDateInput", () => {
+  it("treats an empty value as a valid no-op", () => {
+    expect(normalizeDateInput("", "start")).toEqual({ value: null, valid: true });
+    expect(normalizeDateInput(undefined, "end")).toEqual({ value: null, valid: true });
+  });
+  it("makes a date-only start the start of the day and a date-only end the end of the day", () => {
+    const start = normalizeDateInput("2026-06-10", "start");
+    expect(start.valid).toBe(true);
+    const startDate = new Date(start.value as string);
+    expect([startDate.getHours(), startDate.getMinutes(), startDate.getSeconds()]).toEqual([0, 0, 0]);
+    const end = normalizeDateInput("2026-06-10", "end");
+    expect(end.valid).toBe(true);
+    const endDate = new Date(end.value as string);
+    expect([endDate.getHours(), endDate.getMinutes(), endDate.getSeconds()]).toEqual([23, 59, 59]);
+  });
+  it("forces end seconds to 59 and start seconds to 0 for timed values", () => {
+    const end = new Date(normalizeDateInput("2026-06-10T14:30", "end").value as string);
+    expect(end.getSeconds()).toBe(59);
+    expect(end.getMinutes()).toBe(30);
+    const start = new Date(normalizeDateInput("2026-06-10T14:30", "start").value as string);
+    expect(start.getSeconds()).toBe(0);
+    expect(start.getMinutes()).toBe(30);
+  });
+  it("rejects unparseable values", () => {
+    expect(normalizeDateInput("not-a-date", "start")).toEqual({ value: null, valid: false });
+  });
+});
+describe("parsePriceCell", () => {
+  it("returns nulls for an empty cell", () => {
+    expect(parsePriceCell("")).toEqual({ scalar: null, map: null, error: null });
+  });
+  it("parses a single number", () => {
+    expect(parsePriceCell("14.99")).toEqual({ scalar: 14.99, map: null, error: null });
+  });
+  it("parses a multi-currency JSON map and upper-cases codes", () => {
+    const result = parsePriceCell('{"usd":14.99,"EUR":13.5}');
+    expect(result.error).toBeNull();
+    expect(result.scalar).toBeNull();
+    expect(result.map).toEqual({ USD: 14.99, EUR: 13.5 });
+  });
+  it("keeps null entries in a JSON map (clearing a currency)", () => {
+    const result = parsePriceCell('{"USD":null}');
+    expect(result.error).toBeNull();
+    expect(result.map).toEqual({ USD: null });
+  });
+  it("rejects negative or non-numeric input", () => {
+    expect(parsePriceCell("-5").error).toBeTruthy();
+    expect(parsePriceCell("abc").error).toBeTruthy();
+    expect(parsePriceCell('{"USD":-1}').error).toBeTruthy();
+    expect(parsePriceCell("[1,2]").error).toBeTruthy();
+  });
+});