create-nextblock 0.8.11 → 0.9.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/bin/create-nextblock.js +101 -35
- package/docker-template/.dockerignore +23 -0
- package/docker-template/.env.docker.example +56 -0
- package/docker-template/Dockerfile +85 -0
- package/docker-template/docker/db/init/99-jwt.sql +6 -0
- package/docker-template/docker/db/init/99-roles.sql +25 -0
- package/docker-template/docker/kong/kong.yml +112 -0
- package/docker-template/docker/migrate/run-migrations.sh +51 -0
- package/docker-template/docker-compose.yml +219 -0
- package/docker-template/scripts/docker-setup.mjs +242 -0
- package/package.json +1 -1
- package/scripts/sync-template.js +29 -0
- package/templates/nextblock-template/.dockerignore +23 -0
- package/templates/nextblock-template/Dockerfile +85 -0
- package/templates/nextblock-template/app/[slug]/page.tsx +5 -0
- package/templates/nextblock-template/app/actions.ts +58 -8
- package/templates/nextblock-template/app/api/cron/reset-sandbox/sandboxResetSql.ts +83 -0
- package/templates/nextblock-template/app/api/upload/presigned-url/route.ts +9 -9
- package/templates/nextblock-template/app/article/[slug]/page.tsx +5 -0
- package/templates/nextblock-template/app/cms/settings/security/actions.ts +30 -0
- package/templates/nextblock-template/app/cms/settings/security/components/SecurityPanel.tsx +69 -0
- package/templates/nextblock-template/app/layout.tsx +57 -3
- package/templates/nextblock-template/app/lib/site-settings.ts +22 -7
- package/templates/nextblock-template/app/page.tsx +6 -0
- package/templates/nextblock-template/app/product/[slug]/page.tsx +5 -0
- package/templates/nextblock-template/app/setup/SetupWizard.tsx +771 -0
- package/templates/nextblock-template/app/setup/layout.tsx +13 -0
- package/templates/nextblock-template/app/setup/page.tsx +103 -0
- package/templates/nextblock-template/components/AppShell.tsx +12 -0
- package/templates/nextblock-template/components/header-auth.tsx +24 -62
- package/templates/nextblock-template/docker/db/init/99-jwt.sql +6 -0
- package/templates/nextblock-template/docker/db/init/99-roles.sql +25 -0
- package/templates/nextblock-template/docker/kong/kong.yml +112 -0
- package/templates/nextblock-template/docker/migrate/run-migrations.sh +51 -0
- package/templates/nextblock-template/docker-compose.yml +219 -0
- package/templates/nextblock-template/docs/11-SELF-HOSTED-DOCKER.md +173 -0
- package/templates/nextblock-template/docs/12-VERCEL-DEPLOYMENT.md +67 -0
- package/templates/nextblock-template/docs/README.md +2 -0
- package/templates/nextblock-template/lib/blocks/FeaturedProductBlock.tsx +1 -1
- package/templates/nextblock-template/lib/blocks/ProductGridBlock.tsx +1 -1
- package/templates/nextblock-template/lib/custom-block-r2-upload.test.ts +5 -5
- package/templates/nextblock-template/lib/custom-block-r2-upload.ts +2 -2
- package/templates/nextblock-template/lib/setup/actions.ts +370 -0
- package/templates/nextblock-template/lib/setup/env-status.ts +86 -0
- package/templates/nextblock-template/lib/setup/env-write.ts +111 -0
- package/templates/nextblock-template/lib/setup/provisioning.ts +59 -0
- package/templates/nextblock-template/lib/setup/schema-apply.ts +379 -0
- package/templates/nextblock-template/lib/setup/system-config.ts +105 -0
- package/templates/nextblock-template/lib/setup/types.ts +18 -0
- package/templates/nextblock-template/next.config.js +9 -0
- package/templates/nextblock-template/package.json +6 -2
- package/templates/nextblock-template/proxy.ts +143 -49
- package/templates/nextblock-template/scripts/docker-setup.mjs +242 -0
- package/templates/nextblock-template/tsconfig.tsbuildinfo +1 -1
|
@@ -0,0 +1,173 @@
|
|
|
1
|
+
# 11 Self-Hosted Docker Mode
|
|
2
|
+
|
|
3
|
+
## Purpose
|
|
4
|
+
|
|
5
|
+
NextBlock can run as a complete, fully local stack with one command — **no Supabase
|
|
6
|
+
Cloud, Vercel, Cloudflare R2, or SMTP account required**. It mirrors the production
|
|
7
|
+
topology (Next.js 16 app + Supabase API behind a gateway + S3 object storage) on your
|
|
8
|
+
own machine, so the **same application code runs locally and in the cloud with no
|
|
9
|
+
variations** — only environment values differ.
|
|
10
|
+
|
|
11
|
+
This is the "one-click local sandbox": pick Docker, and the installer drop-ships a
|
|
12
|
+
hardened multi-stage app image alongside the core Supabase engines, an automated
|
|
13
|
+
migration runner, and S3-compatible storage.
|
|
14
|
+
|
|
15
|
+
## Choosing it
|
|
16
|
+
|
|
17
|
+
Both initializers offer the choice up front:
|
|
18
|
+
|
|
19
|
+
- **Monorepo / `git clone`:** `npm run setup` → select **"Local Self-Hosted Docker Mode"**
|
|
20
|
+
- **Standalone CLI:** `npm create nextblock` → the same selector
|
|
21
|
+
- **Direct:** `npm run docker:setup`
|
|
22
|
+
|
|
23
|
+
In every case the work is driven by a single root hook: **`npm run docker:setup`**.
|
|
24
|
+
|
|
25
|
+
## Prerequisites
|
|
26
|
+
|
|
27
|
+
- **Docker Desktop** installed and running (<https://www.docker.com/products/docker-desktop>).
|
|
28
|
+
- That's it. No cloud accounts, keys, or manual migrations.
|
|
29
|
+
|
|
30
|
+
## Quick start
|
|
31
|
+
|
|
32
|
+
```bash
|
|
33
|
+
# Monorepo
|
|
34
|
+
git clone https://github.com/nextblock-cms/nextblock.git
|
|
35
|
+
cd nextblock
|
|
36
|
+
npm install
|
|
37
|
+
npm run docker:setup # or: npm run setup → pick Docker
|
|
38
|
+
|
|
39
|
+
# Standalone project
|
|
40
|
+
npm create nextblock # → pick "Local Self-Hosted Docker Mode"
|
|
41
|
+
```
|
|
42
|
+
|
|
43
|
+
`docker:setup` then:
|
|
44
|
+
|
|
45
|
+
1. Verifies Docker is installed and running.
|
|
46
|
+
2. Asks **two optional questions** (Cloudflare Turnstile, SMTP) — both skippable with Enter.
|
|
47
|
+
3. Generates a root `.env` with secure random secrets and **properly-signed Supabase
|
|
48
|
+
anon/service keys** (real HS256 JWTs derived from a generated `JWT_SECRET`).
|
|
49
|
+
4. Builds the app image and boots the whole stack.
|
|
50
|
+
|
|
51
|
+
When it finishes:
|
|
52
|
+
|
|
53
|
+
| What | Where |
|
|
54
|
+
| :--- | :--- |
|
|
55
|
+
| App | <http://localhost:3000> |
|
|
56
|
+
| Sign up | <http://localhost:3000/sign-up> — the **first account becomes ADMIN** |
|
|
57
|
+
| Supabase API gateway | <http://localhost:8000> |
|
|
58
|
+
| MinIO console | <http://localhost:9001> |
|
|
59
|
+
|
|
60
|
+
With no SMTP configured, accounts are **auto-confirmed** and the first sign-up lands
|
|
61
|
+
straight in `/cms/dashboard` — no confirmation email step.
|
|
62
|
+
|
|
63
|
+
## The two optional prompts
|
|
64
|
+
|
|
65
|
+
| Prompt | If you skip it |
|
|
66
|
+
| :--- | :--- |
|
|
67
|
+
| **Cloudflare Turnstile** site + secret key | Uses Cloudflare's official "always pass" test keys — forms work, with no real bot protection. |
|
|
68
|
+
| **SMTP** host (+ port / user / pass / from) | GoTrue **auto-confirms** sign-ups; no email is sent, and the first admin can sign in immediately. |
|
|
69
|
+
|
|
70
|
+
Provide real SMTP if you want actual confirmation emails — auto-confirm is then disabled,
|
|
71
|
+
exactly like the cloud flow.
|
|
72
|
+
|
|
73
|
+
## What you get (the stack)
|
|
74
|
+
|
|
75
|
+
The root `docker-compose.yml` runs a trimmed, production-equivalent Supabase stack plus
|
|
76
|
+
the app. Every image tag is pinned and overridable via an env var (e.g. `SUPABASE_DB_IMAGE`).
|
|
77
|
+
|
|
78
|
+
| Service | Image (default) | Role |
|
|
79
|
+
| :--- | :--- | :--- |
|
|
80
|
+
| `db` | `supabase/postgres` | Postgres with the Supabase roles, schemas, and extensions. Named volume `nextblock_db_store`. |
|
|
81
|
+
| `auth` | `supabase/gotrue` | Auth: sessions, JWTs, the `auth.users` table. |
|
|
82
|
+
| `rest` | `postgrest/postgrest` | Instant REST API over the `public` / `graphql_public` schemas. |
|
|
83
|
+
| `kong` | `kong` | Edge gateway — maps `/auth/v1`, `/rest/v1`, `/graphql/v1` to port **8000**. |
|
|
84
|
+
| `minio` + `minio-init` | `minio/minio`, `minio/mc` | S3-compatible media storage + a public `nextblock` bucket. Named volume `nextblock_media`. |
|
|
85
|
+
| `migrate` | `postgres:alpine` | Applies `libs/db/src/supabase/migrations` in order, **once**, then exits. |
|
|
86
|
+
| `nextblock-cms` | built locally | The Next.js standalone app on **3000**. Boots **only after `migrate` succeeds**. |
|
|
87
|
+
|
|
88
|
+
Both named volumes persist your database and uploaded media across restarts.
|
|
89
|
+
|
|
90
|
+
### Commands
|
|
91
|
+
|
|
92
|
+
| Command | Does |
|
|
93
|
+
| :--- | :--- |
|
|
94
|
+
| `npm run docker:setup` | Generate `.env` → build → up. The one-click entry point. |
|
|
95
|
+
| `npm run docker:up` | Rebuild and (re)start the stack. |
|
|
96
|
+
| `npm run docker:down` | Stop the stack. Add `-v` to also delete the volumes (wipes local data). |
|
|
97
|
+
| `npm run docker:logs` | Follow the app logs (`docker compose logs -f nextblock-cms`). |
|
|
98
|
+
|
|
99
|
+
### Ports (override with env vars)
|
|
100
|
+
|
|
101
|
+
`APP_PORT` (3000), `KONG_HTTP_PORT` (8000), `MINIO_S3_PORT` (9000),
|
|
102
|
+
`MINIO_CONSOLE_PORT` (9001), `POSTGRES_PORT_EXTERNAL` (54322).
|
|
103
|
+
|
|
104
|
+
## How it works
|
|
105
|
+
|
|
106
|
+
The interesting part is making one codebase work unchanged in both modes. A few
|
|
107
|
+
mechanisms make that possible:
|
|
108
|
+
|
|
109
|
+
- **Standalone build.** The app Dockerfile is multi-stage (deps → builder → hardened
|
|
110
|
+
non-root runner) and builds with Next.js `output: 'standalone'`, gated on a
|
|
111
|
+
`DOCKER_BUILD` env var so normal/Vercel builds are untouched. The runner ships only the
|
|
112
|
+
traced server tree, `.next/static`, and `public`.
|
|
113
|
+
|
|
114
|
+
- **One URL + an in-container loopback proxy.** The browser reaches Supabase at
|
|
115
|
+
`http://localhost:8000`, and that value is inlined into the build. Server-side code runs
|
|
116
|
+
*inside* the container, where `localhost` has nothing — so the runner starts a tiny
|
|
117
|
+
`socat` proxy that forwards in-container `127.0.0.1:8000 → kong:8000` and
|
|
118
|
+
`127.0.0.1:9000 → minio:9000`. Browser and server therefore use the **same URL**, which
|
|
119
|
+
also keeps the Supabase auth-cookie key (derived from the URL host) identical on both
|
|
120
|
+
sides so SSR can read the session.
|
|
121
|
+
|
|
122
|
+
- **Storage on `127.0.0.1`.** Media URLs use `http://127.0.0.1:9000` (not `localhost`).
|
|
123
|
+
On `localhost`, cookies are not port-scoped, so the browser would otherwise send the
|
|
124
|
+
app's auth cookies to MinIO and trip its header-size limit. `127.0.0.1` is a different
|
|
125
|
+
cookie host, so MinIO always receives clean image requests.
|
|
126
|
+
|
|
127
|
+
- **Migration runner.** The `migrate` service waits for the database to be healthy and
|
|
128
|
+
for GoTrue to create `auth.users` (the schema FKs to it), then applies each migration in
|
|
129
|
+
order inside a transaction. It records applied versions, so restarts never re-run a
|
|
130
|
+
migration.
|
|
131
|
+
|
|
132
|
+
- **Generated keys.** `docker:setup` generates a `JWT_SECRET` and derives valid HS256
|
|
133
|
+
`anon` and `service_role` JWTs from it (using Node's built-in `crypto`), so GoTrue,
|
|
134
|
+
PostgREST, and Kong all validate against the same secret out of the box.
|
|
135
|
+
|
|
136
|
+
## Cloud vs Docker — same code, different env
|
|
137
|
+
|
|
138
|
+
There are **no application code paths** specific to Docker. The difference is purely
|
|
139
|
+
configuration:
|
|
140
|
+
|
|
141
|
+
| | Managed Cloud | Self-Hosted Docker |
|
|
142
|
+
| :--- | :--- | :--- |
|
|
143
|
+
| Database / Auth | Supabase Cloud | `supabase/postgres` + `supabase/gotrue` |
|
|
144
|
+
| Object storage | Cloudflare R2 | MinIO (S3-compatible) |
|
|
145
|
+
| Email | Required SMTP | Optional — GoTrue auto-confirms without it |
|
|
146
|
+
| Run command | `npx nx serve nextblock` / Vercel | `npm run docker:setup` |
|
|
147
|
+
| Config | `.env.local` (cloud keys) | `.env` (generated local secrets) |
|
|
148
|
+
|
|
149
|
+
> The R2 client already speaks S3, so MinIO is pointed at it via `R2_S3_ENDPOINT` /
|
|
150
|
+
> `R2_FORCE_PATH_STYLE`; uploads are signed for the browser via `R2_S3_PUBLIC_ENDPOINT`.
|
|
151
|
+
> A reference of every key the stack reads lives in `.env.docker.example`.
|
|
152
|
+
|
|
153
|
+
## Troubleshooting
|
|
154
|
+
|
|
155
|
+
- **"Docker is not installed or not running."** Start Docker Desktop and re-run
|
|
156
|
+
`npm run docker:setup`.
|
|
157
|
+
|
|
158
|
+
- **`port is already allocated`.** Another process (often a previous stack) holds 8000 /
|
|
159
|
+
9000 / 3000 / 54322. Stop it, or override the port env vars above.
|
|
160
|
+
|
|
161
|
+
- **GoTrue fails with `password authentication failed for user "supabase_auth_admin"`
|
|
162
|
+
(28P01) after a re-clone.** A leftover named volume from a previous install still holds
|
|
163
|
+
the old password, while your new `.env` has fresh secrets. Postgres only runs its
|
|
164
|
+
credential-setting init scripts on an *empty* volume. Fix:
|
|
165
|
+
`docker compose down -v && npm run docker:up`. (`docker:setup` does this automatically
|
|
166
|
+
when it generates a brand-new `.env`.)
|
|
167
|
+
|
|
168
|
+
- **Re-running `docker:setup`.** If a `.env` already exists it **reuses your secrets and
|
|
169
|
+
keeps your data** — safe to re-run to rebuild after pulling changes.
|
|
170
|
+
|
|
171
|
+
- **Wipe everything and start clean.** `docker compose down -v` removes the containers and
|
|
172
|
+
both named volumes (database + media).
|
|
173
|
+
</content>
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
# 12 · Cloud Deployment (Deploy to Vercel)
|
|
2
|
+
|
|
3
|
+
NextBlock ships a one-click **Deploy to Vercel** button (see the README) that brings
|
|
4
|
+
up a production instance already connected to a managed Supabase project. From there,
|
|
5
|
+
the in-app **First-Boot Setup Wizard** (`/setup`) finishes configuration in the
|
|
6
|
+
browser — there is no terminal step.
|
|
7
|
+
|
|
8
|
+
## How the button works
|
|
9
|
+
|
|
10
|
+
The badge links to `https://vercel.com/new/clone` with these query parameters:
|
|
11
|
+
|
|
12
|
+
| Parameter | Purpose |
|
|
13
|
+
| :--- | :--- |
|
|
14
|
+
| `repository-url` | The NextBlock repo to clone into the user's Git provider. |
|
|
15
|
+
| `integration-ids=oac_VqOgBHqhEoFTPzGkPd7L0iH6` | Vercel's **Supabase integration**. During import, Vercel provisions (or links) a Supabase project and injects its environment variables automatically. |
|
|
16
|
+
| `env=NEXT_PUBLIC_URL,CRON_SECRET,DRAFT_MODE_SECRET,REVALIDATE_SECRET_TOKEN` | The remaining variables Vercel prompts for. Only variable **names** are listed — never secret values. |
|
|
17
|
+
| `envDescription` / `envLink` | Help text + a link back to this doc. |
|
|
18
|
+
|
|
19
|
+
The Supabase integration injects the keys the app needs to boot:
|
|
20
|
+
`NEXT_PUBLIC_SUPABASE_URL`, `NEXT_PUBLIC_SUPABASE_ANON_KEY`,
|
|
21
|
+
`SUPABASE_SERVICE_ROLE_KEY`, and `POSTGRES_URL`. Because those are present on first
|
|
22
|
+
boot, the instance is **Profile A (pre-configured)**: the wizard skips the connection
|
|
23
|
+
step and goes straight to creating the first administrator.
|
|
24
|
+
|
|
25
|
+
## What the wizard does on Vercel
|
|
26
|
+
|
|
27
|
+
1. **Database** — already connected (integration-injected). The wizard verifies a
|
|
28
|
+
first admin doesn't exist yet, otherwise it redirects to `/cms/dashboard`.
|
|
29
|
+
2. **Schema** — apply the migrations to the managed Supabase project. The Supabase
|
|
30
|
+
integration creates the project but does **not** run NextBlock's migrations, so run
|
|
31
|
+
them once after the first deploy (locally against the project, or via the Supabase
|
|
32
|
+
dashboard SQL editor) — see [docs/04](./04-DATABASE-AND-AUTH.md) and
|
|
33
|
+
[docs/05](./05-DEVELOPER-GUIDE.md).
|
|
34
|
+
3. **Storage** — pre-filled for **Supabase Storage** (S3-compatible). The wizard's
|
|
35
|
+
storage step shows the endpoint derived from your Supabase URL
|
|
36
|
+
(`<project>/storage/v1/s3`). Create an S3 access key in the Supabase dashboard
|
|
37
|
+
(Storage → S3 connection) and set `R2_ACCESS_KEY_ID` / `R2_SECRET_ACCESS_KEY` in
|
|
38
|
+
your Vercel project environment. (Cloudflare R2 remains the default for non-Vercel
|
|
39
|
+
installs — it has a more generous free storage tier; only the one-click Vercel
|
|
40
|
+
path defaults to Supabase Storage.)
|
|
41
|
+
4. **Email / Bot protection / Sign-ups** — optional steps; bot-protection and the
|
|
42
|
+
sign-up policy persist to the database and work immediately. SMTP, if used, is set
|
|
43
|
+
as Vercel environment variables.
|
|
44
|
+
5. **Administrator** — create the first admin. The account is created already
|
|
45
|
+
confirmed (`email_confirm: true`), so no verification email is required.
|
|
46
|
+
|
|
47
|
+
> Filesystem is read-only on Vercel, so the wizard never writes `.env.local` there —
|
|
48
|
+
> all configuration is environment variables (platform-managed) plus the database.
|
|
49
|
+
|
|
50
|
+
## Cron jobs and the free tier
|
|
51
|
+
|
|
52
|
+
`vercel.json` declares two daily crons (`/api/cron/reset-sandbox` and
|
|
53
|
+
`/api/cron/sync-currencies`). Vercel's **Hobby (free) tier allows one cron per day**.
|
|
54
|
+
For a free-tier production deploy, either:
|
|
55
|
+
|
|
56
|
+
- Upgrade to a paid plan (both crons run as declared), **or**
|
|
57
|
+
- Keep only the cron you need (most production sites don't need `reset-sandbox`, which
|
|
58
|
+
exists for the public demo sandbox), **or**
|
|
59
|
+
- Consolidate both jobs into a single cron handler.
|
|
60
|
+
|
|
61
|
+
This is intentionally left as a deploy-time decision rather than changed in the repo,
|
|
62
|
+
since the sandbox/demo deploy relies on both crons.
|
|
63
|
+
|
|
64
|
+
## After deploy
|
|
65
|
+
|
|
66
|
+
Visit the deployment URL — it redirects to `/setup` until the first admin exists.
|
|
67
|
+
Complete the wizard, then sign in at `/cms/dashboard`.
|
|
@@ -16,6 +16,7 @@ library surfaces rather than historical planning notes.
|
|
|
16
16
|
- Cortex AI architecture: [08-NEXTBLOCK-CORTEX-AI-ARCHITECTURE.md](./08-NEXTBLOCK-CORTEX-AI-ARCHITECTURE.md)
|
|
17
17
|
- Live draft (visual editing) mode: [09-LIVE-DRAFT-MODE.md](./09-LIVE-DRAFT-MODE.md)
|
|
18
18
|
- Custom blocks (data-driven CRUD): [10-CUSTOM-BLOCKS.md](./10-CUSTOM-BLOCKS.md)
|
|
19
|
+
- Self-hosted local Docker stack: [11-SELF-HOSTED-DOCKER.md](./11-SELF-HOSTED-DOCKER.md)
|
|
19
20
|
|
|
20
21
|
## Audience Guide
|
|
21
22
|
|
|
@@ -25,6 +26,7 @@ library surfaces rather than historical planning notes.
|
|
|
25
26
|
- Custom block work: read `03`, then `10`.
|
|
26
27
|
- AI / Cortex work: read `08`.
|
|
27
28
|
- CLI or template work: read `06`.
|
|
29
|
+
- Running everything locally without cloud accounts: read `11`.
|
|
28
30
|
- AI agents: start with this index, then move directly to the subsystem file that
|
|
29
31
|
matches the task. Treat `apps/nextblock`, `libs/*`, and
|
|
30
32
|
`libs/db/src/supabase/migrations` as the final authority if a doc and code ever
|
|
@@ -25,7 +25,7 @@ export const FeaturedProductBlock = async ({ content }: { content: FeaturedProdu
|
|
|
25
25
|
} else if (process.env.NEXT_PUBLIC_R2_BASE_URL) {
|
|
26
26
|
imageUrl = `${process.env.NEXT_PUBLIC_R2_BASE_URL}/${mediaItem.file_path}`;
|
|
27
27
|
} else {
|
|
28
|
-
imageUrl = `${process.env.NEXT_PUBLIC_SUPABASE_URL}/storage/v1/object/public/media/${mediaItem.file_path}`;
|
|
28
|
+
imageUrl = `${process.env.NEXT_PUBLIC_SUPABASE_URL ?? ''}/storage/v1/object/public/media/${mediaItem.file_path}`;
|
|
29
29
|
}
|
|
30
30
|
}
|
|
31
31
|
|
|
@@ -62,7 +62,7 @@ export const ProductGridBlock = async ({
|
|
|
62
62
|
} else if (process.env.NEXT_PUBLIC_R2_BASE_URL) {
|
|
63
63
|
imageUrl = `${process.env.NEXT_PUBLIC_R2_BASE_URL}/${mediaItem.file_path}`;
|
|
64
64
|
} else {
|
|
65
|
-
imageUrl = `${process.env.NEXT_PUBLIC_SUPABASE_URL}/storage/v1/object/public/media/${mediaItem.file_path}`;
|
|
65
|
+
imageUrl = `${process.env.NEXT_PUBLIC_SUPABASE_URL ?? ''}/storage/v1/object/public/media/${mediaItem.file_path}`;
|
|
66
66
|
}
|
|
67
67
|
}
|
|
68
68
|
|
|
@@ -3,7 +3,7 @@ import { beforeEach, describe, expect, it, vi } from 'vitest';
|
|
|
3
3
|
vi.mock('server-only', () => ({}));
|
|
4
4
|
|
|
5
5
|
const mocks = vi.hoisted(() => ({
|
|
6
|
-
|
|
6
|
+
getS3PresignClientMock: vi.fn(),
|
|
7
7
|
getSignedUrlMock: vi.fn(),
|
|
8
8
|
getUserMock: vi.fn(),
|
|
9
9
|
profileSingleMock: vi.fn(),
|
|
@@ -28,7 +28,7 @@ vi.mock('@nextblock-cms/db/server', () => ({
|
|
|
28
28
|
}));
|
|
29
29
|
|
|
30
30
|
vi.mock('@nextblock-cms/utils/server', () => ({
|
|
31
|
-
|
|
31
|
+
getS3PresignClient: mocks.getS3PresignClientMock,
|
|
32
32
|
}));
|
|
33
33
|
|
|
34
34
|
vi.mock('@aws-sdk/client-s3', () => ({
|
|
@@ -82,7 +82,7 @@ describe('custom block R2 presigned upload flow', () => {
|
|
|
82
82
|
);
|
|
83
83
|
|
|
84
84
|
expect(response.status).toBe(401);
|
|
85
|
-
expect(mocks.
|
|
85
|
+
expect(mocks.getS3PresignClientMock).not.toHaveBeenCalled();
|
|
86
86
|
});
|
|
87
87
|
|
|
88
88
|
it('rejects oversized files for authorized writers', async () => {
|
|
@@ -103,13 +103,13 @@ describe('custom block R2 presigned upload flow', () => {
|
|
|
103
103
|
|
|
104
104
|
expect(response.status).toBe(400);
|
|
105
105
|
expect(payload.error).toContain('10 MB');
|
|
106
|
-
expect(mocks.
|
|
106
|
+
expect(mocks.getS3PresignClientMock).not.toHaveBeenCalled();
|
|
107
107
|
});
|
|
108
108
|
|
|
109
109
|
it('returns a direct PUT upload space for authorized writers', async () => {
|
|
110
110
|
mocks.getUserMock.mockResolvedValueOnce({ data: { user: { id: 'user-1' } }, error: null });
|
|
111
111
|
mocks.profileSingleMock.mockResolvedValueOnce({ data: { role: 'ADMIN' }, error: null });
|
|
112
|
-
mocks.
|
|
112
|
+
mocks.getS3PresignClientMock.mockResolvedValueOnce({ send: vi.fn() });
|
|
113
113
|
mocks.getSignedUrlMock.mockResolvedValueOnce('https://r2.example.test/presigned-put');
|
|
114
114
|
|
|
115
115
|
const response = await POST(
|
|
@@ -2,7 +2,7 @@ import 'server-only';
|
|
|
2
2
|
|
|
3
3
|
import { PutObjectCommand } from '@aws-sdk/client-s3';
|
|
4
4
|
import { getSignedUrl } from '@aws-sdk/s3-request-presigner';
|
|
5
|
-
import {
|
|
5
|
+
import { getS3PresignClient } from '@nextblock-cms/utils/server';
|
|
6
6
|
|
|
7
7
|
import { resolveMediaUrl } from './media/resolveMediaUrl';
|
|
8
8
|
import {
|
|
@@ -35,7 +35,7 @@ export async function createR2PresignedUpload(
|
|
|
35
35
|
throw new R2PresignedUploadError('File uploads are not configured on this server.', 500);
|
|
36
36
|
}
|
|
37
37
|
|
|
38
|
-
const s3Client = await
|
|
38
|
+
const s3Client = await getS3PresignClient();
|
|
39
39
|
if (!s3Client) {
|
|
40
40
|
throw new R2PresignedUploadError('File uploads are not configured on this server.', 500);
|
|
41
41
|
}
|