create-nextjs-cms 0.7.10 → 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "create-nextjs-cms",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.8.0",
|
|
4
4
|
"private": false,
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": {
|
|
@@ -29,8 +29,8 @@
|
|
|
29
29
|
"tsx": "^4.20.6",
|
|
30
30
|
"typescript": "^5.9.2",
|
|
31
31
|
"@lzcms/eslint-config": "0.3.0",
|
|
32
|
-
"@lzcms/
|
|
33
|
-
"@lzcms/
|
|
32
|
+
"@lzcms/tsconfig": "0.1.0",
|
|
33
|
+
"@lzcms/prettier-config": "0.1.0"
|
|
34
34
|
},
|
|
35
35
|
"prettier": "@lzcms/prettier-config",
|
|
36
36
|
"scripts": {
|
|
@@ -0,0 +1,167 @@
|
|
|
1
|
+
import { NextRequest, NextResponse } from 'next/server'
|
|
2
|
+
import path from 'path'
|
|
3
|
+
import fs from 'fs'
|
|
4
|
+
import { readChunk } from 'read-chunk'
|
|
5
|
+
import { fileTypeFromBuffer } from 'file-type'
|
|
6
|
+
import { SectionFactory } from 'nextjs-cms/core/factories'
|
|
7
|
+
import type { DocumentFieldConfigType } from 'nextjs-cms/core/fields'
|
|
8
|
+
import auth from 'nextjs-cms/auth'
|
|
9
|
+
import { sanitizeFileName, sanitizeFolderOrFileName } from 'nextjs-cms/utils'
|
|
10
|
+
import { streamFile } from 'nextjs-cms/api/helpers'
|
|
11
|
+
import { getCMSConfig } from 'nextjs-cms/core/config'
|
|
12
|
+
|
|
13
|
+
/**
|
|
14
|
+
* This route handler streams a document file from the server.
|
|
15
|
+
* It protects document files from being accessed directly and avoids
|
|
16
|
+
* the base64 payload size limits that occur with the tRPC approach.
|
|
17
|
+
* Used by the `<ProtectedDocument />` component.
|
|
18
|
+
*/
|
|
19
|
+
|
|
20
|
+
export async function GET(request: NextRequest) {
|
|
21
|
+
const session = await auth()
|
|
22
|
+
const searchParams = request.nextUrl.searchParams
|
|
23
|
+
|
|
24
|
+
const name = searchParams.get('name')
|
|
25
|
+
const sectionName = searchParams.get('sectionName')
|
|
26
|
+
const fieldName = searchParams.get('fieldName')
|
|
27
|
+
|
|
28
|
+
if (!name || !sectionName || !fieldName) {
|
|
29
|
+
return NextResponse.json(
|
|
30
|
+
{
|
|
31
|
+
error: 'Invalid request',
|
|
32
|
+
},
|
|
33
|
+
{ status: 400 },
|
|
34
|
+
)
|
|
35
|
+
}
|
|
36
|
+
|
|
37
|
+
// Check if the session is valid
|
|
38
|
+
if (!session || !session.user) {
|
|
39
|
+
return NextResponse.json(
|
|
40
|
+
{
|
|
41
|
+
error: 'Invalid token',
|
|
42
|
+
},
|
|
43
|
+
{ status: 401 },
|
|
44
|
+
)
|
|
45
|
+
}
|
|
46
|
+
|
|
47
|
+
const uploadsFolder: string = (await getCMSConfig()).media.upload.path
|
|
48
|
+
|
|
49
|
+
// Sanitize the inputs
|
|
50
|
+
const sanitizedFolder = sanitizeFolderOrFileName(sectionName)
|
|
51
|
+
const sanitizedName = sanitizeFileName(name)
|
|
52
|
+
|
|
53
|
+
/**
|
|
54
|
+
* Check the section and the field name, and get the allowed extensions,
|
|
55
|
+
* while also checking if the user has access to the section
|
|
56
|
+
*/
|
|
57
|
+
const section = await SectionFactory.getSectionForAdmin({
|
|
58
|
+
name: sanitizedFolder,
|
|
59
|
+
admin: { id: session.user.id },
|
|
60
|
+
})
|
|
61
|
+
|
|
62
|
+
/**
|
|
63
|
+
* If the check fails, return an error
|
|
64
|
+
*/
|
|
65
|
+
if (!section || !section.name) {
|
|
66
|
+
return NextResponse.json(
|
|
67
|
+
{
|
|
68
|
+
error: 'File not found, or you do not have access to it.',
|
|
69
|
+
},
|
|
70
|
+
{ status: 400 },
|
|
71
|
+
)
|
|
72
|
+
}
|
|
73
|
+
|
|
74
|
+
const fieldConfig = section.fields.find((field) => field.name === fieldName) as
|
|
75
|
+
| DocumentFieldConfigType
|
|
76
|
+
| undefined
|
|
77
|
+
|
|
78
|
+
if (!fieldConfig || typeof fieldConfig.build !== 'function') {
|
|
79
|
+
return NextResponse.json(
|
|
80
|
+
{
|
|
81
|
+
error: 'Invalid request',
|
|
82
|
+
},
|
|
83
|
+
{ status: 400 },
|
|
84
|
+
)
|
|
85
|
+
}
|
|
86
|
+
|
|
87
|
+
const field = fieldConfig.build()
|
|
88
|
+
|
|
89
|
+
/**
|
|
90
|
+
* If field is not found, return an error
|
|
91
|
+
*/
|
|
92
|
+
if (!field || !field.name || !field.extensions || field.extensions.length === 0) {
|
|
93
|
+
return NextResponse.json(
|
|
94
|
+
{
|
|
95
|
+
error: 'Invalid request',
|
|
96
|
+
},
|
|
97
|
+
{ status: 400 },
|
|
98
|
+
)
|
|
99
|
+
}
|
|
100
|
+
|
|
101
|
+
/**
|
|
102
|
+
* Split the allowed extensions into an array
|
|
103
|
+
*/
|
|
104
|
+
const documentAllowedExtensions = field.extensions
|
|
105
|
+
const dir = '.documents'
|
|
106
|
+
const pathToFile = path.join(uploadsFolder, dir, sanitizedFolder, sanitizedName)
|
|
107
|
+
|
|
108
|
+
/**
|
|
109
|
+
* First, check if the file exists
|
|
110
|
+
*/
|
|
111
|
+
if (!fs.existsSync(pathToFile)) {
|
|
112
|
+
return NextResponse.json(
|
|
113
|
+
{
|
|
114
|
+
error: 'File not found',
|
|
115
|
+
},
|
|
116
|
+
{ status: 404 },
|
|
117
|
+
)
|
|
118
|
+
}
|
|
119
|
+
|
|
120
|
+
/**
|
|
121
|
+
* Read the first 4100 bytes of the file
|
|
122
|
+
*/
|
|
123
|
+
const chunkBuffer = await readChunk(pathToFile, { length: 4100 })
|
|
124
|
+
/**
|
|
125
|
+
* Get the file type from the buffer
|
|
126
|
+
*/
|
|
127
|
+
const fileType = await fileTypeFromBuffer(chunkBuffer)
|
|
128
|
+
|
|
129
|
+
/**
|
|
130
|
+
* If the file type is invalid, return an error
|
|
131
|
+
*/
|
|
132
|
+
if (!fileType) {
|
|
133
|
+
return NextResponse.json(
|
|
134
|
+
{
|
|
135
|
+
error: 'Invalid file type',
|
|
136
|
+
},
|
|
137
|
+
{ status: 400 },
|
|
138
|
+
)
|
|
139
|
+
}
|
|
140
|
+
|
|
141
|
+
/**
|
|
142
|
+
* Check if the file type is allowed
|
|
143
|
+
*/
|
|
144
|
+
if (!documentAllowedExtensions.includes(fileType.ext)) {
|
|
145
|
+
return NextResponse.json(
|
|
146
|
+
{
|
|
147
|
+
error: 'Invalid file type',
|
|
148
|
+
},
|
|
149
|
+
{ status: 400 },
|
|
150
|
+
)
|
|
151
|
+
}
|
|
152
|
+
|
|
153
|
+
const fileStats = fs.statSync(pathToFile)
|
|
154
|
+
const fileSize = fileStats.size
|
|
155
|
+
const fileMimeType = fileType.mime
|
|
156
|
+
|
|
157
|
+
const data: ReadableStream<Uint8Array> = await streamFile(pathToFile)
|
|
158
|
+
|
|
159
|
+
return new NextResponse(data, {
|
|
160
|
+
headers: {
|
|
161
|
+
'Content-Length': fileSize.toString(),
|
|
162
|
+
'Content-Type': fileMimeType,
|
|
163
|
+
'Content-Disposition': 'inline',
|
|
164
|
+
},
|
|
165
|
+
status: 200,
|
|
166
|
+
})
|
|
167
|
+
}
|
|
@@ -1,6 +1,4 @@
|
|
|
1
|
-
import React, { useEffect } from 'react'
|
|
2
|
-
import { trpc } from '@/app/_trpc/client'
|
|
3
|
-
import { base64ToBlob } from 'nextjs-cms/utils'
|
|
1
|
+
import React, { useEffect, useRef } from 'react'
|
|
4
2
|
|
|
5
3
|
const ProtectedDocument = ({
|
|
6
4
|
section,
|
|
@@ -9,7 +7,6 @@ const ProtectedDocument = ({
|
|
|
9
7
|
width,
|
|
10
8
|
height,
|
|
11
9
|
className = 'rounded-3xl object-cover',
|
|
12
|
-
displayAs = 'base64',
|
|
13
10
|
}: {
|
|
14
11
|
section: string
|
|
15
12
|
fieldName: string
|
|
@@ -17,42 +14,49 @@ const ProtectedDocument = ({
|
|
|
17
14
|
width: number
|
|
18
15
|
height: number
|
|
19
16
|
className?: string
|
|
20
|
-
displayAs?: 'blob' | 'base64'
|
|
21
17
|
}) => {
|
|
22
18
|
const [srcUrl, setSrcUrl] = React.useState<string | null>(null)
|
|
23
|
-
const
|
|
24
|
-
name: file,
|
|
25
|
-
sectionName: section,
|
|
26
|
-
fieldName: fieldName,
|
|
27
|
-
})
|
|
19
|
+
const blobUrlRef = useRef<string | null>(null)
|
|
28
20
|
|
|
29
21
|
useEffect(() => {
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
)
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
22
|
+
const controller = new AbortController()
|
|
23
|
+
|
|
24
|
+
const fetchDocument = async () => {
|
|
25
|
+
try {
|
|
26
|
+
const params = new URLSearchParams({
|
|
27
|
+
name: file,
|
|
28
|
+
sectionName: section,
|
|
29
|
+
fieldName: fieldName,
|
|
30
|
+
})
|
|
31
|
+
|
|
32
|
+
const response = await fetch(`/api/document?${params.toString()}`, {
|
|
33
|
+
signal: controller.signal,
|
|
34
|
+
})
|
|
35
|
+
|
|
36
|
+
if (!response.ok) return
|
|
37
|
+
|
|
38
|
+
const blob = await response.blob()
|
|
39
|
+
const url = URL.createObjectURL(blob)
|
|
40
|
+
blobUrlRef.current = url
|
|
41
|
+
setSrcUrl(url)
|
|
42
|
+
} catch (error) {
|
|
43
|
+
// Ignore abort errors from cleanup
|
|
44
|
+
if (error instanceof DOMException && error.name === 'AbortError') return
|
|
45
|
+
}
|
|
47
46
|
}
|
|
48
47
|
|
|
48
|
+
fetchDocument()
|
|
49
|
+
|
|
49
50
|
return () => {
|
|
50
|
-
|
|
51
|
-
if (
|
|
52
|
-
URL.revokeObjectURL(
|
|
51
|
+
controller.abort()
|
|
52
|
+
if (blobUrlRef.current) {
|
|
53
|
+
URL.revokeObjectURL(blobUrlRef.current)
|
|
54
|
+
blobUrlRef.current = null
|
|
53
55
|
}
|
|
56
|
+
setSrcUrl(null)
|
|
54
57
|
}
|
|
55
|
-
}, [
|
|
58
|
+
}, [file, section, fieldName])
|
|
59
|
+
|
|
56
60
|
return (
|
|
57
61
|
<div className={className}>
|
|
58
62
|
{srcUrl ? (
|
|
@@ -61,12 +65,6 @@ const ProtectedDocument = ({
|
|
|
61
65
|
className='max-w-full'
|
|
62
66
|
width={width}
|
|
63
67
|
height={height}
|
|
64
|
-
onLoad={(e) => {
|
|
65
|
-
// Revoke the blob url after the image is loaded
|
|
66
|
-
if (displayAs === 'blob' && srcUrl) {
|
|
67
|
-
URL.revokeObjectURL(srcUrl)
|
|
68
|
-
}
|
|
69
|
-
}}
|
|
70
68
|
/>
|
|
71
69
|
) : (
|
|
72
70
|
<div className='animate-pulse bg-gray-500' style={{ width, height }} />
|