create-nextjs-cms 0.9.30 → 0.9.31

package/templates/default/app/api/auth/csrf/route.ts

@@ -1,25 +1,25 @@
-import { responseHeaders } from 'nextjs-cms/utils'
-import { createCSRFToken } from 'nextjs-cms/auth/actions'
-import { cookies } from 'next/headers'
-
-export async function GET() {
-    const cookieStore = await cookies()
-    const csrfTokenCookie = cookieStore.get('csrf_token')
-    const { csrfToken, cookie } = await createCSRFToken(csrfTokenCookie?.value)
-
-    if (cookie) {
-        (await cookies()).set({
-            name: 'csrf_token',
-            value: cookie,
-            httpOnly: true,
-            secure: true,
-            sameSite: true,
-        })
-    }
-    return Response.json(
-        {
-            csrfToken,
-        },
-        responseHeaders,
-    )
-}
+import { responseHeaders } from 'nextjs-cms/utils'
+import { createCSRFToken } from 'nextjs-cms/auth/actions'
+import { cookies } from 'next/headers'
+
+export async function GET() {
+    const cookieStore = await cookies()
+    const csrfTokenCookie = cookieStore.get('csrf_token')
+    const { csrfToken, cookie } = await createCSRFToken(csrfTokenCookie?.value)
+
+    if (cookie) {
+        (await cookies()).set({
+            name: 'csrf_token',
+            value: cookie,
+            httpOnly: true,
+            secure: true,
+            sameSite: true,
+        })
+    }
+    return Response.json(
+        {
+            csrfToken,
+        },
+        responseHeaders,
+    )
+}

package/templates/default/app/api/auth/refresh/route.ts

@@ -1,10 +1,10 @@
-import { NextRequest } from 'next/server'
-import { authRefresh } from 'nextjs-cms/auth/actions'
-
-export async function GET(request: NextRequest) {
-    const refreshToken = request.cookies.get('refresh_token')
-    const loginResult = await authRefresh(refreshToken)
-    return Response.json(loginResult, {
-        status: loginResult.status,
-    })
-}
+import { NextRequest } from 'next/server'
+import { authRefresh } from 'nextjs-cms/auth/actions'
+
+export async function GET(request: NextRequest) {
+    const refreshToken = request.cookies.get('refresh_token')
+    const loginResult = await authRefresh(refreshToken)
+    return Response.json(loginResult, {
+        status: loginResult.status,
+    })
+}

package/templates/default/app/api/auth/route.ts

@@ -1,49 +1,49 @@
-import { NextRequest } from 'next/server'
-import auth from 'nextjs-cms/auth'
-import { deleteSession, login } from 'nextjs-cms/auth/actions'
-import { getRequestMetadataFromHeaders, recordLog } from 'nextjs-cms/logging'
-
-export async function POST(request: NextRequest) {
-    const { username, password, language } = await request.json()
-    try {
-        const loginResult = await login({ username, password, language })
-        const requestMetadata = getRequestMetadataFromHeaders(request.headers)
-
-        await recordLog({
-            eventType: 'auth.login',
-            actorId: loginResult.user?.id ?? null,
-            actorUsername: loginResult.user?.username ?? null,
-            entityType: 'admin',
-            entityId: loginResult.user?.id ?? null,
-            entityLabel: loginResult.user?.username ?? null,
-            sectionName: 'auth',
-            requestMetadata,
-        })
-        return Response.json(loginResult, { status: 200 })
-    } catch (error: any) {
-        return Response.json({ error: error.message }, { status: 400 })
-    }
-}
-
-export async function DELETE(request: NextRequest) {
-    const session = await auth()
-    try {
-        const loginResult = await deleteSession(session)
-        if (session?.user?.id) {
-            const requestMetadata = getRequestMetadataFromHeaders(request.headers)
-            await recordLog({
-                eventType: 'auth.logout',
-                actorId: session.user.id,
-                actorUsername: session.user.name ?? null,
-                entityType: 'admin',
-                entityId: session.user.id,
-                entityLabel: session.user.name ?? null,
-                sectionName: 'auth',
-                requestMetadata,
-            })
-        }
-        return Response.json(loginResult, { status: 200 })
-    } catch (error: any) {
-        return Response.json({ error: error.message }, { status: 400 })
-    }
-}
+import { NextRequest } from 'next/server'
+import auth from 'nextjs-cms/auth'
+import { deleteSession, login } from 'nextjs-cms/auth/actions'
+import { getRequestMetadataFromHeaders, recordLog } from 'nextjs-cms/logging'
+
+export async function POST(request: NextRequest) {
+    const { username, password, language } = await request.json()
+    try {
+        const loginResult = await login({ username, password, language })
+        const requestMetadata = getRequestMetadataFromHeaders(request.headers)
+
+        await recordLog({
+            eventType: 'auth.login',
+            actorId: loginResult.user?.id ?? null,
+            actorUsername: loginResult.user?.username ?? null,
+            entityType: 'admin',
+            entityId: loginResult.user?.id ?? null,
+            entityLabel: loginResult.user?.username ?? null,
+            sectionName: 'auth',
+            requestMetadata,
+        })
+        return Response.json(loginResult, { status: 200 })
+    } catch (error: any) {
+        return Response.json({ error: error.message }, { status: 400 })
+    }
+}
+
+export async function DELETE(request: NextRequest) {
+    const session = await auth()
+    try {
+        const loginResult = await deleteSession(session)
+        if (session?.user?.id) {
+            const requestMetadata = getRequestMetadataFromHeaders(request.headers)
+            await recordLog({
+                eventType: 'auth.logout',
+                actorId: session.user.id,
+                actorUsername: session.user.name ?? null,
+                entityType: 'admin',
+                entityId: session.user.id,
+                entityLabel: session.user.name ?? null,
+                sectionName: 'auth',
+                requestMetadata,
+            })
+        }
+        return Response.json(loginResult, { status: 200 })
+    } catch (error: any) {
+        return Response.json({ error: error.message }, { status: 400 })
+    }
+}

package/templates/default/app/api/auth/session/route.ts

@@ -1,20 +1,20 @@
-import auth from 'nextjs-cms/auth'
-import { NextRequest } from 'next/server'
-
-export async function GET(request: NextRequest) {
-    const session = await auth()
-    return Response.json(session, {
-        status: session ? 200 : 404,
-    })
-}
-
-export async function POST(request: NextRequest) {
-    const session = await auth()
-    if (!session) {
-        return Response.json('Unauthorized', { status: 401 })
-    }
-
-    // TODO: Handle POST request to update session with new data
-
-    return Response.json(session)
-}
+import auth from 'nextjs-cms/auth'
+import { NextRequest } from 'next/server'
+
+export async function GET(request: NextRequest) {
+    const session = await auth()
+    return Response.json(session, {
+        status: session ? 200 : 404,
+    })
+}
+
+export async function POST(request: NextRequest) {
+    const session = await auth()
+    if (!session) {
+        return Response.json('Unauthorized', { status: 401 })
+    }
+
+    // TODO: Handle POST request to update session with new data
+
+    return Response.json(session)
+}

package/templates/default/app/api/document/route.ts

@@ -1,165 +1,165 @@
-import { NextRequest, NextResponse } from 'next/server'
-import path from 'path'
-import fs from 'fs'
-import { readChunk } from 'read-chunk'
-import { fileTypeFromBuffer } from 'file-type'
-import { SectionFactory } from 'nextjs-cms/core/factories'
-import type { DocumentFieldConfigType } from 'nextjs-cms/core/fields'
-import auth from 'nextjs-cms/auth'
-import { sanitizeFileName, sanitizeFolderOrFileName } from 'nextjs-cms/utils'
-import { streamFile } from 'nextjs-cms/api/server/actions'
-import { getCMSConfig } from 'nextjs-cms/core/config'
-
-/**
- * This route handler streams a document file from the server.
- * It protects document files from being accessed directly and avoids
- * the base64 payload size limits that occur with the tRPC approach.
- * Used by the `<ProtectedDocument />` component.
- */
-
-export async function GET(request: NextRequest) {
-    const session = await auth()
-    const searchParams = request.nextUrl.searchParams
-
-    const name = searchParams.get('name')
-    const sectionName = searchParams.get('sectionName')
-    const fieldName = searchParams.get('fieldName')
-
-    if (!name || !sectionName || !fieldName) {
-        return NextResponse.json(
-            {
-                error: 'Invalid request',
-            },
-            { status: 400 },
-        )
-    }
-
-    // Check if the session is valid
-    if (!session || !session.user) {
-        return NextResponse.json(
-            {
-                error: 'Invalid token',
-            },
-            { status: 401 },
-        )
-    }
-
-    const uploadsFolder: string = (await getCMSConfig()).media.upload.path
-
-    // Sanitize the inputs
-    const sanitizedFolder = sanitizeFolderOrFileName(sectionName)
-    const sanitizedName = sanitizeFileName(name)
-
-    /**
-     * Check the section and the field name, and get the allowed extensions,
-     *  while also checking if the user has access to the section
-     */
-    const section = await SectionFactory.getSectionForAdmin({
-        name: sanitizedFolder,
-        admin: { id: session.user.id },
-    })
-
-    /**
-     * If the check fails, return an error
-     */
-    if (!section || !section.name) {
-        return NextResponse.json(
-            {
-                error: 'File not found, or you do not have access to it.',
-            },
-            { status: 400 },
-        )
-    }
-
-    const fieldConfig = section.fields.find((field) => field.name === fieldName) as DocumentFieldConfigType | undefined
-
-    if (!fieldConfig || typeof fieldConfig.build !== 'function') {
-        return NextResponse.json(
-            {
-                error: 'Invalid request',
-            },
-            { status: 400 },
-        )
-    }
-
-    const field = fieldConfig.build()
-
-    /**
-     * If field is not found, return an error
-     */
-    if (!field || !field.name || !field.extensions || field.extensions.length === 0) {
-        return NextResponse.json(
-            {
-                error: 'Invalid request',
-            },
-            { status: 400 },
-        )
-    }
-
-    /**
-     * Split the allowed extensions into an array
-     */
-    const documentAllowedExtensions = field.extensions
-    const dir = '.documents'
-    const pathToFile = path.join(uploadsFolder, dir, sanitizedFolder, sanitizedName)
-
-    /**
-     * First, check if the file exists
-     */
-    if (!fs.existsSync(pathToFile)) {
-        return NextResponse.json(
-            {
-                error: 'File not found',
-            },
-            { status: 404 },
-        )
-    }
-
-    /**
-     * Read the first 4100 bytes of the file
-     */
-    const chunkBuffer = await readChunk(pathToFile, { length: 4100 })
-    /**
-     * Get the file type from the buffer
-     */
-    const fileType = await fileTypeFromBuffer(chunkBuffer)
-
-    /**
-     * If the file type is invalid, return an error
-     */
-    if (!fileType) {
-        return NextResponse.json(
-            {
-                error: 'Invalid file type',
-            },
-            { status: 400 },
-        )
-    }
-
-    /**
-     * Check if the file type is allowed
-     */
-    if (!documentAllowedExtensions.includes(fileType.ext)) {
-        return NextResponse.json(
-            {
-                error: 'Invalid file type',
-            },
-            { status: 400 },
-        )
-    }
-
-    const fileStats = fs.statSync(pathToFile)
-    const fileSize = fileStats.size
-    const fileMimeType = fileType.mime
-
-    const data: ReadableStream<Uint8Array> = await streamFile(pathToFile)
-
-    return new NextResponse(data, {
-        headers: {
-            'Content-Length': fileSize.toString(),
-            'Content-Type': fileMimeType,
-            'Content-Disposition': 'inline',
-        },
-        status: 200,
-    })
-}
+import { NextRequest, NextResponse } from 'next/server'
+import path from 'path'
+import fs from 'fs'
+import { readChunk } from 'read-chunk'
+import { fileTypeFromBuffer } from 'file-type'
+import { SectionFactory } from 'nextjs-cms/core/factories'
+import type { DocumentFieldConfigType } from 'nextjs-cms/core/fields'
+import auth from 'nextjs-cms/auth'
+import { sanitizeFileName, sanitizeFolderOrFileName } from 'nextjs-cms/utils'
+import { streamFile } from 'nextjs-cms/api/server/actions'
+import { getCMSConfig } from 'nextjs-cms/core/config'
+
+/**
+ * This route handler streams a document file from the server.
+ * It protects document files from being accessed directly and avoids
+ * the base64 payload size limits that occur with the tRPC approach.
+ * Used by the `<ProtectedDocument />` component.
+ */
+
+export async function GET(request: NextRequest) {
+    const session = await auth()
+    const searchParams = request.nextUrl.searchParams
+
+    const name = searchParams.get('name')
+    const sectionName = searchParams.get('sectionName')
+    const fieldName = searchParams.get('fieldName')
+
+    if (!name || !sectionName || !fieldName) {
+        return NextResponse.json(
+            {
+                error: 'Invalid request',
+            },
+            { status: 400 },
+        )
+    }
+
+    // Check if the session is valid
+    if (!session || !session.user) {
+        return NextResponse.json(
+            {
+                error: 'Invalid token',
+            },
+            { status: 401 },
+        )
+    }
+
+    const uploadsFolder: string = (await getCMSConfig()).media.upload.path
+
+    // Sanitize the inputs
+    const sanitizedFolder = sanitizeFolderOrFileName(sectionName)
+    const sanitizedName = sanitizeFileName(name)
+
+    /**
+     * Check the section and the field name, and get the allowed extensions,
+     *  while also checking if the user has access to the section
+     */
+    const section = await SectionFactory.getSectionForAdmin({
+        name: sanitizedFolder,
+        admin: { id: session.user.id },
+    })
+
+    /**
+     * If the check fails, return an error
+     */
+    if (!section || !section.name) {
+        return NextResponse.json(
+            {
+                error: 'File not found, or you do not have access to it.',
+            },
+            { status: 400 },
+        )
+    }
+
+    const fieldConfig = section.fields.find((field) => field.name === fieldName) as DocumentFieldConfigType | undefined
+
+    if (!fieldConfig || typeof fieldConfig.build !== 'function') {
+        return NextResponse.json(
+            {
+                error: 'Invalid request',
+            },
+            { status: 400 },
+        )
+    }
+
+    const field = fieldConfig.build()
+
+    /**
+     * If field is not found, return an error
+     */
+    if (!field || !field.name || !field.extensions || field.extensions.length === 0) {
+        return NextResponse.json(
+            {
+                error: 'Invalid request',
+            },
+            { status: 400 },
+        )
+    }
+
+    /**
+     * Split the allowed extensions into an array
+     */
+    const documentAllowedExtensions = field.extensions
+    const dir = '.documents'
+    const pathToFile = path.join(uploadsFolder, dir, sanitizedFolder, sanitizedName)
+
+    /**
+     * First, check if the file exists
+     */
+    if (!fs.existsSync(pathToFile)) {
+        return NextResponse.json(
+            {
+                error: 'File not found',
+            },
+            { status: 404 },
+        )
+    }
+
+    /**
+     * Read the first 4100 bytes of the file
+     */
+    const chunkBuffer = await readChunk(pathToFile, { length: 4100 })
+    /**
+     * Get the file type from the buffer
+     */
+    const fileType = await fileTypeFromBuffer(chunkBuffer)
+
+    /**
+     * If the file type is invalid, return an error
+     */
+    if (!fileType) {
+        return NextResponse.json(
+            {
+                error: 'Invalid file type',
+            },
+            { status: 400 },
+        )
+    }
+
+    /**
+     * Check if the file type is allowed
+     */
+    if (!documentAllowedExtensions.includes(fileType.ext)) {
+        return NextResponse.json(
+            {
+                error: 'Invalid file type',
+            },
+            { status: 400 },
+        )
+    }
+
+    const fileStats = fs.statSync(pathToFile)
+    const fileSize = fileStats.size
+    const fileMimeType = fileType.mime
+
+    const data: ReadableStream<Uint8Array> = await streamFile(pathToFile)
+
+    return new NextResponse(data, {
+        headers: {
+            'Content-Length': fileSize.toString(),
+            'Content-Type': fileMimeType,
+            'Content-Disposition': 'inline',
+        },
+        status: 200,
+    })
+}

package/templates/default/app/api/editor/photo/route.ts

@@ -1,49 +1,49 @@
-import { NextRequest, NextResponse } from 'next/server'
-import sharp from 'sharp'
-import auth from 'nextjs-cms/auth'
-
-/**
- * This route handler is used to use a photo in rich text editor
- * It expects an image file in the request body
- * It returns the base64 string of the image
- * @param request
- * @returns NextResponse with the base64 string of the image
- */
-export async function POST(request: NextRequest) {
-    const session = await auth()
-
-    if (!session || !session.user) {
-        return NextResponse.json(
-            {
-                error: 'Access token not provided',
-            },
-            { status: 401 },
-        )
-    }
-
-    const formData = await request.formData()
-    const photo = formData.get('photo') as File
-
-    if (!photo) {
-        return NextResponse.json(
-            {
-                error: 'Photo not provided',
-            },
-            { status: 400 },
-        )
-    }
-
-    const arrayBuffer = await photo.arrayBuffer()
-    const buffer = Buffer.from(arrayBuffer)
-
-    sharp.cache({ files: 0 })
-    sharp.cache(false)
-    const image = sharp(buffer)
-
-    let webpBuffer = await image.toFormat('webp').resize(1200, 768).withExif({}).toBuffer()
-
-    const base64String = webpBuffer.toString('base64')
-    image.destroy()
-
-    return NextResponse.json(`data:image/webp;base64,${base64String}`)
-}
+import { NextRequest, NextResponse } from 'next/server'
+import sharp from 'sharp'
+import auth from 'nextjs-cms/auth'
+
+/**
+ * This route handler is used to use a photo in rich text editor
+ * It expects an image file in the request body
+ * It returns the base64 string of the image
+ * @param request
+ * @returns NextResponse with the base64 string of the image
+ */
+export async function POST(request: NextRequest) {
+    const session = await auth()
+
+    if (!session || !session.user) {
+        return NextResponse.json(
+            {
+                error: 'Access token not provided',
+            },
+            { status: 401 },
+        )
+    }
+
+    const formData = await request.formData()
+    const photo = formData.get('photo') as File
+
+    if (!photo) {
+        return NextResponse.json(
+            {
+                error: 'Photo not provided',
+            },
+            { status: 400 },
+        )
+    }
+
+    const arrayBuffer = await photo.arrayBuffer()
+    const buffer = Buffer.from(arrayBuffer)
+
+    sharp.cache({ files: 0 })
+    sharp.cache(false)
+    const image = sharp(buffer)
+
+    let webpBuffer = await image.toFormat('webp').resize(1200, 768).withExif({}).toBuffer()
+
+    const base64String = webpBuffer.toString('base64')
+    image.destroy()
+
+    return NextResponse.json(`data:image/webp;base64,${base64String}`)
+}