create-nextjs-cms 0.9.32 → 0.9.33

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/package.json +2 -2
  2. package/templates/default/app/api/document/route.ts +20 -11
  3. package/templates/default/app/api/photo/route.ts +14 -1
  4. package/templates/default/app/api/video/route.ts +47 -36
  5. package/templates/default/components/media/protected-document.tsx +2 -4
  6. package/templates/default/package.json +1 -1
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "create-nextjs-cms",
3
- "version": "0.9.32",
3
+ "version": "0.9.33",
4
4
  "private": false,
5
5
  "type": "module",
6
6
  "bin": {
@@ -28,8 +28,8 @@
28
28
  "prettier": "^3.3.3",
29
29
  "tsx": "^4.20.6",
30
30
  "typescript": "^5.9.2",
31
- "@lzcms/prettier-config": "0.1.0",
32
31
  "@lzcms/eslint-config": "0.3.0",
32
+ "@lzcms/prettier-config": "0.1.0",
33
33
  "@lzcms/tsconfig": "0.1.0"
34
34
  },
35
35
  "prettier": "@lzcms/prettier-config",
package/templates/default/app/api/document/route.ts CHANGED
@@ -19,6 +19,17 @@ import { getCMSConfig } from 'nextjs-cms/core/config'
19
19
 
20
20
  export async function GET(request: NextRequest) {
21
21
  const session = await auth()
22
+
23
+ // Check if the session is valid
24
+ if (!session || !session.user) {
25
+ return NextResponse.json(
26
+ {
27
+ error: 'Invalid token',
28
+ },
29
+ { status: 401 },
30
+ )
31
+ }
32
+
22
33
  const searchParams = request.nextUrl.searchParams
23
34
 
24
35
  const name = searchParams.get('name')
@@ -34,16 +45,6 @@ export async function GET(request: NextRequest) {
34
45
  )
35
46
  }
36
47
 
37
- // Check if the session is valid
38
- if (!session || !session.user) {
39
- return NextResponse.json(
40
- {
41
- error: 'Invalid token',
42
- },
43
- { status: 401 },
44
- )
45
- }
46
-
47
48
  const uploadsFolder: string = (await getCMSConfig()).media.upload.path
48
49
 
49
50
  // Sanitize the inputs
@@ -152,13 +153,21 @@ export async function GET(request: NextRequest) {
152
153
  const fileSize = fileStats.size
153
154
  const fileMimeType = fileType.mime
154
155
 
155
- const data: ReadableStream<Uint8Array> = await streamFile(pathToFile)
156
+ let data: ReadableStream<Uint8Array>
157
+ try {
158
+ data = await streamFile(pathToFile)
159
+ } catch {
160
+ return NextResponse.json({ error: 'File not found' }, { status: 404 })
161
+ }
156
162
 
157
163
  return new NextResponse(data, {
158
164
  headers: {
159
165
  'Content-Length': fileSize.toString(),
160
166
  'Content-Type': fileMimeType,
161
167
  'Content-Disposition': 'inline',
168
+ 'X-Content-Type-Options': 'nosniff',
169
+ 'Content-Security-Policy': "default-src 'none'",
170
+ 'Referrer-Policy': 'no-referrer',
162
171
  },
163
172
  status: 200,
164
173
  })
package/templates/default/app/api/photo/route.ts CHANGED
@@ -1,7 +1,20 @@
1
1
  import { NextRequest, NextResponse } from 'next/server'
2
2
  import { getPhoto } from 'nextjs-cms/api/server/actions'
3
+ import auth from 'nextjs-cms/auth'
3
4
 
4
5
  export async function GET(request: NextRequest) {
6
+ const session = await auth()
7
+
8
+ // Check if the session is valid
9
+ if (!session || !session.user) {
10
+ return NextResponse.json(
11
+ {
12
+ error: 'Invalid token',
13
+ },
14
+ { status: 401 },
15
+ )
16
+ }
17
+
5
18
  const searchParams = request.nextUrl.searchParams
6
19
 
7
20
  const name = searchParams.get('name')
@@ -17,7 +30,7 @@ export async function GET(request: NextRequest) {
17
30
  )
18
31
  }
19
32
 
20
- const base64String = await getPhoto({
33
+ const base64String = await getPhoto({
21
34
  name,
22
35
  folder,
23
36
  isThumb: isThumb === 'true',
package/templates/default/app/api/video/route.ts CHANGED
@@ -20,6 +20,17 @@ import { getCMSConfig } from 'nextjs-cms/core/config'
20
20
 
21
21
  export async function GET(request: NextRequest) {
22
22
  const session = await auth()
23
+
24
+ // Check if the session is valid
25
+ if (!session || !session.user) {
26
+ return NextResponse.json(
27
+ {
28
+ error: 'Invalid token',
29
+ },
30
+ { status: 401 },
31
+ )
32
+ }
33
+
23
34
  const searchParams = request.nextUrl.searchParams
24
35
 
25
36
  const name = searchParams.get('name')
@@ -35,16 +46,6 @@ export async function GET(request: NextRequest) {
35
46
  )
36
47
  }
37
48
 
38
- // Check if the session is valid
39
- if (!session || !session.user) {
40
- return NextResponse.json(
41
- {
42
- error: 'Invalid token',
43
- },
44
- { status: 401 },
45
- )
46
- }
47
-
48
49
  const uploadsFolder: string = (await getCMSConfig()).media.upload.path
49
50
 
50
51
  // Sanitize the inputs
@@ -142,32 +143,42 @@ export async function GET(request: NextRequest) {
142
143
  const videoMimeType = fileType.mime
143
144
 
144
145
  let res = null
145
- if (range) {
146
- const parts = range.replace(/bytes=/, '').split('-')
147
- const start = parseInt(parts[0] ?? '0', 10)
148
- const end = parts[1] ? parseInt(parts[1], 10) : videoSize - 1
149
- const chunkSize = end - start + 1
150
-
151
- const data: ReadableStream<Uint8Array> = await streamFile(pathToFile, { start, end })
152
-
153
- res = new NextResponse(data, {
154
- headers: {
155
- 'Content-Range': `bytes ${start}-${end}/${videoSize}`,
156
- 'Accept-Ranges': 'bytes',
157
- 'Content-Length': chunkSize.toString(),
158
- 'Content-Type': videoMimeType,
159
- },
160
- status: 206,
161
- })
162
- } else {
163
- const data: ReadableStream<Uint8Array> = await streamFile(pathToFile)
164
- res = new NextResponse(data, {
165
- headers: {
166
- 'Content-Length': videoSize.toString(),
167
- 'Content-Type': videoMimeType,
168
- },
169
- status: 200,
170
- })
146
+ try {
147
+ if (range) {
148
+ const parts = range.replace(/bytes=/, '').split('-')
149
+ const start = parseInt(parts[0] ?? '0', 10)
150
+ const end = parts[1] ? parseInt(parts[1], 10) : videoSize - 1
151
+ const chunkSize = end - start + 1
152
+
153
+ const data: ReadableStream<Uint8Array> = await streamFile(pathToFile, { start, end })
154
+
155
+ res = new NextResponse(data, {
156
+ headers: {
157
+ 'Content-Range': `bytes ${start}-${end}/${videoSize}`,
158
+ 'Accept-Ranges': 'bytes',
159
+ 'Content-Length': chunkSize.toString(),
160
+ 'Content-Type': videoMimeType,
161
+ 'X-Content-Type-Options': 'nosniff',
162
+ 'Content-Security-Policy': "sandbox; default-src 'none'",
163
+ 'Referrer-Policy': 'no-referrer',
164
+ },
165
+ status: 206,
166
+ })
167
+ } else {
168
+ const data: ReadableStream<Uint8Array> = await streamFile(pathToFile)
169
+ res = new NextResponse(data, {
170
+ headers: {
171
+ 'Content-Length': videoSize.toString(),
172
+ 'Content-Type': videoMimeType,
173
+ 'X-Content-Type-Options': 'nosniff',
174
+ 'Content-Security-Policy': "sandbox; default-src 'none'",
175
+ 'Referrer-Policy': 'no-referrer',
176
+ },
177
+ status: 200,
178
+ })
179
+ }
180
+ } catch {
181
+ return NextResponse.json({ error: 'File not found' }, { status: 404 })
171
182
  }
172
183
 
173
184
  return res
package/templates/default/components/media/protected-document.tsx CHANGED
@@ -26,10 +26,8 @@ const ProtectedDocument = ({
26
26
 
27
27
  return (
28
28
  <div className={className}>
29
- {loading && (
30
- <div className='animate-pulse bg-gray-500' style={{ width, height }} />
31
- )}
32
- <embed
29
+ {loading && <div className='animate-pulse bg-gray-500' style={{ width, height }} />}
30
+ <iframe
33
31
  src={url}
34
32
  className='max-w-full'
35
33
  width={width}
package/templates/default/package.json CHANGED
@@ -70,7 +70,7 @@
70
70
  "nanoid": "^5.1.2",
71
71
  "next": "16.2.5",
72
72
  "next-themes": "^0.4.6",
73
- "nextjs-cms": "0.9.32",
73
+ "nextjs-cms": "0.9.33",
74
74
  "plaiceholder": "^3.0.0",
75
75
  "prettier-plugin-tailwindcss": "^0.7.2",
76
76
  "qrcode": "^1.5.4",