dineway 0.1.3 → 0.1.4

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dineway",
-  "version": "0.1.3",
+  "version": "0.1.4",
   "description": "Agentic Web builder with WordPress migration support",
   "type": "module",
   "main": "dist/index.mjs",
@@ -10,7 +10,10 @@
   },
   "files": [
     "dist",
-    "locals.d.ts"
+    "locals.d.ts",
+    "src/astro/routes",
+    "src/ui.ts",
+    "src/components"
   ],
   "exports": {
     ".": {
@@ -259,8 +262,8 @@
     "ulidx": "^2.4.1",
     "upng-js": "^2.1.0",
     "zod": "^4.3.5",
-    "@dineway-ai/admin": "0.1.3",
     "@dineway-ai/auth": "0.1.3",
+    "@dineway-ai/admin": "0.1.3",
     "@dineway-ai/gutenberg-to-portable-text": "0.1.3"
   },
   "optionalDependencies": {

package/src/astro/routes/PluginRegistry.tsx

@@ -0,0 +1,21 @@
+/**
+ * Admin Wrapper
+ *
+ * Imports plugin admin modules from the virtual module and passes them
+ * to AdminApp via props. This ensures plugin components are bundled
+ * together with the admin app and available via React context.
+ */
+
+import { AdminApp } from "@dineway-ai/admin";
+import type { Messages } from "@lingui/core";
+// @ts-ignore - virtual module generated by integration
+import { pluginAdmins } from "virtual:dineway/admin-registry";
+
+interface AdminWrapperProps {
+	locale: string;
+	messages: Messages;
+}
+
+export default function AdminWrapper({ locale, messages }: AdminWrapperProps) {
+	return <AdminApp pluginAdmins={pluginAdmins} locale={locale} messages={messages} />;
+}

package/src/astro/routes/admin.astro

@@ -0,0 +1,83 @@
+---
+/**
+ * Admin shell route - injected by Dineway integration
+ *
+ * This page serves the Dineway admin React SPA.
+ * AdminWrapper imports plugin admin modules and passes them to AdminApp.
+ */
+import "@dineway-ai/admin/styles.css";
+// Use package-qualified import so Astro generates a proper module URL
+// (relative imports resolve to absolute paths which break client hydration)
+import AdminWrapper from "dineway/routes/PluginRegistry";
+
+export const prerender = false;
+
+import { resolveLocale } from "@dineway-ai/admin/locales";
+
+const resolvedLocale = resolveLocale(Astro.request);
+const { messages } = await import(`@dineway-ai/admin/locales/${resolvedLocale}/messages.mjs`);
+---
+
+<!doctype html>
+<html lang={resolvedLocale}>
+	<head>
+		<meta charset="UTF-8" />
+		<meta name="viewport" content="width=device-width, initial-scale=1.0" />
+		<link rel="icon" href="/favicon.svg" />
+		<title>Dineway Admin</title>
+	</head>
+	<body>
+		<div id="admin-root" class="min-h-screen">
+			<div id="dineway-boot-loader">
+				<style>
+					#dineway-boot-loader {
+						display: flex;
+						align-items: center;
+						justify-content: center;
+						min-height: 100vh;
+						color-scheme: light dark;
+						background: light-dark(hsl(0 0% 100%), hsl(222.2 84% 4.9%));
+					}
+					#dineway-boot-loader .loader-inner {
+						text-align: center;
+					}
+					#dineway-boot-loader .spinner {
+						width: 24px;
+						height: 24px;
+						margin: 0 auto;
+						border: 2.5px solid
+							light-dark(
+								hsl(215.4 16.3% 46.9% / 0.3),
+								hsl(215 20.2% 65.1% / 0.3)
+							);
+						border-top-color: light-dark(
+							hsl(215.4 16.3% 46.9%),
+							hsl(215 20.2% 65.1%)
+						);
+						border-radius: 50%;
+						animation: dineway-spin 0.8s linear infinite;
+					}
+					#dineway-boot-loader p {
+						margin-top: 1rem;
+						font-family:
+							system-ui,
+							-apple-system,
+							sans-serif;
+						font-size: 0.875rem;
+						color: light-dark(hsl(215.4 16.3% 46.9%), hsl(215 20.2% 65.1%));
+					}
+					@keyframes dineway-spin {
+						to {
+							transform: rotate(360deg);
+						}
+					}
+				</style>
+				<div class="loader-inner">
+					<div class="spinner"></div>
+					<p>Loading Dineway...</p>
+				</div>
+			</div>
+			<AdminWrapper client:only="react" locale={resolvedLocale} messages={messages} />
+		</div>
+	</body>
+</html>

package/src/astro/routes/api/admin/allowed-domains/[domain].ts

@@ -0,0 +1,112 @@
+/**
+ * PATCH/DELETE /_dineway/api/admin/allowed-domains/[domain]
+ *
+ * Admin endpoints for managing a specific allowed domain.
+ * PATCH - Update domain settings (enabled, defaultRole)
+ * DELETE - Remove an allowed domain
+ */
+
+import type { APIRoute } from "astro";
+
+export const prerender = false;
+
+import { Role, roleFromLevel } from "@dineway-ai/auth";
+import { createKyselyAdapter } from "@dineway-ai/auth/adapters/kysely";
+
+import { apiError, apiSuccess, handleError } from "#api/error.js";
+import { isParseError, parseBody } from "#api/parse.js";
+import { allowedDomainUpdateBody } from "#api/schemas.js";
+
+/**
+ * PATCH - Update domain settings
+ */
+export const PATCH: APIRoute = async ({ params, request, locals }) => {
+	const { dineway, user } = locals;
+	const { domain } = params;
+
+	if (!dineway?.db) {
+		return apiError("NOT_CONFIGURED", "Database not configured", 500);
+	}
+
+	if (!domain) {
+		return apiError("VALIDATION_ERROR", "Domain is required", 400);
+	}
+
+	if (!user || user.role < Role.ADMIN) {
+		return apiError("FORBIDDEN", "Admin privileges required", 403);
+	}
+
+	const adapter = createKyselyAdapter(dineway.db);
+
+	try {
+		const body = await parseBody(request, allowedDomainUpdateBody);
+		if (isParseError(body)) return body;
+
+		// Check if domain exists
+		const existing = await adapter.getAllowedDomain(domain);
+		if (!existing) {
+			return apiError("NOT_FOUND", "Domain not found", 404);
+		}
+
+		// Role is already validated as RoleLevel by Zod schema
+		const defaultRole = body.defaultRole;
+
+		// Update domain
+		const enabled = body.enabled ?? existing.enabled;
+		await adapter.updateAllowedDomain(domain, enabled, defaultRole);
+
+		// Fetch updated domain
+		const updated = await adapter.getAllowedDomain(domain);
+
+		return apiSuccess({
+			success: true,
+			domain: updated
+				? {
+						domain: updated.domain,
+						defaultRole: updated.defaultRole,
+						roleName: roleFromLevel(updated.defaultRole),
+						enabled: updated.enabled,
+						createdAt: updated.createdAt.toISOString(),
+					}
+				: null,
+		});
+	} catch (error) {
+		return handleError(error, "Failed to update allowed domain", "DOMAIN_UPDATE_ERROR");
+	}
+};
+
+/**
+ * DELETE - Remove an allowed domain
+ */
+export const DELETE: APIRoute = async ({ params, locals }) => {
+	const { dineway, user } = locals;
+	const { domain } = params;
+
+	if (!dineway?.db) {
+		return apiError("NOT_CONFIGURED", "Database not configured", 500);
+	}
+
+	if (!domain) {
+		return apiError("VALIDATION_ERROR", "Domain is required", 400);
+	}
+
+	if (!user || user.role < Role.ADMIN) {
+		return apiError("FORBIDDEN", "Admin privileges required", 403);
+	}
+
+	const adapter = createKyselyAdapter(dineway.db);
+
+	try {
+		// Check if domain exists (optional - delete is idempotent)
+		const existing = await adapter.getAllowedDomain(domain);
+		if (!existing) {
+			return apiError("NOT_FOUND", "Domain not found", 404);
+		}
+
+		await adapter.deleteAllowedDomain(domain);
+
+		return apiSuccess({ success: true });
+	} catch (error) {
+		return handleError(error, "Failed to delete allowed domain", "DOMAIN_DELETE_ERROR");
+	}
+};

package/src/astro/routes/api/admin/allowed-domains/index.ts

@@ -0,0 +1,108 @@
+/**
+ * GET/POST /_dineway/api/admin/allowed-domains
+ *
+ * Admin endpoints for managing allowed signup domains.
+ * GET - List all allowed domains
+ * POST - Add a new allowed domain
+ */
+
+import type { APIRoute } from "astro";
+
+export const prerender = false;
+
+import { Role, roleFromLevel } from "@dineway-ai/auth";
+import { createKyselyAdapter } from "@dineway-ai/auth/adapters/kysely";
+
+import { apiError, apiSuccess, handleError } from "#api/error.js";
+import { isParseError, parseBody } from "#api/parse.js";
+import { allowedDomainCreateBody } from "#api/schemas.js";
+
+const DOMAIN_REGEX = /^[a-zA-Z0-9][a-zA-Z0-9-]*(\.[a-zA-Z0-9-]+)+$/;
+
+/**
+ * GET - List all allowed domains
+ */
+export const GET: APIRoute = async ({ locals }) => {
+	const { dineway, user } = locals;
+
+	if (!dineway?.db) {
+		return apiError("NOT_CONFIGURED", "Database not configured", 500);
+	}
+
+	if (!user || user.role < Role.ADMIN) {
+		return apiError("FORBIDDEN", "Admin privileges required", 403);
+	}
+
+	const adapter = createKyselyAdapter(dineway.db);
+
+	try {
+		const domains = await adapter.getAllowedDomains();
+
+		return apiSuccess({
+			domains: domains.map((d) => ({
+				domain: d.domain,
+				defaultRole: d.defaultRole,
+				roleName: roleFromLevel(d.defaultRole),
+				enabled: d.enabled,
+				createdAt: d.createdAt.toISOString(),
+			})),
+		});
+	} catch (error) {
+		return handleError(error, "Failed to list allowed domains", "DOMAIN_LIST_ERROR");
+	}
+};
+
+/**
+ * POST - Add a new allowed domain
+ */
+export const POST: APIRoute = async ({ request, locals }) => {
+	const { dineway, user } = locals;
+
+	if (!dineway?.db) {
+		return apiError("NOT_CONFIGURED", "Database not configured", 500);
+	}
+
+	if (!user || user.role < Role.ADMIN) {
+		return apiError("FORBIDDEN", "Admin privileges required", 403);
+	}
+
+	const adapter = createKyselyAdapter(dineway.db);
+
+	try {
+		const body = await parseBody(request, allowedDomainCreateBody);
+		if (isParseError(body)) return body;
+
+		// Role is already validated as RoleLevel by Zod schema
+		const defaultRole = body.defaultRole;
+
+		// Validate domain format (no protocol, just domain)
+		const cleanDomain = body.domain.toLowerCase().trim();
+		if (!DOMAIN_REGEX.test(cleanDomain)) {
+			return apiError("VALIDATION_ERROR", "Invalid domain format", 400);
+		}
+
+		// Check if domain already exists
+		const existing = await adapter.getAllowedDomain(cleanDomain);
+		if (existing) {
+			return apiError("CONFLICT", "Domain already exists", 409);
+		}
+
+		const domain = await adapter.createAllowedDomain(cleanDomain, defaultRole);
+
+		return apiSuccess(
+			{
+				success: true,
+				domain: {
+					domain: domain.domain,
+					defaultRole: domain.defaultRole,
+					roleName: roleFromLevel(domain.defaultRole),
+					enabled: domain.enabled,
+					createdAt: domain.createdAt.toISOString(),
+				},
+			},
+			201,
+		);
+	} catch (error) {
+		return handleError(error, "Failed to create allowed domain", "DOMAIN_CREATE_ERROR");
+	}
+};

package/src/astro/routes/api/admin/api-tokens/[id].ts

@@ -0,0 +1,40 @@
+/**
+ * Single API token endpoint
+ *
+ * DELETE /_dineway/api/admin/api-tokens/:id — Revoke a token
+ */
+
+import { Role } from "@dineway-ai/auth";
+import type { APIRoute } from "astro";
+
+import { apiError, handleError, unwrapResult } from "#api/error.js";
+import { handleApiTokenRevoke } from "#api/handlers/api-tokens.js";
+
+export const prerender = false;
+
+/**
+ * Revoke (delete) an API token.
+ */
+export const DELETE: APIRoute = async ({ params, locals }) => {
+	const { dineway, user } = locals;
+
+	if (!dineway?.db) {
+		return apiError("NOT_CONFIGURED", "Dineway is not initialized", 500);
+	}
+
+	if (!user || user.role < Role.ADMIN) {
+		return apiError("FORBIDDEN", "Admin privileges required", 403);
+	}
+
+	const tokenId = params.id;
+	if (!tokenId) {
+		return apiError("VALIDATION_ERROR", "Token ID is required", 400);
+	}
+
+	try {
+		const result = await handleApiTokenRevoke(dineway.db, tokenId, user.id);
+		return unwrapResult(result);
+	} catch (error) {
+		return handleError(error, "Failed to revoke API token", "TOKEN_REVOKE_ERROR");
+	}
+};

package/src/astro/routes/api/admin/api-tokens/index.ts

@@ -0,0 +1,68 @@
+/**
+ * API token management endpoints
+ *
+ * GET  /_dineway/api/admin/api-tokens — List tokens for current user
+ * POST /_dineway/api/admin/api-tokens — Create a new token
+ */
+
+import { Role } from "@dineway-ai/auth";
+import type { APIRoute } from "astro";
+import { z } from "zod";
+
+import { apiError, handleError, unwrapResult } from "#api/error.js";
+import { handleApiTokenCreate, handleApiTokenList } from "#api/handlers/api-tokens.js";
+import { isParseError, parseBody } from "#api/parse.js";
+import { VALID_SCOPES } from "#auth/api-tokens.js";
+
+export const prerender = false;
+
+const createTokenSchema = z.object({
+	name: z.string().min(1).max(100),
+	scopes: z.array(z.enum(VALID_SCOPES)).min(1),
+	expiresAt: z.string().datetime().optional(),
+});
+
+/**
+ * List API tokens for the current user.
+ * Admins can list all tokens (future: add ?userId= filter).
+ */
+export const GET: APIRoute = async ({ locals }) => {
+	const { dineway, user } = locals;
+
+	if (!dineway?.db) {
+		return apiError("NOT_CONFIGURED", "Dineway is not initialized", 500);
+	}
+
+	if (!user || user.role < Role.ADMIN) {
+		return apiError("FORBIDDEN", "Admin privileges required", 403);
+	}
+
+	const result = await handleApiTokenList(dineway.db, user.id);
+	return unwrapResult(result);
+};
+
+/**
+ * Create a new API token.
+ * Returns the raw token once — it cannot be retrieved again.
+ */
+export const POST: APIRoute = async ({ request, locals }) => {
+	const { dineway, user } = locals;
+
+	if (!dineway?.db) {
+		return apiError("NOT_CONFIGURED", "Dineway is not initialized", 500);
+	}
+
+	if (!user || user.role < Role.ADMIN) {
+		return apiError("FORBIDDEN", "Admin privileges required", 403);
+	}
+
+	try {
+		const body = await parseBody(request, createTokenSchema);
+		if (isParseError(body)) return body;
+
+		const result = await handleApiTokenCreate(dineway.db, user.id, body);
+		return unwrapResult(result, 201);
+	} catch (error) {
+		return handleError(error, "Failed to create API token", "TOKEN_CREATE_ERROR");
+	}
+};

package/src/astro/routes/api/admin/bylines/[id]/index.ts

@@ -0,0 +1,87 @@
+import { Role } from "@dineway-ai/auth";
+import type { APIRoute } from "astro";
+
+import { requirePerm } from "#api/authorize.js";
+import { apiError, apiSuccess, handleError } from "#api/error.js";
+import { isParseError, parseBody } from "#api/parse.js";
+import { bylineUpdateBody } from "#api/schemas.js";
+import { BylineRepository } from "#db/repositories/byline.js";
+
+export const prerender = false;
+
+function requireEditor(user: { role: number } | undefined): Response | null {
+	if (!user || user.role < Role.EDITOR) {
+		return apiError("FORBIDDEN", "Editor privileges required", 403);
+	}
+	return null;
+}
+
+export const GET: APIRoute = async ({ params, locals }) => {
+	const { dineway, user } = locals;
+	// Read access uses content:read so all authenticated roles can view byline data
+	const denied = requirePerm(user, "content:read");
+	if (denied) return denied;
+
+	if (!dineway?.db) {
+		return apiError("NOT_CONFIGURED", "Dineway is not initialized", 500);
+	}
+
+	try {
+		const repo = new BylineRepository(dineway.db);
+		const byline = await repo.findById(params.id!);
+		if (!byline) return apiError("NOT_FOUND", "Byline not found", 404);
+		return apiSuccess(byline);
+	} catch (error) {
+		return handleError(error, "Failed to get byline", "BYLINE_GET_ERROR");
+	}
+};
+
+export const PUT: APIRoute = async ({ params, request, locals }) => {
+	const { dineway, user } = locals;
+	const denied = requireEditor(user);
+	if (denied) return denied;
+
+	if (!dineway?.db) {
+		return apiError("NOT_CONFIGURED", "Dineway is not initialized", 500);
+	}
+
+	const body = await parseBody(request, bylineUpdateBody);
+	if (isParseError(body)) return body;
+
+	try {
+		const repo = new BylineRepository(dineway.db);
+		const byline = await repo.update(params.id!, {
+			slug: body.slug,
+			displayName: body.displayName,
+			bio: body.bio ?? null,
+			avatarMediaId: body.avatarMediaId ?? null,
+			websiteUrl: body.websiteUrl ?? null,
+			userId: body.userId ?? null,
+			isGuest: body.isGuest,
+		});
+
+		if (!byline) return apiError("NOT_FOUND", "Byline not found", 404);
+		return apiSuccess(byline);
+	} catch (error) {
+		return handleError(error, "Failed to update byline", "BYLINE_UPDATE_ERROR");
+	}
+};
+
+export const DELETE: APIRoute = async ({ params, locals }) => {
+	const { dineway, user } = locals;
+	const denied = requireEditor(user);
+	if (denied) return denied;
+
+	if (!dineway?.db) {
+		return apiError("NOT_CONFIGURED", "Dineway is not initialized", 500);
+	}
+
+	try {
+		const repo = new BylineRepository(dineway.db);
+		const deleted = await repo.delete(params.id!);
+		if (!deleted) return apiError("NOT_FOUND", "Byline not found", 404);
+		return apiSuccess({ deleted: true });
+	} catch (error) {
+		return handleError(error, "Failed to delete byline", "BYLINE_DELETE_ERROR");
+	}
+};

package/src/astro/routes/api/admin/bylines/index.ts

@@ -0,0 +1,72 @@
+import { Role } from "@dineway-ai/auth";
+import type { APIRoute } from "astro";
+
+import { requirePerm } from "#api/authorize.js";
+import { apiError, apiSuccess, handleError } from "#api/error.js";
+import { isParseError, parseBody, parseQuery } from "#api/parse.js";
+import { bylineCreateBody, bylinesListQuery } from "#api/schemas.js";
+import { BylineRepository } from "#db/repositories/byline.js";
+
+export const prerender = false;
+
+export const GET: APIRoute = async ({ url, locals }) => {
+	const { dineway, user } = locals;
+
+	if (!dineway?.db) {
+		return apiError("NOT_CONFIGURED", "Dineway is not initialized", 500);
+	}
+
+	// Read access uses content:read so all authenticated roles can view byline data
+	const denied = requirePerm(user, "content:read");
+	if (denied) return denied;
+
+	const query = parseQuery(url, bylinesListQuery);
+	if (isParseError(query)) return query;
+
+	try {
+		const repo = new BylineRepository(dineway.db);
+		const result = await repo.findMany({
+			search: query.search,
+			isGuest: query.isGuest,
+			userId: query.userId,
+			cursor: query.cursor,
+			limit: query.limit,
+		});
+
+		return apiSuccess(result);
+	} catch (error) {
+		return handleError(error, "Failed to list bylines", "BYLINE_LIST_ERROR");
+	}
+};
+
+export const POST: APIRoute = async ({ request, locals }) => {
+	const { dineway, user } = locals;
+
+	if (!dineway?.db) {
+		return apiError("NOT_CONFIGURED", "Dineway is not initialized", 500);
+	}
+
+	if (!user || user.role < Role.EDITOR) {
+		return apiError("FORBIDDEN", "Editor privileges required", 403);
+	}
+
+	const body = await parseBody(request, bylineCreateBody);
+	if (isParseError(body)) return body;
+
+	try {
+		const repo = new BylineRepository(dineway.db);
+		const byline = await repo.create({
+			slug: body.slug,
+			displayName: body.displayName,
+			bio: body.bio ?? null,
+			avatarMediaId: body.avatarMediaId ?? null,
+			websiteUrl: body.websiteUrl ?? null,
+			userId: body.userId ?? null,
+			isGuest: body.isGuest,
+		});
+
+		return apiSuccess(byline, 201);
+	} catch (error) {
+		return handleError(error, "Failed to create byline", "BYLINE_CREATE_ERROR");
+	}
+};