dineway 0.1.3 → 0.1.5

package/src/astro/routes/api/import/wordpress-plugin/analyze.ts

@@ -0,0 +1,111 @@
+/**
+ * WordPress Plugin analyze endpoint
+ *
+ * POST /_dineway/api/import/wordpress-plugin/analyze
+ *
+ * Analyzes a WordPress site with Dineway Exporter plugin installed.
+ * Returns content counts, schema compatibility, etc.
+ */
+
+import type { APIRoute } from "astro";
+import { SchemaRegistry } from "dineway";
+
+import { requirePerm } from "#api/authorize.js";
+import { apiError, apiSuccess, handleError } from "#api/error.js";
+import { isParseError, parseBody } from "#api/parse.js";
+import { wpPluginAnalyzeBody } from "#api/schemas.js";
+import { getSource } from "#import/index.js";
+import { resolveAndValidateExternalUrl, SsrfError } from "#import/ssrf.js";
+import type { ImportAnalysis } from "#import/types.js";
+import type { DinewayHandlers } from "#types";
+
+export const prerender = false;
+
+export interface WpPluginAnalyzeResponse {
+	success: boolean;
+	analysis?: ImportAnalysis;
+	error?: { message: string };
+}
+
+export const POST: APIRoute = async ({ request, locals }) => {
+	const { dineway, user } = locals;
+
+	const denied = requirePerm(user, "import:execute");
+	if (denied) return denied;
+
+	try {
+		const body = await parseBody(request, wpPluginAnalyzeBody);
+		if (isParseError(body)) return body;
+
+		// SSRF: reject internal/private network targets before import work starts.
+		try {
+			await resolveAndValidateExternalUrl(body.url);
+		} catch (e) {
+			const msg = e instanceof SsrfError ? e.message : "Invalid URL";
+			return apiError("SSRF_BLOCKED", msg, 400);
+		}
+
+		// Get the WordPress plugin source
+		const source = getSource("wordpress-plugin");
+		if (!source) {
+			return apiError("NOT_CONFIGURED", "WordPress plugin source not available", 500);
+		}
+
+		// Build context with existing collections info
+		const existingCollections = await fetchExistingCollections(dineway?.db);
+
+		// Analyze the site
+		const analysis = await source.analyze(
+			{ type: "url", url: body.url, token: body.token },
+			{
+				db: dineway?.db,
+				getExistingCollections: async () => existingCollections,
+			},
+		);
+
+		return apiSuccess({
+			success: true,
+			analysis,
+		});
+	} catch (error) {
+		return handleError(error, "Failed to analyze WordPress site", "WP_PLUGIN_ANALYZE_ERROR");
+	}
+};
+
+/** Existing collection info from schema registry */
+interface ExistingCollection {
+	slug: string;
+	fields: Map<string, { type: string }>;
+}
+
+/** Fetch collections and their fields from schema registry */
+async function fetchExistingCollections(
+	db: DinewayHandlers["db"] | undefined,
+): Promise<Map<string, ExistingCollection>> {
+	const result = new Map<string, ExistingCollection>();
+
+	if (!db) return result;
+
+	try {
+		const registry = new SchemaRegistry(db);
+		const collections = await registry.listCollections();
+
+		for (const collection of collections) {
+			const fields = await registry.listFields(collection.id);
+			const fieldMap = new Map<string, { type: string }>();
+
+			for (const field of fields) {
+				fieldMap.set(field.slug, { type: field.type });
+			}
+
+			result.set(collection.slug, {
+				slug: collection.slug,
+				fields: fieldMap,
+			});
+		}
+	} catch (error) {
+		console.warn("Could not fetch schema registry:", error);
+	}
+
+	return result;
+}

package/src/astro/routes/api/import/wordpress-plugin/callback.ts

@@ -0,0 +1,58 @@
+/**
+ * WordPress Application Password OAuth callback
+ *
+ * GET /_dineway/api/import/wordpress-plugin/callback
+ *
+ * WordPress redirects here after user approves the application password.
+ * We receive the credentials and redirect to the admin import UI with a token.
+ */
+
+import type { APIRoute } from "astro";
+
+import { encodeBase64 } from "#utils/base64.js";
+
+export const prerender = false;
+
+export const GET: APIRoute = async ({ url, cookies, redirect }) => {
+	// WordPress sends these params on success:
+	// - site_url: The WordPress site URL
+	// - user_login: The username
+	// - password: The newly created application password
+	//
+	// On rejection, it redirects to reject_url (if provided) or just doesn't include credentials
+
+	const siteUrl = url.searchParams.get("site_url");
+	const userLogin = url.searchParams.get("user_login");
+	const password = url.searchParams.get("password");
+
+	// Check if this is a rejection (no credentials)
+	if (!siteUrl || !userLogin || !password) {
+		return redirect("/_dineway/admin/import/wordpress?error=auth_rejected");
+	}
+
+	// Create the Basic Auth token
+	const token = encodeBase64(`${userLogin}:${password}`);
+
+	// Store credentials in a short-lived cookie (5 minutes)
+	// This allows the import UI to retrieve them
+	const authData = JSON.stringify({
+		siteUrl,
+		userLogin,
+		token,
+		timestamp: Date.now(),
+	});
+
+	// Base64 encode the auth data for cookie storage
+	const encodedAuth = encodeBase64(authData);
+
+	cookies.set("dineway_wp_auth", encodedAuth, {
+		path: "/_dineway/",
+		maxAge: 300, // 5 minutes
+		httpOnly: false, // Needs to be readable by JS
+		secure: url.protocol === "https:",
+		sameSite: "lax",
+	});
+
+	// Redirect to import UI - it will pick up the cookie
+	return redirect("/_dineway/admin/import/wordpress?auth=success");
+};

package/src/astro/routes/api/import/wordpress-plugin/execute.ts

@@ -0,0 +1,399 @@
+/**
+ * WordPress Plugin execute import endpoint
+ *
+ * POST /_dineway/api/import/wordpress-plugin/execute
+ *
+ * Imports content from WordPress via Dineway Exporter plugin API.
+ */
+
+import type { APIRoute } from "astro";
+import { ContentRepository, SchemaRegistry } from "dineway";
+import { z } from "zod";
+
+import { requirePerm } from "#api/authorize.js";
+import { apiError, apiSuccess, handleError } from "#api/error.js";
+import {
+	ensureWorkflowHitlRouteRequest,
+	hitlRequiredRouteError,
+	resolveHitlRouteActor,
+} from "#api/hitl-route-helpers.js";
+import { isParseError, parseBody } from "#api/parse.js";
+import { wpPluginExecuteBody } from "#api/schemas.js";
+import { BylineRepository } from "#db/repositories/byline.js";
+import { getSource } from "#import/index.js";
+import { resolveAndValidateExternalUrl, SsrfError } from "#import/ssrf.js";
+import type { ImportConfig, ImportResult, NormalizedItem } from "#import/types.js";
+import { resolveImportByline } from "#import/utils.js";
+import type { FieldType } from "#schema/types.js";
+import { RiskPolicyEvaluator, WordPressImportHitlPayloadBuilder } from "#site-context/index.js";
+import type { DinewayHandlers, DinewayManifest } from "#types";
+import { slugify } from "#utils/slugify.js";
+
+export const prerender = false;
+
+const wpPluginExecuteRouteBody = wpPluginExecuteBody.extend({
+	hitlRequestId: z.string().min(1).optional(),
+});
+
+export interface WpPluginImportConfig extends ImportConfig {
+	/** Author mappings (WP author login -> Dineway user ID) */
+	authorMappings?: Record<string, string | null>;
+}
+
+export interface WpPluginImportResponse {
+	success: boolean;
+	result?: ImportResult;
+	error?: { message: string };
+}
+
+export const POST: APIRoute = async ({ request, locals }) => {
+	const { dineway, dinewayManifest, user } = locals;
+
+	const denied = requirePerm(user, "import:execute");
+	if (denied) return denied;
+
+	if (!dineway?.handleContentCreate) {
+		return apiError("NOT_CONFIGURED", "Dineway is not configured", 500);
+	}
+
+	try {
+		const body = await parseBody(request, wpPluginExecuteRouteBody);
+		if (isParseError(body)) return body;
+
+		// SSRF: reject internal/private network targets before import work starts.
+		try {
+			await resolveAndValidateExternalUrl(body.url);
+		} catch (e) {
+			const msg = e instanceof SsrfError ? e.message : "Invalid URL";
+			return apiError("SSRF_BLOCKED", msg, 400);
+		}
+
+		// eslint-disable-next-line typescript-eslint(no-unsafe-type-assertion) -- Zod schema output narrowed to WpPluginImportConfig
+		const config = body.config as unknown as WpPluginImportConfig;
+
+		// Get the WordPress plugin source
+		const source = getSource("wordpress-plugin");
+		if (!source) {
+			return apiError("NOT_CONFIGURED", "WordPress plugin source not available", 500);
+		}
+
+		// Build the list of post types to fetch
+		const postTypes = Object.entries(config.postTypeMappings)
+			.filter(([_, mapping]) => mapping.enabled)
+			.map(([postType]) => postType);
+
+		if (postTypes.length === 0) {
+			return apiError("VALIDATION_ERROR", "No post types selected for import", 400);
+		}
+
+		console.log("[WP Plugin Import] Starting import for:", body.url);
+		console.log("[WP Plugin Import] Post types:", postTypes);
+
+		const sourceInput = { type: "url", url: body.url, token: body.token } as const;
+		const actor = resolveHitlRouteActor(locals);
+		const evaluator = new RiskPolicyEvaluator({
+			db: dineway.db,
+			handlers: dineway,
+		});
+		let items: AsyncIterable<NormalizedItem> | Iterable<NormalizedItem>;
+
+		if (evaluator.requiresWorkflowHitl(actor.identity)) {
+			const fetchedItems = await collectPluginItems(
+				source.fetchContent(sourceInput, { postTypes, includeDrafts: true }),
+			);
+			const action = await new WordPressImportHitlPayloadBuilder().buildPluginExecuteRequest({
+				siteUrl: body.url,
+				config,
+				items: fetchedItems,
+			});
+			const decision = await evaluator.evaluateWorkflowHitl({
+				actor: actor.identity,
+				hitlRequestId: body.hitlRequestId,
+				action,
+			});
+			if (!decision.allowed) {
+				const ensured = await ensureWorkflowHitlRouteRequest(dineway.db, locals, decision.action);
+				return hitlRequiredRouteError(decision, ensured);
+			}
+			items = fetchedItems;
+		} else {
+			items = source.fetchContent(sourceInput, { postTypes, includeDrafts: true });
+		}
+
+		// Import content (including drafts since we have auth)
+		const result = await importContent(items, config, dineway, dinewayManifest);
+
+		console.log("[WP Plugin Import] Import result:", JSON.stringify(result, null, 2));
+
+		return apiSuccess({
+			success: true,
+			result,
+		});
+	} catch (error) {
+		return handleError(error, "Failed to import from WordPress", "WP_PLUGIN_IMPORT_ERROR");
+	}
+};
+
+/** Fields that should be auto-created if they don't exist */
+const IMPORT_FIELDS: Array<{
+	slug: string;
+	label: string;
+	type: FieldType;
+	check: (item: NormalizedItem) => boolean;
+}> = [
+	{
+		slug: "title",
+		label: "Title",
+		type: "string",
+		check: () => true,
+	},
+	{
+		slug: "content",
+		label: "Content",
+		type: "portableText",
+		check: () => true,
+	},
+	{
+		slug: "excerpt",
+		label: "Excerpt",
+		type: "text",
+		check: (item) => !!item.excerpt,
+	},
+	{
+		slug: "featured_image",
+		label: "Featured Image",
+		type: "image",
+		check: (item) => !!item.featuredImage,
+	},
+];
+
+async function importContent(
+	items: AsyncIterable<NormalizedItem> | Iterable<NormalizedItem>,
+	config: WpPluginImportConfig,
+	dineway: DinewayHandlers,
+	manifest: DinewayManifest,
+): Promise<ImportResult> {
+	const result: ImportResult = {
+		success: true,
+		imported: 0,
+		skipped: 0,
+		errors: [],
+		byCollection: {},
+	};
+
+	// Create content repository for checking existing items
+	const contentRepo = new ContentRepository(dineway.db);
+	const bylineRepo = new BylineRepository(dineway.db);
+	const bylineCache = new Map<string, string>();
+	const schemaRegistry = new SchemaRegistry(dineway.db);
+
+	// Track which collections have had fields ensured
+	const ensuredCollections = new Set<string>();
+
+	// Track source translationGroup -> Dineway item ID for translation linking.
+	// Maps source-side translation group ID to the Dineway ID of the first item
+	// imported for that group (the default-locale item).
+	const translationGroupMap = new Map<string, string>();
+
+	for await (const item of items) {
+		console.log("[WP Plugin Import] Processing item:", {
+			sourceId: item.sourceId,
+			title: item.title,
+			postType: item.postType,
+			status: item.status,
+			contentBlocks: Array.isArray(item.content) ? item.content.length : 0,
+			featuredImage: item.featuredImage,
+			locale: item.locale,
+			translationGroup: item.translationGroup,
+		});
+
+		const mapping = config.postTypeMappings[item.postType];
+
+		// Skip if not mapped or disabled
+		if (!mapping || !mapping.enabled) {
+			result.skipped++;
+			continue;
+		}
+
+		const collection = mapping.collection;
+
+		// Check if collection exists in manifest
+		if (!manifest?.collections[collection]) {
+			result.errors.push({
+				title: item.title || "Untitled",
+				error: `Collection "${collection}" does not exist`,
+			});
+			continue;
+		}
+
+		try {
+			// Ensure required fields exist in the collection schema (once per collection)
+			if (!ensuredCollections.has(collection)) {
+				for (const field of IMPORT_FIELDS) {
+					if (field.check(item)) {
+						const existingField = await schemaRegistry.getField(collection, field.slug);
+						if (!existingField) {
+							console.log(
+								`[WP Plugin Import] Creating missing field "${field.slug}" in collection "${collection}"`,
+							);
+							try {
+								await schemaRegistry.createField(collection, {
+									slug: field.slug,
+									label: field.label,
+									type: field.type,
+									required: false,
+								});
+							} catch (e) {
+								// Field might already exist from concurrent creation
+								console.log(
+									`[WP Plugin Import] Field "${field.slug}" creation skipped:`,
+									e instanceof Error ? e.message : e,
+								);
+							}
+						}
+					}
+				}
+				ensuredCollections.add(collection);
+			}
+
+			// Generate slug from item slug or title
+			const slug = item.slug || slugify(item.title || `post-${item.sourceId}`);
+
+			// Check if already exists (idempotency) — locale-aware lookup
+			if (config.skipExisting) {
+				const existing = await contentRepo.findBySlug(collection, slug, item.locale);
+				if (existing) {
+					// Still track the translation group mapping for later items
+					if (item.translationGroup) {
+						translationGroupMap.set(item.translationGroup, existing.id);
+					}
+					result.skipped++;
+					continue;
+				}
+			}
+
+			// Map WordPress status to Dineway status
+			const status = mapStatus(item.status);
+
+			// Build data object - add all applicable fields
+			const data: Record<string, unknown> = {};
+
+			// Add standard fields
+			data.title = item.title || "Untitled";
+			data.content = item.content;
+
+			if (item.excerpt) {
+				data.excerpt = item.excerpt;
+			}
+			if (item.featuredImage) {
+				data.featured_image = item.featuredImage;
+				console.log("[WP Plugin Import] Adding featured_image:", item.featuredImage);
+			}
+
+			// Note: ACF/Yoast/RankMath fields are not added automatically
+			// They would need matching fields in the Dineway schema
+
+			// Resolve author ID from mappings
+			let authorId: string | undefined;
+			if (config.authorMappings && item.author) {
+				const mappedUserId = config.authorMappings[item.author];
+				if (mappedUserId !== undefined && mappedUserId !== null) {
+					authorId = mappedUserId;
+				}
+			}
+
+			const bylineId = await resolveImportByline(
+				item.author,
+				item.author, // display name fallback is the login
+				authorId,
+				bylineRepo,
+				bylineCache,
+			);
+
+			// Resolve translation link: if this item has a translationGroup and
+			// we've already imported another item in the same group, link them.
+			let translationOf: string | undefined;
+			if (item.translationGroup) {
+				const existingGroupItem = translationGroupMap.get(item.translationGroup);
+				if (existingGroupItem) {
+					translationOf = existingGroupItem;
+				}
+			}
+
+			// Preserve original dates from the source
+			const itemDateTime = item.date?.getTime();
+			const createdAt =
+				itemDateTime !== undefined && !Number.isNaN(itemDateTime)
+					? item.date.toISOString()
+					: undefined;
+			const publishedAt = status === "published" && createdAt ? createdAt : undefined;
+
+			// Create the content item
+			const createResult = await dineway.handleContentCreate(collection, {
+				data,
+				slug,
+				status,
+				authorId,
+				bylines: bylineId ? [{ bylineId }] : undefined,
+				locale: item.locale,
+				translationOf,
+				createdAt,
+				publishedAt,
+			});
+
+			if (createResult.success) {
+				result.imported++;
+				result.byCollection[collection] = (result.byCollection[collection] || 0) + 1;
+
+				// Track translation group: first item in a group establishes the mapping
+				if (item.translationGroup && !translationGroupMap.has(item.translationGroup)) {
+					// eslint-disable-next-line typescript-eslint(no-unsafe-type-assertion) -- handler success data includes id
+					const createdData = createResult.data as { id?: string } | undefined;
+					if (createdData?.id) {
+						translationGroupMap.set(item.translationGroup, createdData.id);
+					}
+				}
+			} else {
+				result.errors.push({
+					title: item.title || "Untitled",
+					error:
+						typeof createResult.error === "object" && createResult.error !== null
+							? (createResult.error as { message?: string }).message || "Unknown error"
+							: String(createResult.error),
+				});
+			}
+		} catch (error) {
+			console.error(`Import error for "${item.title || "Untitled"}":`, error);
+			result.errors.push({
+				title: item.title || "Untitled",
+				error: error instanceof Error && error.message ? error.message : "Failed to import item",
+			});
+		}
+	}
+
+	result.success = result.errors.length === 0;
+	return result;
+}
+
+function mapStatus(wpStatus: string | undefined): string {
+	switch (wpStatus) {
+		case "publish":
+			return "published";
+		case "draft":
+			return "draft";
+		case "pending":
+			return "draft";
+		case "private":
+			return "draft";
+		default:
+			return "draft";
+	}
+}
+
+async function collectPluginItems(items: AsyncIterable<NormalizedItem>): Promise<NormalizedItem[]> {
+	const collected: NormalizedItem[] = [];
+	for await (const item of items) {
+		collected.push(item);
+	}
+	return collected;
+}

package/src/astro/routes/api/manifest.ts

@@ -0,0 +1,75 @@
+/**
+ * Admin manifest endpoint - injected by Dineway integration
+ *
+ * GET /_dineway/api/manifest
+ *
+ * Returns the admin manifest with collection definitions and plugin info.
+ * The manifest is generated from the user's live.config.ts at runtime.
+ */
+
+import type { APIRoute } from "astro";
+
+import { getAuthMode } from "#auth/mode.js";
+
+import { experimentalSiteContextWorkflowsEnabled } from "../../../site-context/experimental-workflows.js";
+import { COMMIT, VERSION } from "../../../version.js";
+import { getStoredConfig } from "../../integration/runtime.js";
+import type { DinewayManifest } from "../../types.js";
+
+export const prerender = false;
+
+export const GET: APIRoute = async ({ locals }) => {
+	const { dinewayManifest, dineway } = locals;
+
+	// Determine auth mode from config
+	const authMode = getAuthMode(dineway?.config);
+	const adminBranding = dinewayManifest?.admin ?? dineway?.config.admin ?? getStoredConfig()?.admin;
+
+	// Check if self-signup is enabled (any allowed domain with enabled = 1)
+	// Only relevant for passkey auth — external auth providers handle their own signup
+	let signupEnabled = false;
+	if (dineway?.db && authMode.type === "passkey") {
+		try {
+			const { sql } = await import("kysely");
+			const result = await sql<{ cnt: unknown }>`
+				SELECT COUNT(*) as cnt FROM allowed_domains WHERE enabled = 1
+			`.execute(dineway.db);
+			signupEnabled = Number(result.rows[0]?.cnt ?? 0) > 0;
+		} catch {
+			// Table may not exist yet, that's fine
+		}
+	}
+
+	const manifest: DinewayManifest = dinewayManifest
+		? {
+				...dinewayManifest,
+				features: {
+					...dinewayManifest.features,
+					siteContextWorkflows: experimentalSiteContextWorkflowsEnabled(),
+				},
+				authMode: authMode.type === "external" ? authMode.providerType : "passkey",
+				signupEnabled,
+				admin: adminBranding,
+			}
+		: {
+				version: VERSION,
+				commit: COMMIT,
+				hash: "default",
+				collections: {},
+				plugins: {},
+				features: { siteContextWorkflows: experimentalSiteContextWorkflowsEnabled() },
+				taxonomies: [],
+				authMode: "passkey",
+				signupEnabled,
+				admin: adminBranding,
+			};
+
+	return Response.json(
+		{ data: manifest },
+		{
+			headers: {
+				"Cache-Control": "private, no-store",
+			},
+		},
+	);
+};