npm - dineway - Versions diffs - 0.1.9 → 0.1.12 - Mend

dineway 0.1.9 → 0.1.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (720) hide show

package/src/astro/routes/api/setup/status.ts DELETED Viewed

@@ -1,122 +0,0 @@
-/**
- * GET /_dineway/api/setup/status
- *
- * Returns setup status and seed file information
- */
-import type { APIRoute } from "astro";
-export const prerender = false;
-import { apiError, apiSuccess, handleError } from "#api/error.js";
-import { getAuthMode } from "#auth/mode.js";
-import { loadUserSeed } from "#seed/load.js";
-export const GET: APIRoute = async ({ locals }) => {
-	const { dineway } = locals;
-	if (!dineway?.db) {
-		return apiError("NOT_CONFIGURED", "Dineway is not initialized", 500);
-	}
-	try {
-		// Check if setup is complete
-		const setupComplete = await dineway.db
-			.selectFrom("options")
-			.select("value")
-			.where("name", "=", "dineway:setup_complete")
-			.executeTakeFirst();
-		// Value is JSON-encoded, parse it. Accepts both boolean true and string "true"
-		const isComplete =
-			setupComplete &&
-			(() => {
-				try {
-					const parsed = JSON.parse(setupComplete.value);
-					return parsed === true || parsed === "true";
-				} catch {
-					return false;
-				}
-			})();
-		// Also check if users exist
-		let hasUsers = false;
-		try {
-			const userCount = await dineway.db
-				.selectFrom("users")
-				.select((eb) => eb.fn.countAll<number>().as("count"))
-				.executeTakeFirstOrThrow();
-			hasUsers = userCount.count > 0;
-		} catch {
-			// Users table might not exist yet
-		}
-		// Setup is complete only if flag is set AND users exist
-		if (isComplete && hasUsers) {
-			return apiSuccess({
-				needsSetup: false,
-			});
-		}
-		// Determine current step
-		// step: "start" | "site" | "admin" | "complete"
-		let step: "start" | "site" | "admin" = "start";
-		// Get setup state if it exists
-		const setupState = await dineway.db
-			.selectFrom("options")
-			.select("value")
-			.where("name", "=", "dineway:setup_state")
-			.executeTakeFirst();
-		if (setupState) {
-			try {
-				const state = JSON.parse(setupState.value);
-				if (state.step === "admin") {
-					step = "admin";
-				} else if (state.step === "site") {
-					step = "site";
-				}
-			} catch {
-				// Invalid state, stay at start
-			}
-		}
-		// If setup_complete but no users, jump to admin step
-		if (isComplete && !hasUsers) {
-			step = "admin";
-		}
-		// Check auth mode
-		const authMode = getAuthMode(dineway.config);
-		const useExternalAuth = authMode.type === "external";
-		// In external auth mode, setup is complete if flag is set (no users required initially)
-		if (useExternalAuth && isComplete) {
-			return apiSuccess({
-				needsSetup: false,
-			});
-		}
-		// Setup needed - try to load seed file info
-		const seed = await loadUserSeed();
-		const seedInfo = seed
-			? {
-					name: seed.meta?.name || "Unknown Template",
-					description: seed.meta?.description || "",
-					collections: seed.collections?.length || 0,
-					hasContent: !!(seed.content && Object.keys(seed.content).length > 0),
-				}
-			: null;
-		return apiSuccess({
-			needsSetup: true,
-			step,
-			seedInfo,
-			// Tell the wizard which auth mode is active
-			authMode: useExternalAuth ? authMode.providerType : "passkey",
-		});
-	} catch (error) {
-		return handleError(error, "Failed to check setup status", "SETUP_STATUS_ERROR");
-	}
-};

package/src/astro/routes/api/snapshot.ts DELETED Viewed

@@ -1,76 +0,0 @@
-/**
- * Snapshot endpoint — exports a portable database snapshot for preview mode.
- *
- * Security:
- * - Authenticated users: requires content:read + schema:read permissions
- * - Preview services: requires valid X-Preview-Signature header (HMAC-SHA256)
- * - Excludes auth/user/session/token tables
- */
-import type { APIRoute } from "astro";
-import { requirePerm } from "#api/authorize.js";
-import { apiError, apiSuccess, handleError } from "#api/error.js";
-import {
-	generateSnapshot,
-	parsePreviewSignatureHeader,
-	verifyPreviewSignature,
-} from "#api/handlers/snapshot.js";
-import { getPublicOrigin } from "#api/public-url.js";
-export const prerender = false;
-export const GET: APIRoute = async ({ request, locals, url }) => {
-	const { dineway, user } = locals;
-	if (!dineway?.db) {
-		return apiError("NOT_CONFIGURED", "Dineway is not initialized", 500);
-	}
-	// Check for preview signature auth (used by preview sidecars)
-	const previewSig = request.headers.get("X-Preview-Signature");
-	let authorized = false;
-	if (previewSig) {
-		const secret = import.meta.env.DINEWAY_PREVIEW_SECRET || import.meta.env.PREVIEW_SECRET || "";
-		if (!secret) {
-			console.warn(
-				"[snapshot] X-Preview-Signature header present but no PREVIEW_SECRET configured",
-			);
-		} else {
-			const parsed = parsePreviewSignatureHeader(previewSig);
-			if (!parsed) {
-				console.warn("[snapshot] Failed to parse X-Preview-Signature header");
-			} else {
-				authorized = await verifyPreviewSignature(parsed.source, parsed.exp, parsed.sig, secret);
-				if (!authorized) {
-					console.warn("[snapshot] Preview signature verification failed", {
-						source: parsed.source,
-						exp: parsed.exp,
-						expired: parsed.exp < Date.now() / 1000,
-					});
-				}
-			}
-		}
-	}
-	if (!authorized) {
-		// Fall back to standard user auth
-		const contentDenied = requirePerm(user, "content:read");
-		if (contentDenied) return contentDenied;
-		const schemaDenied = requirePerm(user, "schema:read");
-		if (schemaDenied) return schemaDenied;
-	}
-	try {
-		const includeDrafts = url.searchParams.get("drafts") === "true";
-		const snapshot = await generateSnapshot(dineway.db, {
-			includeDrafts,
-			origin: getPublicOrigin(url, dineway.config),
-		});
-		return apiSuccess(snapshot);
-	} catch (error) {
-		return handleError(error, "Failed to generate snapshot", "SNAPSHOT_ERROR");
-	}
-};

package/src/astro/routes/api/taxonomies/[name]/terms/[slug].ts DELETED Viewed

@@ -1,232 +0,0 @@
-/**
- * Single term endpoint
- *
- * GET /_dineway/api/taxonomies/:name/terms/:slug - Get a single term
- * PUT /_dineway/api/taxonomies/:name/terms/:slug - Update a term
- * DELETE /_dineway/api/taxonomies/:name/terms/:slug - Delete a term
- */
-import type { APIRoute } from "astro";
-import { z } from "zod";
-import { requirePerm } from "#api/authorize.js";
-import { apiError, handleError, requireDb, unwrapResult } from "#api/error.js";
-import { handleTermDelete, handleTermGet, handleTermUpdate } from "#api/handlers/taxonomies.js";
-import {
-	ensureWorkflowHitlRouteRequest,
-	hitlRequiredRouteError,
-	resolveHitlRouteActor,
-} from "#api/hitl-route-helpers.js";
-import { isParseError, parseBody, parseQuery } from "#api/parse.js";
-import { updateTermBody } from "#api/schemas.js";
-import {
-	activityChangedKeys,
-	logTaxonomyActivity,
-	RiskPolicyEvaluator,
-	taxonomyApiRouteSource,
-	TaxonomyHitlPayloadBuilder,
-} from "#site-context/index.js";
-export const prerender = false;
-const updateTermHitlBody = updateTermBody.extend({
-	hitlRequestId: z.string().min(1).optional(),
-});
-const deleteTermQuery = z.object({
-	hitlRequestId: z.string().min(1).optional(),
-});
-/**
- * Get a single term
- */
-export const GET: APIRoute = async ({ params, locals }) => {
-	const { dineway, user } = locals;
-	const { name, slug } = params;
-	if (!name || !slug) {
-		return apiError("VALIDATION_ERROR", "Taxonomy name and slug required", 400);
-	}
-	const dbErr = requireDb(dineway?.db);
-	if (dbErr) return dbErr;
-	const denied = requirePerm(user, "taxonomies:read");
-	if (denied) return denied;
-	try {
-		const result = await handleTermGet(dineway.db, name, slug);
-		return unwrapResult(result);
-	} catch (error) {
-		return handleError(error, "Failed to get term", "TERM_GET_ERROR");
-	}
-};
-/**
- * Update a term
- */
-export const PUT: APIRoute = async ({ params, request, locals }) => {
-	const { dineway, user } = locals;
-	const { name, slug } = params;
-	if (!name || !slug) {
-		return apiError("VALIDATION_ERROR", "Taxonomy name and slug required", 400);
-	}
-	const dbErr = requireDb(dineway?.db);
-	if (dbErr) return dbErr;
-	const denied = requirePerm(user, "taxonomies:manage");
-	if (denied) return denied;
-	try {
-		const body = await parseBody(request, updateTermHitlBody);
-		if (isParseError(body)) return body;
-		const current = await handleTermGet(dineway.db, name, slug);
-		if (!current.success) return unwrapResult(current);
-		const { hitlRequestId, ...termInput } = body;
-		const actor = resolveHitlRouteActor(locals);
-		const evaluator = new RiskPolicyEvaluator({
-			db: dineway.db,
-			handlers: dineway,
-		});
-		let approvedHitlRequestId: string | null = null;
-		if (evaluator.requiresWorkflowHitl(actor.identity)) {
-			const payloadBuilder = new TaxonomyHitlPayloadBuilder(dineway.db);
-			const taxonomy = await payloadBuilder.loadTaxonomyDefinition(name);
-			if (!taxonomy) {
-				return apiError("NOT_FOUND", `Taxonomy '${name}' not found`, 404);
-			}
-			const action = await payloadBuilder.buildUpdateTermRequest({
-				taxonomy,
-				currentTerm: {
-					id: current.data.term.id,
-					name: current.data.term.name,
-					slug: current.data.term.slug,
-					label: current.data.term.label,
-					parentId: current.data.term.parentId,
-					description: current.data.term.description ?? null,
-				},
-				...termInput,
-			});
-			const decision = await evaluator.evaluateWorkflowHitl({
-				actor: actor.identity,
-				hitlRequestId,
-				action,
-			});
-			if (!decision.allowed) {
-				const ensured = await ensureWorkflowHitlRouteRequest(dineway.db, locals, decision.action);
-				return hitlRequiredRouteError(decision, ensured);
-			}
-			approvedHitlRequestId = decision.hitlRequest.id;
-		}
-		const result = await handleTermUpdate(dineway.db, name, slug, termInput);
-		if (result.success) {
-			await logTaxonomyActivity(dineway.db, locals, {
-				action: "term_updated",
-				taxonomyName: name,
-				termId: result.data.term.id,
-				termSlug: result.data.term.slug,
-				...taxonomyApiRouteSource("term_updated"),
-				detail: {
-					changedKeys: activityChangedKeys(termInput),
-					label: result.data.term.label,
-					parentId: result.data.term.parentId,
-					description: result.data.term.description ?? null,
-					hitlRequestId: approvedHitlRequestId,
-				},
-			});
-		}
-		return unwrapResult(result);
-	} catch (error) {
-		return handleError(error, "Failed to update term", "TERM_UPDATE_ERROR");
-	}
-};
-/**
- * Delete a term
- */
-export const DELETE: APIRoute = async ({ params, request, locals }) => {
-	const { dineway, user } = locals;
-	const { name, slug } = params;
-	if (!name || !slug) {
-		return apiError("VALIDATION_ERROR", "Taxonomy name and slug required", 400);
-	}
-	const dbErr = requireDb(dineway?.db);
-	if (dbErr) return dbErr;
-	const denied = requirePerm(user, "taxonomies:manage");
-	if (denied) return denied;
-	const query = parseQuery(new URL(request.url), deleteTermQuery);
-	if (isParseError(query)) return query;
-	try {
-		const current = await handleTermGet(dineway.db, name, slug);
-		if (!current.success) return unwrapResult(current);
-		const actor = resolveHitlRouteActor(locals);
-		const evaluator = new RiskPolicyEvaluator({
-			db: dineway.db,
-			handlers: dineway,
-		});
-		let approvedHitlRequestId: string | null = null;
-		if (evaluator.requiresWorkflowHitl(actor.identity)) {
-			const payloadBuilder = new TaxonomyHitlPayloadBuilder(dineway.db);
-			const taxonomy = await payloadBuilder.loadTaxonomyDefinition(name);
-			if (!taxonomy) {
-				return apiError("NOT_FOUND", `Taxonomy '${name}' not found`, 404);
-			}
-			const action = await payloadBuilder.buildDeleteTermRequest({
-				taxonomy,
-				currentTerm: {
-					id: current.data.term.id,
-					name: current.data.term.name,
-					slug: current.data.term.slug,
-					label: current.data.term.label,
-					parentId: current.data.term.parentId,
-					description: current.data.term.description ?? null,
-				},
-			});
-			const decision = await evaluator.evaluateWorkflowHitl({
-				actor: actor.identity,
-				hitlRequestId: query.hitlRequestId,
-				action,
-			});
-			if (!decision.allowed) {
-				const ensured = await ensureWorkflowHitlRouteRequest(dineway.db, locals, decision.action);
-				return hitlRequiredRouteError(decision, ensured);
-			}
-			approvedHitlRequestId = decision.hitlRequest.id;
-		}
-		const result = await handleTermDelete(dineway.db, name, slug);
-		if (result.success) {
-			await logTaxonomyActivity(dineway.db, locals, {
-				action: "term_deleted",
-				taxonomyName: name,
-				termId: current.data.term.id,
-				termSlug: current.data.term.slug,
-				...taxonomyApiRouteSource("term_deleted"),
-				detail: {
-					label: current.data.term.label,
-					parentId: current.data.term.parentId,
-					description: current.data.term.description ?? null,
-					hitlRequestId: approvedHitlRequestId,
-				},
-			});
-		}
-		return unwrapResult(result);
-	} catch (error) {
-		return handleError(error, "Failed to delete term", "TERM_DELETE_ERROR");
-	}
-};

package/src/astro/routes/api/taxonomies/[name]/terms/index.ts DELETED Viewed

@@ -1,131 +0,0 @@
-/**
- * Taxonomy terms list and create endpoint
- *
- * GET /_dineway/api/taxonomies/:name/terms - List all terms (tree for hierarchical)
- * POST /_dineway/api/taxonomies/:name/terms - Create a new term
- */
-import type { APIRoute } from "astro";
-import { z } from "zod";
-import { requirePerm } from "#api/authorize.js";
-import { apiError, handleError, requireDb, unwrapResult } from "#api/error.js";
-import { handleTermCreate, handleTermList } from "#api/handlers/taxonomies.js";
-import {
-	ensureWorkflowHitlRouteRequest,
-	hitlRequiredRouteError,
-	resolveHitlRouteActor,
-} from "#api/hitl-route-helpers.js";
-import { isParseError, parseBody } from "#api/parse.js";
-import { createTermBody } from "#api/schemas.js";
-import {
-	logTaxonomyActivity,
-	RiskPolicyEvaluator,
-	taxonomyApiRouteSource,
-	TaxonomyHitlPayloadBuilder,
-} from "#site-context/index.js";
-export const prerender = false;
-const createTermHitlBody = createTermBody.extend({
-	hitlRequestId: z.string().min(1).optional(),
-});
-/**
- * List all terms for a taxonomy
- */
-export const GET: APIRoute = async ({ params, locals }) => {
-	const { dineway, user } = locals;
-	const { name } = params;
-	if (!name) {
-		return apiError("VALIDATION_ERROR", "Taxonomy name required", 400);
-	}
-	const dbErr = requireDb(dineway?.db);
-	if (dbErr) return dbErr;
-	const denied = requirePerm(user, "taxonomies:read");
-	if (denied) return denied;
-	try {
-		const result = await handleTermList(dineway.db, name);
-		return unwrapResult(result);
-	} catch (error) {
-		return handleError(error, "Failed to list terms", "TERM_LIST_ERROR");
-	}
-};
-/**
- * Create a new term
- */
-export const POST: APIRoute = async ({ params, request, locals }) => {
-	const { dineway, user } = locals;
-	const { name } = params;
-	if (!name) {
-		return apiError("VALIDATION_ERROR", "Taxonomy name required", 400);
-	}
-	const dbErr = requireDb(dineway?.db);
-	if (dbErr) return dbErr;
-	const denied = requirePerm(user, "taxonomies:manage");
-	if (denied) return denied;
-	try {
-		const body = await parseBody(request, createTermHitlBody);
-		if (isParseError(body)) return body;
-		const { hitlRequestId, ...termInput } = body;
-		const actor = resolveHitlRouteActor(locals);
-		const evaluator = new RiskPolicyEvaluator({
-			db: dineway.db,
-			handlers: dineway,
-		});
-		let approvedHitlRequestId: string | null = null;
-		if (evaluator.requiresWorkflowHitl(actor.identity)) {
-			const payloadBuilder = new TaxonomyHitlPayloadBuilder(dineway.db);
-			const taxonomy = await payloadBuilder.loadTaxonomyDefinition(name);
-			if (!taxonomy) {
-				return apiError("NOT_FOUND", `Taxonomy '${name}' not found`, 404);
-			}
-			const action = await payloadBuilder.buildCreateTermRequest({
-				taxonomy,
-				...termInput,
-			});
-			const decision = await evaluator.evaluateWorkflowHitl({
-				actor: actor.identity,
-				hitlRequestId,
-				action,
-			});
-			if (!decision.allowed) {
-				const ensured = await ensureWorkflowHitlRouteRequest(dineway.db, locals, decision.action);
-				return hitlRequiredRouteError(decision, ensured);
-			}
-			approvedHitlRequestId = decision.hitlRequest.id;
-		}
-		const result = await handleTermCreate(dineway.db, name, termInput);
-		if (result.success) {
-			await logTaxonomyActivity(dineway.db, locals, {
-				action: "term_created",
-				taxonomyName: name,
-				termId: result.data.term.id,
-				termSlug: result.data.term.slug,
-				...taxonomyApiRouteSource("term_created"),
-				detail: {
-					label: result.data.term.label,
-					parentId: result.data.term.parentId,
-					description: result.data.term.description ?? null,
-					hitlRequestId: approvedHitlRequestId,
-				},
-			});
-		}
-		return unwrapResult(result, 201);
-	} catch (error) {
-		return handleError(error, "Failed to create term", "TERM_CREATE_ERROR");
-	}
-};

package/src/astro/routes/api/taxonomies/index.ts DELETED Viewed

@@ -1,114 +0,0 @@
-/**
- * Taxonomy definitions endpoint
- *
- * GET  /_dineway/api/taxonomies - List all taxonomy definitions
- * POST /_dineway/api/taxonomies - Create a custom taxonomy definition
- */
-import type { APIRoute } from "astro";
-import { z } from "zod";
-import { requirePerm } from "#api/authorize.js";
-import { handleError, requireDb, unwrapResult } from "#api/error.js";
-import { handleTaxonomyCreate, handleTaxonomyList } from "#api/handlers/taxonomies.js";
-import {
-	ensureWorkflowHitlRouteRequest,
-	hitlRequiredRouteError,
-	resolveHitlRouteActor,
-} from "#api/hitl-route-helpers.js";
-import { isParseError, parseBody } from "#api/parse.js";
-import { createTaxonomyDefBody } from "#api/schemas.js";
-import {
-	logTaxonomyActivity,
-	RiskPolicyEvaluator,
-	taxonomyApiRouteSource,
-	TaxonomyHitlPayloadBuilder,
-} from "#site-context/index.js";
-export const prerender = false;
-const createTaxonomyHitlBody = createTaxonomyDefBody.extend({
-	hitlRequestId: z.string().min(1).optional(),
-});
-/**
- * List taxonomy definitions
- */
-export const GET: APIRoute = async ({ locals }) => {
-	const { dineway, user } = locals;
-	const dbErr = requireDb(dineway?.db);
-	if (dbErr) return dbErr;
-	const denied = requirePerm(user, "taxonomies:read");
-	if (denied) return denied;
-	try {
-		const result = await handleTaxonomyList(dineway.db);
-		return unwrapResult(result);
-	} catch (error) {
-		return handleError(error, "Failed to list taxonomies", "TAXONOMY_LIST_ERROR");
-	}
-};
-/**
- * Create a custom taxonomy definition
- */
-export const POST: APIRoute = async ({ request, locals }) => {
-	const { dineway, user } = locals;
-	const dbErr = requireDb(dineway?.db);
-	if (dbErr) return dbErr;
-	const denied = requirePerm(user, "taxonomies:manage");
-	if (denied) return denied;
-	try {
-		const body = await parseBody(request, createTaxonomyHitlBody);
-		if (isParseError(body)) return body;
-		const { hitlRequestId, ...taxonomyInput } = body;
-		const actor = resolveHitlRouteActor(locals);
-		const evaluator = new RiskPolicyEvaluator({
-			db: dineway.db,
-			handlers: dineway,
-		});
-		let approvedHitlRequestId: string | null = null;
-		if (evaluator.requiresWorkflowHitl(actor.identity)) {
-			const action = await new TaxonomyHitlPayloadBuilder(dineway.db).buildCreateTaxonomyRequest(
-				taxonomyInput,
-			);
-			const decision = await evaluator.evaluateWorkflowHitl({
-				actor: actor.identity,
-				hitlRequestId,
-				action,
-			});
-			if (!decision.allowed) {
-				const ensured = await ensureWorkflowHitlRouteRequest(dineway.db, locals, decision.action);
-				return hitlRequiredRouteError(decision, ensured);
-			}
-			approvedHitlRequestId = decision.hitlRequest.id;
-		}
-		const result = await handleTaxonomyCreate(dineway.db, taxonomyInput);
-		if (result.success) dineway.invalidateManifest();
-		if (result.success) {
-			await logTaxonomyActivity(dineway.db, locals, {
-				action: "created",
-				taxonomyId: result.data.taxonomy.id,
-				taxonomyName: result.data.taxonomy.name,
-				...taxonomyApiRouteSource("created"),
-				detail: {
-					label: result.data.taxonomy.label,
-					hierarchical: result.data.taxonomy.hierarchical,
-					collections: result.data.taxonomy.collections,
-					hitlRequestId: approvedHitlRequestId,
-				},
-			});
-		}
-		return unwrapResult(result, 201);
-	} catch (error) {
-		return handleError(error, "Failed to create taxonomy", "TAXONOMY_CREATE_ERROR");
-	}
-};