domma-cms 0.10.0 → 0.12.0

package/server/services/actions.js

@@ -265,7 +265,7 @@ export async function createAction(data, userId = null) {
         },
         steps,
         access: {
-            roles: access?.roles || ['admin'],
+            roles: access?.roles || ['admin', 'super-admin'],
             rowLevel: access?.rowLevel || null
         },
         meta: { createdAt: now, updatedAt: now, createdBy: userId }

package/server/services/managerClient.js

@@ -0,0 +1,182 @@
+/**
+ * Client for outbound calls from domma-cms → domma-cms-manager.
+ * Reads MANAGER_URL and INSTANCE_SECRET from env at call time.
+ * All functions return null/[] gracefully if MANAGER_URL is unset.
+ */
+
+import {createHmac} from 'node:crypto';
+import {readFile} from 'node:fs/promises';
+import {fileURLToPath} from 'node:url';
+import {dirname, join} from 'node:path';
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+
+/**
+ * Read the CMS version from the root package.json.
+ * @returns {Promise<string>} The version string, or '0.0.0' on error.
+ */
+async function getCmsVersion() {
+    try {
+        const pkgPath = join(__dirname, '../../package.json');
+        const raw = await readFile(pkgPath, 'utf-8');
+        return JSON.parse(raw).version ?? '0.0.0';
+    } catch {
+        return '0.0.0';
+    }
+}
+
+/**
+ * Register this CMS instance with domma-cms-manager.
+ *
+ * @param {string} fingerprint - Unique instance fingerprint.
+ * @returns {Promise<{licenseToken: string, instanceId: string}|null>}
+ */
+export async function registerInstance(fingerprint) {
+    const MANAGER_URL = process.env.MANAGER_URL;
+    const INSTANCE_SECRET = process.env.INSTANCE_SECRET;
+
+    if (!MANAGER_URL) return null;
+    if (!INSTANCE_SECRET) {
+        console.warn('[managerClient] INSTANCE_SECRET not set — skipping registerInstance');
+        return null;
+    }
+
+    try {
+        const cmsVersion = await getCmsVersion();
+        const hostname = process.env.HOSTNAME ?? 'unknown';
+
+        const token = createHmac('sha256', INSTANCE_SECRET)
+            .update(fingerprint)
+            .digest('hex');
+
+        const res = await fetch(`${MANAGER_URL}/api/instances/register`, {
+            signal: AbortSignal.timeout(10_000),
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'X-Instance-Token': token,
+            },
+            body: JSON.stringify({ fingerprint, cmsVersion, hostname }),
+        });
+
+        if (!res.ok) {
+            console.warn(`[managerClient] registerInstance failed: ${res.status} ${res.statusText}`);
+            return null;
+        }
+
+        return await res.json();
+    } catch (err) {
+        console.warn('[managerClient] registerInstance error:', err.message);
+        return null;
+    }
+}
+
+/**
+ * Fetch the plugin catalogue from domma-cms-manager.
+ *
+ * @param {string} licenseToken - License token obtained from registerInstance.
+ * @returns {Promise<Array<{slug: string, version: string, displayName: string, description: string, price: number, entitled: boolean}>>}
+ */
+export async function fetchCatalogue(licenseToken) {
+    const MANAGER_URL = process.env.MANAGER_URL;
+
+    if (!MANAGER_URL) return [];
+
+    try {
+        const res = await fetch(`${MANAGER_URL}/api/plugins/catalogue`, {
+            signal: AbortSignal.timeout(10_000),
+            headers: {
+                Authorization: `Bearer ${licenseToken}`,
+            },
+        });
+
+        if (!res.ok) {
+            console.warn(`[managerClient] fetchCatalogue failed: ${res.status} ${res.statusText}`);
+            return [];
+        }
+
+        return await res.json();
+    } catch (err) {
+        console.warn('[managerClient] fetchCatalogue error:', err.message);
+        return [];
+    }
+}
+
+/**
+ * Fetch a plugin bundle (tarball + signature) from domma-cms-manager.
+ *
+ * @param {string} slug - Plugin slug.
+ * @param {string} version - Plugin version.
+ * @param {string} licenseToken - License token obtained from registerInstance.
+ * @returns {Promise<{tarball: Buffer, signature: string, publicKeyId: string}|null>}
+ */
+export async function fetchPluginBundle(slug, version, licenseToken) {
+    const MANAGER_URL = process.env.MANAGER_URL;
+
+    if (!MANAGER_URL) return null;
+
+    try {
+        const res = await fetch(`${MANAGER_URL}/api/plugins/install/${slug}/${version}`, {
+            signal: AbortSignal.timeout(10_000),
+            headers: {
+                Authorization: `Bearer ${licenseToken}`,
+            },
+        });
+
+        if (!res.ok) {
+            console.warn(`[managerClient] fetchPluginBundle failed: ${res.status} ${res.statusText}`);
+            return null;
+        }
+
+        const json = await res.json();
+
+        if (typeof json.tarball !== 'string' || json.tarball.length > 100 * 1024 * 1024) {
+            console.warn('[managerClient] fetchPluginBundle: tarball too large or invalid, refusing decode');
+            return null;
+        }
+
+        return {
+            tarball: Buffer.from(json.tarball, 'base64'),
+            signature: json.signature,
+            publicKeyId: json.publicKeyId,
+        };
+    } catch (err) {
+        console.warn('[managerClient] fetchPluginBundle error:', err.message);
+        return null;
+    }
+}
+
+/**
+ * Send a heartbeat to domma-cms-manager with the list of installed plugins.
+ *
+ * @param {string} licenseToken - License token obtained from registerInstance.
+ * @param {string[]} installedSlugs - Array of installed plugin slugs.
+ * @returns {Promise<boolean>} True on success, false on error.
+ */
+export async function heartbeat(licenseToken, installedSlugs) {
+    const MANAGER_URL = process.env.MANAGER_URL;
+
+    if (!MANAGER_URL) return false;
+
+    try {
+        const res = await fetch(`${MANAGER_URL}/api/instances/heartbeat`, {
+            signal: AbortSignal.timeout(10_000),
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                Authorization: `Bearer ${licenseToken}`,
+            },
+            body: JSON.stringify({ installedSlugs, versions: {} }),
+        });
+
+        if (!res.ok) {
+            console.warn(`[managerClient] heartbeat failed: ${res.status} ${res.statusText}`);
+            return false;
+        }
+
+        return true;
+    } catch (err) {
+        console.warn('[managerClient] heartbeat error:', err.message);
+        return false;
+    }
+}

package/server/services/permissionRegistry.js

@@ -1,173 +1,245 @@
-/**
- * Permission Registry
- * Single source of truth for all resource/action definitions in the CMS.
- * Adding a new resource or custom action is a one-file change here.
- */
-
-/** @type {ReadonlyArray<{key:string,label:string,description:string,icon:string,group:string,actions:{key:string,label:string,description:string}[]}>} */
-export const REGISTRY = Object.freeze([
-    {
-        key: 'pages',
-        label: 'Pages',
-        description: 'Manage site pages and their content.',
-        icon: 'file-text',
-        group: 'Content',
-        actions: [
-            {key: 'read', label: 'View', description: 'View pages and their content'},
-            {key: 'create', label: 'Create', description: 'Create new pages'},
-            {key: 'update', label: 'Edit', description: 'Edit existing pages'},
-            {key: 'delete', label: 'Delete', description: 'Delete pages'}
-        ]
-    },
-    {
-        key: 'media',
-        label: 'Media',
-        description: 'Upload and manage media files.',
-        icon: 'image',
-        group: 'Content',
-        actions: [
-            {key: 'read', label: 'View', description: 'View media library'},
-            {key: 'create', label: 'Upload', description: 'Upload new files'},
-            {key: 'update', label: 'Edit', description: 'Rename or update file metadata'},
-            {key: 'delete', label: 'Delete', description: 'Delete media files'}
-        ]
-    },
-    {
-        key: 'blocks',
-        label: 'Blocks',
-        description: 'Manage reusable content blocks.',
-        icon: 'box',
-        group: 'Content',
-        actions: [
-            {key: 'read', label: 'View', description: 'View content blocks'},
-            {key: 'create', label: 'Create', description: 'Create new blocks'},
-            {key: 'update', label: 'Edit', description: 'Edit existing blocks'},
-            {key: 'delete', label: 'Delete', description: 'Delete blocks'}
-        ]
-    },
-    {
-        key: 'navigation',
-        label: 'Navigation',
-        description: 'Configure site navigation menus.',
-        icon: 'menu',
-        group: 'Structure',
-        actions: [
-            {key: 'read', label: 'View', description: 'View navigation menus'},
-            {key: 'create', label: 'Create', description: 'Create new menu items'},
-            {key: 'update', label: 'Edit', description: 'Edit navigation structure'},
-            {key: 'delete', label: 'Delete', description: 'Remove menu items'}
-        ]
-    },
-    {
-        key: 'layouts',
-        label: 'Layouts',
-        description: 'Manage page layouts and templates.',
-        icon: 'layout',
-        group: 'Structure',
-        actions: [
-            {key: 'read', label: 'View', description: 'View layouts'},
-            {key: 'create', label: 'Create', description: 'Create new layouts'},
-            {key: 'update', label: 'Edit', description: 'Edit layouts'},
-            {key: 'delete', label: 'Delete', description: 'Delete layouts'}
-        ]
-    },
-    {
-        key: 'collections',
-        label: 'Collections',
-        description: 'Manage data collections and entries.',
-        icon: 'database',
-        group: 'Data',
-        actions: [
-            {key: 'read', label: 'View', description: 'View collection entries'},
-            {key: 'create', label: 'Create', description: 'Create new entries'},
-            {key: 'update', label: 'Edit', description: 'Edit existing entries'},
-            {key: 'delete', label: 'Delete', description: 'Delete entries'}
-        ]
-    },
-    {
-        key: 'views',
-        label: 'Views',
-        description: 'Create and manage data views.',
-        icon: 'eye',
-        group: 'Data',
-        actions: [
-            {key: 'read', label: 'View', description: 'View data views'},
-            {key: 'create', label: 'Create', description: 'Create new views'},
-            {key: 'update', label: 'Edit', description: 'Edit views'},
-            {key: 'delete', label: 'Delete', description: 'Delete views'}
-        ]
-    },
-    {
-        key: 'actions',
-        label: 'Actions',
-        description: 'Configure automated actions.',
-        icon: 'zap',
-        group: 'Data',
-        actions: [
-            {key: 'read', label: 'View', description: 'View automated actions'},
-            {key: 'create', label: 'Create', description: 'Create new actions'},
-            {key: 'update', label: 'Edit', description: 'Edit actions'},
-            {key: 'delete', label: 'Delete', description: 'Delete actions'}
-        ]
-    },
-    {
-        key: 'users',
-        label: 'Users',
-        description: 'Manage user accounts.',
-        icon: 'users',
-        group: 'Configuration',
-        actions: [
-            {key: 'read', label: 'View', description: 'View user accounts'},
-            {key: 'create', label: 'Create', description: 'Create new users'},
-            {key: 'update', label: 'Edit', description: 'Edit user accounts'},
-            {key: 'delete', label: 'Delete', description: 'Delete users'}
-        ]
-    },
-    {
-        key: 'settings',
-        label: 'Settings',
-        description: 'Configure site settings.',
-        icon: 'settings',
-        group: 'Configuration',
-        actions: [
-            {key: 'read', label: 'View', description: 'View site settings'},
-            {key: 'create', label: 'Create', description: 'Add new settings'},
-            {key: 'update', label: 'Edit', description: 'Modify settings'},
-            {key: 'delete', label: 'Delete', description: 'Remove settings'}
-        ]
-    },
-    {
-        key: 'plugins',
-        label: 'Plugins',
-        description: 'Manage CMS plugins.',
-        icon: 'package',
-        group: 'Configuration',
-        actions: [
-            {key: 'read', label: 'View', description: 'View installed plugins'},
-            {key: 'create', label: 'Install', description: 'Install new plugins'},
-            {key: 'update', label: 'Configure', description: 'Configure plugin settings'},
-            {key: 'delete', label: 'Remove', description: 'Remove plugins'}
-        ]
-    }
-]);
-
-/** Derived array of resource key strings — mirrors the old RESOURCES constant. */
-export const RESOURCES = REGISTRY.map(r => r.key);
-
-/** Default CRUD action keys — mirrors the old ACTIONS constant. */
-export const ACTIONS = ['read', 'create', 'update', 'delete'];
-
-/** Display order for permission groups. */
-export const GROUP_ORDER = ['Content', 'Structure', 'Data', 'Configuration'];
-
-/**
- * Return the action keys defined for a given resource.
- * Falls back to the default CRUD set if the resource is not in the registry.
- *
- * @param {string} resourceKey
- * @returns {string[]}
- */
-export function getActionsForResource(resourceKey) {
-    const resource = REGISTRY.find(r => r.key === resourceKey);
-    return resource ? resource.actions.map(a => a.key) : [...ACTIONS];
-}
+/**
+ * Permission Registry
+ * Single source of truth for all resource/action definitions in the CMS.
+ * Adding a new resource or custom action is a one-file change here.
+ *
+ * Plugin-contributed resources live in _pluginContributed and are merged at
+ * call time via getEffectiveRegistry(). The base REGISTRY is never mutated.
+ */
+
+/** @type {Array<{key:string,label:string,description:string,icon:string,group:string,plugin?:string,actions:{key:string,label:string,description:string}[]}>} */
+export const REGISTRY = [
+    {
+        key: 'pages',
+        label: 'Pages',
+        description: 'Manage site pages and their content.',
+        icon: 'file-text',
+        group: 'Content',
+        actions: [
+            {key: 'read', label: 'View', description: 'View pages and their content'},
+            {key: 'create', label: 'Create', description: 'Create new pages'},
+            {key: 'update', label: 'Edit', description: 'Edit existing pages'},
+            {key: 'delete', label: 'Delete', description: 'Delete pages'}
+        ]
+    },
+    {
+        key: 'media',
+        label: 'Media',
+        description: 'Upload and manage media files.',
+        icon: 'image',
+        group: 'Content',
+        actions: [
+            {key: 'read', label: 'View', description: 'View media library'},
+            {key: 'create', label: 'Upload', description: 'Upload new files'},
+            {key: 'update', label: 'Edit', description: 'Rename or update file metadata'},
+            {key: 'delete', label: 'Delete', description: 'Delete media files'}
+        ]
+    },
+    {
+        key: 'blocks',
+        label: 'Blocks',
+        description: 'Manage reusable content blocks.',
+        icon: 'box',
+        group: 'Content',
+        actions: [
+            {key: 'read', label: 'View', description: 'View content blocks'},
+            {key: 'create', label: 'Create', description: 'Create new blocks'},
+            {key: 'update', label: 'Edit', description: 'Edit existing blocks'},
+            {key: 'delete', label: 'Delete', description: 'Delete blocks'}
+        ]
+    },
+    {
+        key: 'navigation',
+        label: 'Navigation',
+        description: 'Configure site navigation menus.',
+        icon: 'menu',
+        group: 'Structure',
+        actions: [
+            {key: 'read', label: 'View', description: 'View navigation menus'},
+            {key: 'create', label: 'Create', description: 'Create new menu items'},
+            {key: 'update', label: 'Edit', description: 'Edit navigation structure'},
+            {key: 'delete', label: 'Delete', description: 'Remove menu items'}
+        ]
+    },
+    {
+        key: 'layouts',
+        label: 'Layouts',
+        description: 'Manage page layouts and templates.',
+        icon: 'layout',
+        group: 'Structure',
+        actions: [
+            {key: 'read', label: 'View', description: 'View layouts'},
+            {key: 'create', label: 'Create', description: 'Create new layouts'},
+            {key: 'update', label: 'Edit', description: 'Edit layouts'},
+            {key: 'delete', label: 'Delete', description: 'Delete layouts'}
+        ]
+    },
+    {
+        key: 'collections',
+        label: 'Collections',
+        description: 'Manage data collections and entries.',
+        icon: 'database',
+        group: 'Data',
+        actions: [
+            {key: 'read', label: 'View', description: 'View collection entries'},
+            {key: 'create', label: 'Create', description: 'Create new entries'},
+            {key: 'update', label: 'Edit', description: 'Edit existing entries'},
+            {key: 'delete', label: 'Delete', description: 'Delete entries'}
+        ]
+    },
+    {
+        key: 'views',
+        label: 'Views',
+        description: 'Create and manage data views.',
+        icon: 'eye',
+        group: 'Data',
+        actions: [
+            {key: 'read', label: 'View', description: 'View data views'},
+            {key: 'create', label: 'Create', description: 'Create new views'},
+            {key: 'update', label: 'Edit', description: 'Edit views'},
+            {key: 'delete', label: 'Delete', description: 'Delete views'}
+        ]
+    },
+    {
+        key: 'actions',
+        label: 'Actions',
+        description: 'Configure automated actions.',
+        icon: 'zap',
+        group: 'Data',
+        actions: [
+            {key: 'read', label: 'View', description: 'View automated actions'},
+            {key: 'create', label: 'Create', description: 'Create new actions'},
+            {key: 'update', label: 'Edit', description: 'Edit actions'},
+            {key: 'delete', label: 'Delete', description: 'Delete actions'}
+        ]
+    },
+    {
+        key: 'users',
+        label: 'Users',
+        description: 'Manage user accounts.',
+        icon: 'users',
+        group: 'Configuration',
+        actions: [
+            {key: 'read', label: 'View', description: 'View user accounts'},
+            {key: 'create', label: 'Create', description: 'Create new users'},
+            {key: 'update', label: 'Edit', description: 'Edit user accounts'},
+            {key: 'delete', label: 'Delete', description: 'Delete users'}
+        ]
+    },
+    {
+        key: 'settings',
+        label: 'Settings',
+        description: 'Configure site settings.',
+        icon: 'settings',
+        group: 'Configuration',
+        actions: [
+            {key: 'read', label: 'View', description: 'View site settings'},
+            {key: 'create', label: 'Create', description: 'Add new settings'},
+            {key: 'update', label: 'Edit', description: 'Modify settings'},
+            {key: 'delete', label: 'Delete', description: 'Remove settings'}
+        ]
+    },
+    {
+        key: 'plugins',
+        label: 'Plugins',
+        description: 'Manage CMS plugins.',
+        icon: 'package',
+        group: 'Configuration',
+        actions: [
+            {key: 'read', label: 'View', description: 'View installed plugins'},
+            {key: 'create', label: 'Install', description: 'Install new plugins'},
+            {key: 'update', label: 'Configure', description: 'Configure plugin settings'},
+            {key: 'delete', label: 'Remove', description: 'Remove plugins'}
+        ]
+    },
+    {
+        key: 'notifications',
+        label: 'Notifications',
+        description: 'View and manage system notifications.',
+        icon: 'bell',
+        group: 'Configuration',
+        actions: [
+            {key: 'read', label: 'View', description: 'View notifications'},
+            {key: 'update', label: 'Dismiss', description: 'Mark notifications as read'},
+            {key: 'delete', label: 'Clear', description: 'Delete notifications'}
+        ]
+    }
+];
+
+/**
+ * Plugin-contributed resources registered at runtime via registerPluginResource().
+ * Cleared on teardown via unregisterPluginResourcesByPlugin().
+ *
+ * @type {Array<{key:string,label:string,description:string,icon:string,group:string,plugin:string,actions:{key:string,label:string,description:string}[]}>}
+ */
+const _pluginContributed = [];
+
+/**
+ * Register a resource contributed by a plugin.
+ * Idempotent — if the key already exists in the effective registry it is skipped.
+ *
+ * @param {{key:string,label:string,description?:string,icon?:string,group?:string,actions?:{key:string,label:string,description?:string}[]}} resource
+ * @param {string} plugin - Plugin name that owns this resource
+ */
+export function registerPluginResource(resource, plugin) {
+    const effective = getEffectiveRegistry();
+    if (effective.some(r => r.key === resource.key)) return;
+
+    _pluginContributed.push({
+        key: resource.key,
+        label: resource.label,
+        description: resource.description || `${resource.label} (${plugin} plugin)`,
+        icon: resource.icon || 'box',
+        group: resource.group || 'Plugins',
+        plugin,
+        actions: resource.actions?.map(a => ({
+            key: a.key,
+            label: a.label,
+            description: a.description || a.label
+        })) ?? ACTIONS.map(key => ({key, label: key, description: key}))
+    });
+}
+
+/**
+ * Remove all resources registered by a given plugin.
+ *
+ * @param {string} plugin - Plugin name
+ */
+export function unregisterPluginResourcesByPlugin(plugin) {
+    let i = _pluginContributed.length;
+    while (i--) {
+        if (_pluginContributed[i].plugin === plugin) {
+            _pluginContributed.splice(i, 1);
+        }
+    }
+}
+
+/**
+ * Return the combined registry: base resources + all plugin-contributed resources.
+ *
+ * @returns {typeof REGISTRY}
+ */
+export function getEffectiveRegistry() {
+    return [...REGISTRY, ..._pluginContributed];
+}
+
+/** Derived array of base resource key strings. */
+export const RESOURCES = REGISTRY.map(r => r.key);
+
+/** Default CRUD action keys. */
+export const ACTIONS = ['read', 'create', 'update', 'delete'];
+
+/** Display order for permission groups. */
+export const GROUP_ORDER = ['Content', 'Structure', 'Data', 'Configuration', 'Plugins'];
+
+/**
+ * Return the action keys defined for a given resource (base or plugin-contributed).
+ * Falls back to the default CRUD set if the resource is not found.
+ *
+ * @param {string} resourceKey
+ * @returns {string[]}
+ */
+export function getActionsForResource(resourceKey) {
+    const resource = getEffectiveRegistry().find(r => r.key === resourceKey);
+    return resource ? resource.actions.map(a => a.key) : [...ACTIONS];
+}