domma-cms 0.10.0 → 0.13.0

package/server/server.js

@@ -17,7 +17,7 @@ import fs from 'fs/promises';
 import {fileURLToPath} from 'url';
 import {createRequire} from 'module';
 import {config, getConfig} from './config.js';
-import {registerPlugins} from './services/plugins.js';
+import {getLoadedPlugins, getPluginSettings, registerPlugins} from './services/plugins.js';
 import {load as loadRoles, seed as seedRoles} from './services/roles.js';
 import {ensureAllProfiles, seed as seedUserProfiles} from './services/userProfiles.js';
 import {seedAll as seedPresetCollections} from './services/presetCollections.js';
@@ -44,6 +44,13 @@ if (!JWT_SECRET || JWT_SECRET === 'CHANGE_ME' || JWT_SECRET.length < 32) {
     process.exit(1);
 }
 
+// MANAGER_SECRET is optional — only needed when domma-cms-manager pushes notifications.
+// Warn if set but insecure; silently accept if absent (manager push is disabled).
+const MANAGER_SECRET = process.env.MANAGER_SECRET;
+if (MANAGER_SECRET && MANAGER_SECRET.length < 32) {
+    console.warn('  WARNING: MANAGER_SECRET is set but too short (minimum 32 characters). Manager notifications disabled until fixed.');
+}
+
 const app = Fastify({
     logger: {level: process.env.NODE_ENV === 'development' ? 'info' : 'warn'},
     // When running behind a reverse proxy (e.g. domma-cms-manager), trust the
@@ -227,7 +234,8 @@ const { layoutsRoutes }    = await import('./routes/api/layouts.js');
 const { navigationRoutes } = await import('./routes/api/navigation.js');
 const { mediaRoutes }      = await import('./routes/api/media.js');
 const { usersRoutes }      = await import('./routes/api/users.js');
-const { pluginsRoutes }     = await import('./routes/api/plugins.js');
+const { pluginsRoutes }            = await import('./routes/api/plugins.js');
+const { pluginMarketplaceRoutes }  = await import('./routes/api/plugin-marketplace.js');
 const { collectionsRoutes } = await import('./routes/api/collections.js');
 const { formsRoutes }       = await import('./routes/api/forms.js');
 const { viewsRoutes }       = await import('./routes/api/views.js');
@@ -242,7 +250,8 @@ await app.register(layoutsRoutes,     { prefix: '/api' });
 await app.register(navigationRoutes,  { prefix: '/api' });
 await app.register(mediaRoutes,       { prefix: '/api' });
 await app.register(usersRoutes,       { prefix: '/api' });
-await app.register(pluginsRoutes,     { prefix: '/api' });
+await app.register(pluginsRoutes,            { prefix: '/api' });
+await app.register(pluginMarketplaceRoutes,  { prefix: '/api' });
 await app.register(collectionsRoutes, { prefix: '/api' });
 await app.register(formsRoutes,       { prefix: '/api' });
 await app.register(viewsRoutes,       { prefix: '/api' });
@@ -257,6 +266,26 @@ await app.register(effectsRoutes, {prefix: '/api'});
 
 await registerPlugins(app);
 
+// ---------------------------------------------------------------------------
+// Public Plugin Routes (root-level, before catch-all)
+// ---------------------------------------------------------------------------
+
+const { authenticate: _authenticate, requireAdmin: _requireAdmin, requireVisibility: _requireVisibility } = await import('./middleware/auth.js');
+for (const [name, plugin] of Object.entries(getLoadedPlugins())) {
+    if (!plugin.enabled || !plugin.publicEntry) continue;
+    try {
+        const { default: publicPlugin } = await import(plugin.publicEntry);
+        const settings = await getPluginSettings(name);
+        await app.register(publicPlugin, {
+            settings,
+            auth: { authenticate: _authenticate, requireAdmin: _requireAdmin, requireVisibility: _requireVisibility },
+            config: getConfig()
+        });
+    } catch (err) {
+        app.log.error(`[plugins] Failed to register public plugin ${name}: ${err.message}`);
+    }
+}
+
 // ---------------------------------------------------------------------------
 // Public Site (catch-all — must be last)
 // ---------------------------------------------------------------------------

package/server/services/actions.js

@@ -265,7 +265,7 @@ export async function createAction(data, userId = null) {
         },
         steps,
         access: {
-            roles: access?.roles || ['admin'],
+            roles: access?.roles || ['admin', 'super-admin'],
             rowLevel: access?.rowLevel || null
         },
         meta: { createdAt: now, updatedAt: now, createdBy: userId }

package/server/services/managerClient.js

@@ -0,0 +1,182 @@
+/**
+ * Client for outbound calls from domma-cms → domma-cms-manager.
+ * Reads MANAGER_URL and INSTANCE_SECRET from env at call time.
+ * All functions return null/[] gracefully if MANAGER_URL is unset.
+ */
+
+import {createHmac} from 'node:crypto';
+import {readFile} from 'node:fs/promises';
+import {fileURLToPath} from 'node:url';
+import {dirname, join} from 'node:path';
+
+const __dirname = dirname(fileURLToPath(import.meta.url));
+
+/**
+ * Read the CMS version from the root package.json.
+ * @returns {Promise<string>} The version string, or '0.0.0' on error.
+ */
+async function getCmsVersion() {
+    try {
+        const pkgPath = join(__dirname, '../../package.json');
+        const raw = await readFile(pkgPath, 'utf-8');
+        return JSON.parse(raw).version ?? '0.0.0';
+    } catch {
+        return '0.0.0';
+    }
+}
+
+/**
+ * Register this CMS instance with domma-cms-manager.
+ *
+ * @param {string} fingerprint - Unique instance fingerprint.
+ * @returns {Promise<{licenseToken: string, instanceId: string}|null>}
+ */
+export async function registerInstance(fingerprint) {
+    const MANAGER_URL = process.env.MANAGER_URL;
+    const INSTANCE_SECRET = process.env.INSTANCE_SECRET;
+
+    if (!MANAGER_URL) return null;
+    if (!INSTANCE_SECRET) {
+        console.warn('[managerClient] INSTANCE_SECRET not set — skipping registerInstance');
+        return null;
+    }
+
+    try {
+        const cmsVersion = await getCmsVersion();
+        const hostname = process.env.HOSTNAME ?? 'unknown';
+
+        const token = createHmac('sha256', INSTANCE_SECRET)
+            .update(fingerprint)
+            .digest('hex');
+
+        const res = await fetch(`${MANAGER_URL}/api/instances/register`, {
+            signal: AbortSignal.timeout(10_000),
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                'X-Instance-Token': token,
+            },
+            body: JSON.stringify({ fingerprint, cmsVersion, hostname }),
+        });
+
+        if (!res.ok) {
+            console.warn(`[managerClient] registerInstance failed: ${res.status} ${res.statusText}`);
+            return null;
+        }
+
+        return await res.json();
+    } catch (err) {
+        console.warn('[managerClient] registerInstance error:', err.message);
+        return null;
+    }
+}
+
+/**
+ * Fetch the plugin catalogue from domma-cms-manager.
+ *
+ * @param {string} licenseToken - License token obtained from registerInstance.
+ * @returns {Promise<Array<{slug: string, version: string, displayName: string, description: string, price: number, entitled: boolean}>>}
+ */
+export async function fetchCatalogue(licenseToken) {
+    const MANAGER_URL = process.env.MANAGER_URL;
+
+    if (!MANAGER_URL) return [];
+
+    try {
+        const res = await fetch(`${MANAGER_URL}/api/plugins/catalogue`, {
+            signal: AbortSignal.timeout(10_000),
+            headers: {
+                Authorization: `Bearer ${licenseToken}`,
+            },
+        });
+
+        if (!res.ok) {
+            console.warn(`[managerClient] fetchCatalogue failed: ${res.status} ${res.statusText}`);
+            return [];
+        }
+
+        return await res.json();
+    } catch (err) {
+        console.warn('[managerClient] fetchCatalogue error:', err.message);
+        return [];
+    }
+}
+
+/**
+ * Fetch a plugin bundle (tarball + signature) from domma-cms-manager.
+ *
+ * @param {string} slug - Plugin slug.
+ * @param {string} version - Plugin version.
+ * @param {string} licenseToken - License token obtained from registerInstance.
+ * @returns {Promise<{tarball: Buffer, signature: string, publicKeyId: string}|null>}
+ */
+export async function fetchPluginBundle(slug, version, licenseToken) {
+    const MANAGER_URL = process.env.MANAGER_URL;
+
+    if (!MANAGER_URL) return null;
+
+    try {
+        const res = await fetch(`${MANAGER_URL}/api/plugins/install/${slug}/${version}`, {
+            signal: AbortSignal.timeout(10_000),
+            headers: {
+                Authorization: `Bearer ${licenseToken}`,
+            },
+        });
+
+        if (!res.ok) {
+            console.warn(`[managerClient] fetchPluginBundle failed: ${res.status} ${res.statusText}`);
+            return null;
+        }
+
+        const json = await res.json();
+
+        if (typeof json.tarball !== 'string' || json.tarball.length > 100 * 1024 * 1024) {
+            console.warn('[managerClient] fetchPluginBundle: tarball too large or invalid, refusing decode');
+            return null;
+        }
+
+        return {
+            tarball: Buffer.from(json.tarball, 'base64'),
+            signature: json.signature,
+            publicKeyId: json.publicKeyId,
+        };
+    } catch (err) {
+        console.warn('[managerClient] fetchPluginBundle error:', err.message);
+        return null;
+    }
+}
+
+/**
+ * Send a heartbeat to domma-cms-manager with the list of installed plugins.
+ *
+ * @param {string} licenseToken - License token obtained from registerInstance.
+ * @param {string[]} installedSlugs - Array of installed plugin slugs.
+ * @returns {Promise<boolean>} True on success, false on error.
+ */
+export async function heartbeat(licenseToken, installedSlugs) {
+    const MANAGER_URL = process.env.MANAGER_URL;
+
+    if (!MANAGER_URL) return false;
+
+    try {
+        const res = await fetch(`${MANAGER_URL}/api/instances/heartbeat`, {
+            signal: AbortSignal.timeout(10_000),
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                Authorization: `Bearer ${licenseToken}`,
+            },
+            body: JSON.stringify({ installedSlugs, versions: {} }),
+        });
+
+        if (!res.ok) {
+            console.warn(`[managerClient] heartbeat failed: ${res.status} ${res.statusText}`);
+            return false;
+        }
+
+        return true;
+    } catch (err) {
+        console.warn('[managerClient] heartbeat error:', err.message);
+        return false;
+    }
+}

package/server/services/markdown.js

@@ -80,7 +80,16 @@ function renderCollectionBlocks(entries, blockTemplate, emptyMsg, ctaOpts, cols)
     }
 
     const items = entries.map(e => {
-        let html = blockTemplate.replace(/\{\{([\w_]+)\}\}/g, (_, key) => {
+        // Triple-brace `{{{field}}}` — raw HTML pass-through (no escape).
+        // Use for fields that contain pre-rendered HTML (bullet lists, code
+        // blocks, embedded elements). Must be processed BEFORE double-brace
+        // so the outer `{` and `}` of a triple match aren't consumed by the
+        // double-brace regex.
+        let html = blockTemplate.replace(/\{\{\{(\w+)\}\}\}/g, (_, key) => {
+            return String(e.data?.[key] ?? '');
+        });
+        // Double-brace `{{field}}` — HTML-escaped (default, safe).
+        html = html.replace(/\{\{([\w_]+)\}\}/g, (_, key) => {
             if (key === '_id') return escapeHtmlText(e.id ?? '');
             if (key === '_createdAt') return escapeHtmlText(e.meta?.createdAt ?? '');
             if (key === '_updatedAt') return escapeHtmlText(e.meta?.updatedAt ?? '');
@@ -107,7 +116,9 @@ function renderCollectionBlocks(entries, blockTemplate, emptyMsg, ctaOpts, cols)
 }
 
 function renderBlockFromAttrs(tmpl, attrs) {
-    const rendered = tmpl.replace(/\{\{([\w_]+)\}\}/g, (_, key) => escapeHtmlText(attrs[key] ?? ''));
+    // Triple-brace raw pass-through first, then double-brace escaped.
+    let rendered = tmpl.replace(/\{\{\{(\w+)\}\}\}/g, (_, key) => String(attrs[key] ?? ''));
+    rendered = rendered.replace(/\{\{([\w_]+)\}\}/g, (_, key) => escapeHtmlText(attrs[key] ?? ''));
     const extraClass = attrs.class ? ` ${escapeAttr(attrs.class)}` : '';
     const idAttr = attrs.id ? ` id="${escapeAttr(attrs.id)}"` : '';
     return `<div class="dm-static-block${extraClass}"${idAttr}>${rendered}</div>`;
@@ -442,6 +453,22 @@ async function processCollectionBlocks(markdown) {
             if (!schema) throw new Error('not found');
 
             let {entries} = await listEntries(slug);
+
+            // Row-level filter: where="field=value" (simple equality only).
+            // Comma-separate multiple predicates, all AND'd together.
+            // Example: where="tab=developers" or where="tab=developers,status=live"
+            const whereAttr = typeof attrs.where === 'string' ? attrs.where.trim() : '';
+            if (whereAttr) {
+                const predicates = whereAttr.split(',').map(p => p.trim()).filter(Boolean).map(p => {
+                    const eq = p.indexOf('=');
+                    if (eq === -1) return null;
+                    return { key: p.slice(0, eq).trim(), val: p.slice(eq + 1).trim() };
+                }).filter(Boolean);
+                if (predicates.length) {
+                    entries = entries.filter(e => predicates.every(({key, val}) => String(e.data?.[key] ?? '') === val));
+                }
+            }
+
             entries = sortEntries(entries, sort, order);
             if (limitAttr > 0) entries = entries.slice(0, limitAttr);
 
@@ -755,7 +782,12 @@ function processGridBlocks(markdown) {
       const attrs = parseShortcodeAttrs(attrStr);
         const cls = attrs.span ? ` class="col-span-${attrs.span}"` : ' class="col"';
       const id = attrs.id ? ` id="${escapeAttr(attrs.id)}"` : '';
-      return `<div${cls}${id}>${marked.parse(processCardBlocks(body.trim()))}</div>`;
+      // Restore the col body before passing it downstream — otherwise the
+      // scrub placeholders from this processor's store get carried into
+      // processCardBlocks, which creates its own empty store and fails to
+      // decode them, producing the literal string "undefined" in place of
+      // whatever was in <pre>, ``` fences, or `inline code`.
+      return `<div${cls}${id}>${marked.parse(processCardBlocks(restore(body.trim())))}</div>`;
     }
   );
 
@@ -1345,16 +1377,14 @@ function renderLegacyCard(attrs, body, markedInstance, escAttr) {
     const icon = strAttr('icon');
     const footer = strAttr('footer');
     const collapsible = attrs.collapsible === 'true';
-    const hover = 'hover' in attrs;
     const variant = strAttr('variant');
-    const extraClass = strAttr('class');
 
-    // Root class list
-    const classes = ['card', 'mb-4'];
+    // Root class list — delegate to the shared helper so variant="gradient",
+    // gradient="<name>", glass/accent/dark/glow, font, shadow, rounded, etc.
+    // all work on legacy cards (cards without a `layout` attribute).
+    const classes = cardVariantClasses(attrs);
+    // Preserve legacy support for variant="primary" (not handled by cardVariantClasses).
     if (variant === 'primary') classes.push('card-primary');
-    if (hover) classes.push('card-hover');
-    if (collapsible) classes.push('card-collapsible');
-    if (extraClass) classes.push(extraClass);
 
     const id = attrs.id ? ` id="${escAttr(attrs.id)}"` : '';
     const coll = collapsible ? ' data-collapsible="true"' : '';
@@ -1440,9 +1470,16 @@ function processCardBlocks(markdown) {
             const attrs = parseShortcodeAttrs(attrStr);
             const layout = typeof attrs.layout === 'string' ? attrs.layout.trim() : '';
             const renderer = LAYOUT_RENDERERS[layout];
+            // Restore code regions INSIDE the card body before rendering so
+            // marked can process fenced code blocks (```lang ... ```) normally.
+            // Without this, the body contains placeholder tokens that marked
+            // wraps in <p>, and the outer restore() call then substitutes raw
+            // backticks into the <p>, producing literal '```json' text and
+            // collapsing the HTML on any inline-backtick template literal.
+            const restoredBody = restore(body);
             return renderer
-                ? renderer(attrs, body, marked, escapeAttr)
-                : renderLegacyCard(attrs, body, marked, escapeAttr);
+                ? renderer(attrs, restoredBody, marked, escapeAttr)
+                : renderLegacyCard(attrs, restoredBody, marked, escapeAttr);
     }
   ));
 }
@@ -1865,8 +1902,9 @@ function processTextBlocks(markdown) {
             styles.push('font-style:italic');
         }
 
-        if (attrs.color) {
-            styles.push(`color:${COLOR_TOKENS[attrs.color] || attrs.color}`);
+        const colourVal = attrs.colour || attrs.color;
+        if (colourVal) {
+            styles.push(`color:${COLOR_TOKENS[colourVal] || colourVal}`);
         }
 
         if (attrs.font && FONT_MAP[attrs.font]) {