domma-cms 0.2.0 → 0.3.0

package/server/server.js

@@ -15,6 +15,7 @@ import {fileURLToPath} from 'url';
 import {createRequire} from 'module';
 import {config} from './config.js';
 import {registerPlugins} from './services/plugins.js';
+import { seed as seedUserTypes, load as loadUserTypes } from './services/userTypes.js';
 
 const __dirname = path.dirname(fileURLToPath(import.meta.url));
 const ROOT = path.resolve(__dirname, '..');
@@ -84,6 +85,13 @@ await fs.mkdir(usersDir,       { recursive: true });
 await fs.mkdir(collectionsDir, { recursive: true });
 await fs.mkdir(pluginsDir,     { recursive: true });
 
+// ---------------------------------------------------------------------------
+// User Types — seed preset collection + load into cache
+// ---------------------------------------------------------------------------
+
+await seedUserTypes();
+await loadUserTypes();
+
 // Serve uploaded media files
 await app.register(staticPlugin, {
     root: mediaDir,

package/server/services/markdown.js

@@ -6,6 +6,7 @@ import matter from 'gray-matter';
 import {marked} from 'marked';
 import sanitizeHtml from 'sanitize-html';
 import {applyTransforms, getSanitizeExtensions, getShortcodeProcessors} from './hooks.js';
+import {getConfig} from '../config.js';
 
 // Configure marked for safe output
 marked.setOptions({
@@ -136,6 +137,7 @@ function processGridBlocks(markdown) {
       if (attrs.cols) classes.push(`grid-cols-${attrs.cols}`);
       if (attrs.gap) classes.push(`gap-${attrs.gap}`);
       if (attrs.class) classes.push(attrs.class);
+      if (attrs.fullwidth === 'true') classes.push('grid-breakout');
       const id = attrs.id ? ` id="${escapeAttr(attrs.id)}"` : '';
       return `<div class="${classes.join(' ')}"${id}>${inner}</div>\n`;
     }
@@ -466,6 +468,96 @@ function processTableBlocks(markdown) {
  * @param {string} markdown
  * @returns {string}
  */
+/**
+ * Pre-process [spacer] self-closing shortcode.
+ *
+ * Syntax:
+ *   [spacer /]                         - uses defaults from layoutOptions config
+ *   [spacer size="24" /]               - explicit pixel height
+ *   [spacer class="my-gap" /]          - extra CSS class
+ *   [spacer size="16" class="mt-4" /]  - both
+ *
+ * @param {string} markdown
+ * @returns {string}
+ */
+function processSpacerBlocks(markdown) {
+  const opts = getConfig('site')?.layoutOptions ?? {};
+  const defaultSize = opts.spacerSize ?? 8;
+  const defaultClass = opts.spacerClass ?? '';
+  return markdown.replace(
+    /\[spacer([^\]]*?)\/?\]/gi,
+    (_, attrStr) => {
+      const attrs = parseShortcodeAttrs(attrStr || '');
+      const size = parseInt(attrs.size, 10) || defaultSize;
+      const extra = attrs.class || defaultClass;
+      const classes = ['dm-spacer', extra].filter(Boolean).join(' ');
+      return `<div class="${classes}" style="height:${size}px" aria-hidden="true"></div>\n`;
+    }
+  );
+}
+
+/**
+ * Pre-process [icon] self-closing shortcodes before running through marked.
+ *
+ * Syntax:
+ *   [icon name="arrow-right" /]
+ *   [icon name="star" size="24" color="#f59e0b" class="my-icon" /]
+ *
+ * Supported attributes:
+ *   name  - Domma icon name (required). Also accepted as src= for convenience.
+ *   size  - Width and height in px (default: 1em via CSS)
+ *   color - CSS colour applied via style
+ *   class - Extra CSS classes
+ *
+ * @param {string} markdown
+ * @returns {string}
+ */
+function processIconBlocks(markdown) {
+  return markdown.replace(
+    /\[icon([^\]]*?)\/\]/gi,
+    (_, attrStr) => {
+      const attrs = parseShortcodeAttrs(attrStr);
+      const name = attrs.name || attrs.src || '';
+      if (!name) return '';
+      const classes = ['dm-icon', attrs.class].filter(Boolean).join(' ');
+      const sizeAttr = attrs.size ? ` data-icon-size="${parseInt(attrs.size, 10)}"` : '';
+      const colorAttr = attrs.color ? ` data-icon-colour="${escapeAttr(attrs.color)}"` : '';
+      return `<span data-icon="${escapeAttr(name)}" class="${escapeAttr(classes)}"${sizeAttr}${colorAttr}></span>`;
+    }
+  );
+}
+
+/**
+ * Pre-process [form] self-closing shortcodes before running through marked.
+ *
+ * Syntax:
+ *   [form name="contact" /]
+ *   [form name="newsletter" class="my-form" /]
+ *
+ * Supported attributes:
+ *   name  - Form slug as configured in the form-builder (required). Also accepted as slug=.
+ *   class - Extra CSS classes on the wrapper div
+ *   id    - Element id attribute
+ *
+ * The form-builder's injected client script scans for [data-form] and renders the form.
+ *
+ * @param {string} markdown
+ * @returns {string}
+ */
+function processFormBlocks(markdown) {
+  return markdown.replace(
+    /\[form([^\]]*?)\/\]/gi,
+    (_, attrStr) => {
+      const attrs = parseShortcodeAttrs(attrStr);
+      const name = attrs.name || attrs.slug || '';
+      if (!name) return '';
+      const idAttr = attrs.id ? ` id="${escapeAttr(attrs.id)}"` : '';
+      const classAttr = attrs.class ? ` class="${escapeAttr(attrs.class)}"` : '';
+      return `<div data-form="${escapeAttr(name)}"${idAttr}${classAttr}></div>`;
+    }
+  );
+}
+
 function processHeroBlocks(markdown) {
   return markdown.replace(
     /\[hero([^\]]*)\]([\s\S]*?)\[\/hero\]/gi,
@@ -481,6 +573,7 @@ function processHeroBlocks(markdown) {
       const fullwidth = attrs.fullwidth === 'true';
       const cls = attrs.class || '';
       const id = attrs.id || '';
+      const bg = attrs.bg || '';
 
       const classes = ['hero'];
       if (size) classes.push(`hero-${size}`);
@@ -491,7 +584,10 @@ function processHeroBlocks(markdown) {
       if (fullwidth) classes.push('hero-breakout');
       if (cls) classes.push(cls);
 
-      const style = image ? ` style="background-image:url('${escapeAttr(image)}')"` : '';
+      const styleParts = [];
+      if (image) styleParts.push(`background-image:url('${escapeAttr(image)}')`);
+      if (bg) styleParts.push(`background-color:${escapeAttr(bg)}`);
+      const style = styleParts.length ? ` style="${styleParts.join(';')}"` : '';
       const idAttr = id ? ` id="${escapeAttr(id)}"` : '';
 
       const processedBody = processCardBlocks(processGridBlocks(body.trim()));
@@ -590,7 +686,7 @@ export function parseMarkdown(raw) {
 
   // Pipeline:
   // beforeParse → dconfig → plugin shortcodes → tabs → accordion → carousel → countdown
-  //   → hero → grid → card → slideover → marked → sanitize → afterParse
+  //   → spacer → icon → form → hero → grid → card → slideover → marked → sanitize → afterParse
   const preprocessed = applyTransforms('markdown:beforeParse', content);
   const withDconfig = processDConfigBlocks(preprocessed);
   const withPluginShortcodes = processPluginShortcodes(withDconfig);
@@ -598,7 +694,10 @@ export function parseMarkdown(raw) {
   const withAccordion = processAccordionBlocks(withTabs);
   const withCarousel = processCarouselBlocks(withAccordion);
   const withCountdown = processCountdownBlocks(withCarousel);
-  const withHero = processHeroBlocks(withCountdown);
+  const withSpacer = processSpacerBlocks(withCountdown);
+  const withIcon = processIconBlocks(withSpacer);
+  const withForm = processFormBlocks(withIcon);
+  const withHero = processHeroBlocks(withForm);
   const withTable = processTableBlocks(withHero);
   const withGrid = processGridBlocks(withTable);
   const withCard = processCardBlocks(withGrid);

package/server/services/userTypes.js

@@ -0,0 +1,167 @@
+/**
+ * User Types Service
+ * Preset Collection — seeds roles on first startup, caches them in memory.
+ * Auth middleware calls getRoleMap() / getPermissionsFor() at request time.
+ */
+import fs from 'fs/promises';
+import path from 'path';
+import { v4 as uuidv4 } from 'uuid';
+import { config } from '../config.js';
+
+const COLLECTIONS_DIR = path.resolve(config.content.collectionsDir);
+const SLUG            = 'user-types';
+const DIR             = path.join(COLLECTIONS_DIR, SLUG);
+const SCHEMA_PATH     = path.join(DIR, 'schema.json');
+const DATA_PATH       = path.join(DIR, 'data.json');
+
+const RESOURCES = ['pages', 'settings', 'navigation', 'layouts', 'media', 'users', 'plugins', 'collections'];
+
+const PRESET_SCHEMA = {
+    slug:        SLUG,
+    title:       'User Types',
+    description: 'CMS role definitions — managed by the system.',
+    preset:      true,
+    fields: [
+        { name: 'name',        label: 'Name (slug)',  type: 'text',         required: true  },
+        { name: 'label',       label: 'Label',        type: 'text',         required: true  },
+        { name: 'level',       label: 'Level',        type: 'number',       required: true  },
+        { name: 'permissions', label: 'Permissions',  type: 'multi-select', options: RESOURCES },
+        { name: 'badgeClass',  label: 'Badge Class',  type: 'select',
+          options: ['badge-danger','badge-warning','badge-info','badge-secondary','badge-success','badge-primary'] }
+    ],
+    api: {
+        create: { enabled: false, access: 'admin' },
+        read:   { enabled: false, access: 'admin' },
+        update: { enabled: false, access: 'admin' },
+        delete: { enabled: false, access: 'admin' }
+    }
+};
+
+const SEED_ENTRIES = [
+    { name: 'admin',      label: 'Admin',      level: 0, permissions: RESOURCES,                                                              badgeClass: 'badge-danger'    },
+    { name: 'manager',    label: 'Manager',    level: 1, permissions: ['pages','settings','navigation','layouts','media','users','collections'], badgeClass: 'badge-warning'   },
+    { name: 'editor',     label: 'Editor',     level: 2, permissions: ['pages','media'],                                                        badgeClass: 'badge-info'      },
+    { name: 'subscriber', label: 'Subscriber', level: 3, permissions: [],                                                                        badgeClass: 'badge-secondary' }
+];
+
+// ---------------------------------------------------------------------------
+// In-memory cache
+// ---------------------------------------------------------------------------
+
+/** @type {Map<string,{label:string,level:number,badgeClass:string}>} */
+let roleMap = new Map();
+
+/** @type {Map<string,string[]>} */
+let permissionsMap = new Map();
+
+/**
+ * Build in-memory maps from an array of data entries.
+ *
+ * @param {object[]} entries
+ */
+function buildCache(entries) {
+    roleMap        = new Map();
+    permissionsMap = new Map();
+
+    for (const entry of entries) {
+        const d = entry.data;
+        roleMap.set(d.name, { label: d.label, level: d.level, badgeClass: d.badgeClass || '' });
+        for (const resource of (d.permissions || [])) {
+            if (!permissionsMap.has(resource)) permissionsMap.set(resource, []);
+            permissionsMap.get(resource).push(d.name);
+        }
+    }
+}
+
+// ---------------------------------------------------------------------------
+// Public API
+// ---------------------------------------------------------------------------
+
+/**
+ * Seed the preset collection on first startup (no-op if data.json already exists).
+ *
+ * @returns {Promise<void>}
+ */
+export async function seed() {
+    await fs.mkdir(DIR, { recursive: true });
+
+    // Always write schema (overwrite to keep in sync with code)
+    await fs.writeFile(SCHEMA_PATH, JSON.stringify(PRESET_SCHEMA, null, 2) + '\n', 'utf8');
+
+    // Only write data if it doesn't exist yet
+    try {
+        await fs.access(DATA_PATH);
+    } catch {
+        const entries = SEED_ENTRIES.map(data => ({
+            id:        uuidv4(),
+            data,
+            createdAt: new Date().toISOString(),
+            updatedAt: new Date().toISOString()
+        }));
+        await fs.writeFile(DATA_PATH, JSON.stringify(entries, null, 2) + '\n', 'utf8');
+    }
+}
+
+/**
+ * Load the collection from disk into the in-memory cache.
+ *
+ * @returns {Promise<void>}
+ */
+export async function load() {
+    try {
+        const raw     = await fs.readFile(DATA_PATH, 'utf8');
+        const entries = JSON.parse(raw);
+        buildCache(entries);
+    } catch (err) {
+        console.warn('[userTypes] Failed to load user-types collection:', err.message);
+    }
+}
+
+/**
+ * Reload from disk — call after any CRUD on the user-types collection.
+ *
+ * @returns {Promise<void>}
+ */
+export async function invalidate() {
+    await load();
+}
+
+/**
+ * Return the full role map.
+ *
+ * @returns {Map<string,{label:string,level:number,badgeClass:string}>}
+ */
+export function getRoleMap() {
+    return roleMap;
+}
+
+/**
+ * Return the level for a named role, or Infinity if not found.
+ *
+ * @param {string} roleName
+ * @returns {number}
+ */
+export function getRoleLevel(roleName) {
+    return roleMap.get(roleName)?.level ?? Infinity;
+}
+
+/**
+ * Return the role names allowed to access a resource, or [] if resource unknown.
+ *
+ * @param {string} resource
+ * @returns {string[]}
+ */
+export function getPermissionsFor(resource) {
+    return permissionsMap.get(resource) ?? [];
+}
+
+/**
+ * Return role names ordered from most to least privileged.
+ *
+ * @returns {string[]}
+ */
+export function getRoleHierarchy() {
+    return [...roleMap.entries()]
+        .sort((a, b) => a[1].level - b[1].level)
+        .map(([key]) => key);
+}

package/plugins/form-builder/email.js

@@ -1,103 +0,0 @@
-/**
- * Form Builder Plugin — Email Helper
- * Nodemailer transport factory and generic form email sending utility.
- */
-import nodemailer from 'nodemailer';
-
-/**
- * Escape HTML special characters for safe use in email bodies.
- *
- * @param {string} str
- * @returns {string}
- */
-export function escapeHtml(str) {
-    return String(str)
-        .replace(/&/g, '&')
-        .replace(/</g, '&lt;')
-        .replace(/>/g, '&gt;')
-        .replace(/"/g, '&quot;')
-        .replace(/'/g, '&#39;');
-}
-
-/**
- * Create a nodemailer transport.
- * Falls back to an Ethereal test account when no SMTP host is configured.
- *
- * @param {{ host: string, port: number, secure: boolean, user: string, pass: string }} smtp
- * @returns {Promise<import('nodemailer').Transporter>}
- * @throws {Error} If Ethereal test account creation fails.
- */
-export async function createTransport(smtp) {
-    if (smtp?.host) {
-        return nodemailer.createTransport({
-            host: smtp.host,
-            port: smtp.port || 587,
-            secure: smtp.secure || false,
-            auth: smtp.user ? { user: smtp.user, pass: smtp.pass } : undefined
-        });
-    }
-
-    // No SMTP configured — use Ethereal for dev/demo
-    const testAccount = await nodemailer.createTestAccount();
-    console.log('[form-builder] No SMTP configured. Using Ethereal test account:', testAccount.user);
-    return nodemailer.createTransport({
-        host: 'smtp.ethereal.email',
-        port: 587,
-        secure: false,
-        auth: { user: testAccount.user, pass: testAccount.pass }
-    });
-}
-
-/**
- * Send an HTML + plain-text form submission notification email.
- * Builds a generic table of field→value pairs from the submitted data.
- *
- * @param {import('nodemailer').Transporter} transport
- * @param {{ from: string, fromName: string, to: string, subject: string, formTitle: string, fields: Array<{name: string, label: string}>, data: Record<string, unknown> }} opts
- * @returns {Promise<void>}
- * @throws {Error} If sending the email fails.
- */
-export async function sendFormEmail(transport, { from, fromName, to, subject, formTitle, fields, data }) {
-    const rows = fields.map(field => {
-        const val  = data[field.name] ?? '';
-        const safe = escapeHtml(String(val)).replace(/\n/g, '<br>');
-        const safeLabel = escapeHtml(field.label || field.name);
-        return `
-        <tr>
-            <td style="padding:8px 12px;font-weight:600;background:#f9f9f9;border:1px solid #eee;white-space:nowrap;vertical-align:top;">${safeLabel}</td>
-            <td style="padding:8px 12px;border:1px solid #eee;vertical-align:top;">${safe}</td>
-        </tr>`.trim();
-    }).join('\n');
-
-    const plainRows = fields.map(field => {
-        const val = data[field.name] ?? '';
-        return `${field.label || field.name}: ${val}`;
-    }).join('\n');
-
-    const html = `
-<!DOCTYPE html>
-<html>
-<body style="font-family:sans-serif;max-width:640px;margin:0 auto;padding:20px;">
-    <h2 style="color:#333;margin-bottom:4px;">New Form Submission</h2>
-    <p style="color:#888;margin-top:0;font-size:.9rem;">${escapeHtml(formTitle)}</p>
-    <table style="width:100%;border-collapse:collapse;margin-top:16px;">
-        ${rows}
-    </table>
-</body>
-</html>`.trim();
-
-    const text = `New form submission: ${formTitle}\n\n${plainRows}`;
-
-    const info = await transport.sendMail({
-        from: `"${fromName}" <${from}>`,
-        to,
-        subject,
-        text,
-        html
-    });
-
-    const previewUrl = nodemailer.getTestMessageUrl(info);
-    if (previewUrl) {
-        console.log('[form-builder] Email preview URL:', previewUrl);
-    }
-}