domma-cms 0.2.0 → 0.3.0

package/admin/js/api.js

@@ -1,242 +1 @@
-/**
- * Admin API Client
- * Authenticated requests using Bearer tokens with automatic refresh on 401.
- * All existing api.* namespaces are preserved — views need no changes.
- */
-
-const BASE = '/api';
-
-// ---------------------------------------------------------------------------
-// Token helpers
-// ---------------------------------------------------------------------------
-
-function getToken()        { return S.get('auth_token'); }
-function getRefreshToken() { return S.get('auth_refresh_token'); }
-function setToken(t)       { S.set('auth_token', t); }
-function clearAuth() {
-    S.remove('auth_token');
-    S.remove('auth_refresh_token');
-    S.remove('auth_user');
-}
-
-/**
- * Attempt to refresh the access token using the stored refresh token.
- * Clears auth and redirects to login if refresh fails.
- *
- * @returns {Promise<string>} New access token
- */
-async function refreshAccessToken() {
-    const refreshToken = getRefreshToken();
-    if (!refreshToken) throw new Error('No refresh token');
-
-    const res = await fetch(`${BASE}/auth/refresh`, {
-        method: 'POST',
-        headers: { 'Content-Type': 'application/json' },
-        body: JSON.stringify({ refreshToken })
-    });
-
-    if (!res.ok) {
-        clearAuth();
-        R.navigate('/login');
-        throw new Error('Token refresh failed');
-    }
-
-    const { token } = await res.json();
-    setToken(token);
-    return token;
-}
-
-// ---------------------------------------------------------------------------
-// Core request function
-// ---------------------------------------------------------------------------
-
-/**
- * Make an authenticated API request.
- * Automatically retries once after refreshing the access token on 401.
- *
- * @param {string} endpoint
- * @param {RequestInit} options
- * @returns {Promise<any>}
- */
-async function apiRequest(endpoint, options = {}) {
-    let token = getToken();
-
-    const buildHeaders = (t) => ({
-        ...(options.body !== undefined ? { 'Content-Type': 'application/json' } : {}),
-        ...options.headers,
-        ...(t ? { Authorization: `Bearer ${t}` } : {})
-    });
-
-    let res = await fetch(`${BASE}${endpoint}`, { ...options, headers: buildHeaders(token) });
-
-    // On 401, try refreshing once
-    if (res.status === 401 && getRefreshToken()) {
-        try {
-            token = await refreshAccessToken();
-            res = await fetch(`${BASE}${endpoint}`, { ...options, headers: buildHeaders(token) });
-        } catch {
-            return; // Already redirected to login
-        }
-    }
-
-    if (!res.ok) {
-        const body = await res.json().catch(() => ({ error: 'Request failed' }));
-        throw new Error(body.error || body.message || `HTTP ${res.status}`);
-    }
-
-    // 204 No Content
-    if (res.status === 204) return null;
-
-    return res.json();
-}
-
-/**
- * Upload a file with Bearer token (multipart — no Content-Type override).
- *
- * @param {string} endpoint
- * @param {FormData} formData
- * @returns {Promise<any>}
- */
-async function uploadRequest(endpoint, formData) {
-    const token = getToken();
-    const headers = token ? { Authorization: `Bearer ${token}` } : {};
-
-    const res = await fetch(`${BASE}${endpoint}`, { method: 'POST', headers, body: formData });
-    if (!res.ok) {
-        const body = await res.json().catch(() => ({ error: 'Upload failed' }));
-        throw new Error(body.error || body.message || `HTTP ${res.status}`);
-    }
-    return res.json();
-}
-
-// ---------------------------------------------------------------------------
-// Domain API namespaces
-// ---------------------------------------------------------------------------
-
-export const api = {
-    // Auth
-    auth: {
-        setupStatus: () => apiRequest('/auth/setup-status', { method: 'GET' }),
-        setup: (data) => apiRequest('/auth/setup', { method: 'POST', body: JSON.stringify(data) }),
-        login: (data) => apiRequest('/auth/login', { method: 'POST', body: JSON.stringify(data) }),
-        me: () => apiRequest('/auth/me', { method: 'GET' }),
-        refresh: (refreshToken) => apiRequest('/auth/refresh', { method: 'POST', body: JSON.stringify({ refreshToken }) })
-    },
-
-    // Pages
-    pages: {
-        list: () => apiRequest('/pages', { method: 'GET' }),
-        get: (urlPath) => apiRequest(`/pages${urlPath}`, { method: 'GET' }),
-        create: (payload) => apiRequest('/pages', { method: 'POST', body: JSON.stringify(payload) }),
-        update: (urlPath, payload) => apiRequest(`/pages${urlPath}`, { method: 'PUT', body: JSON.stringify(payload) }),
-      delete: (urlPath) => apiRequest(`/pages${urlPath}`, {method: 'DELETE'}),
-      preview: (markdown) => apiRequest('/pages/preview', {method: 'POST', body: JSON.stringify({markdown})})
-    },
-
-    // Settings
-    settings: {
-        get: () => apiRequest('/settings', { method: 'GET' }),
-        save: (data) => apiRequest('/settings', { method: 'PUT', body: JSON.stringify(data) })
-    },
-
-    // Navigation
-    navigation: {
-        get: () => apiRequest('/navigation', { method: 'GET' }),
-        save: (data) => apiRequest('/navigation', { method: 'PUT', body: JSON.stringify(data) })
-    },
-
-    // Layouts (presets)
-    layouts: {
-        get: () => apiRequest('/layouts', { method: 'GET' }),
-        save: (data) => apiRequest('/layouts', { method: 'PUT', body: JSON.stringify(data) })
-    },
-
-    // Media
-    media: {
-        list: () => apiRequest('/media', { method: 'GET' }),
-        upload: (formData) => uploadRequest('/media', formData),
-      delete: (name) => apiRequest(`/media/${encodeURIComponent(name)}`, {method: 'DELETE'}),
-      rename: (name, newName) => apiRequest(`/media/${encodeURIComponent(name)}`, {
-        method: 'PATCH',
-        body: JSON.stringify({newName})
-      }),
-      info: (name) => apiRequest(`/media/${encodeURIComponent(name)}/info`, {method: 'GET'}),
-      transform: (name, body) => apiRequest(`/media/${encodeURIComponent(name)}/transform`, {
-        method: 'POST',
-        body: JSON.stringify(body)
-      }),
-    },
-
-    // Users
-    users: {
-        list: () => apiRequest('/users', { method: 'GET' }),
-        get: (id) => apiRequest(`/users/${id}`, { method: 'GET' }),
-        create: (data) => apiRequest('/users', { method: 'POST', body: JSON.stringify(data) }),
-        update: (id, data) => apiRequest(`/users/${id}`, { method: 'PUT', body: JSON.stringify(data) }),
-        delete: (id) => apiRequest(`/users/${id}`, { method: 'DELETE' })
-    },
-
-    // Plugins
-    plugins: {
-        list: () => apiRequest('/plugins', { method: 'GET' }),
-        update: (name, data) => apiRequest(`/plugins/${name}`, { method: 'PUT', body: JSON.stringify(data) }),
-        adminConfig: () => apiRequest('/plugins/admin-config', { method: 'GET' })
-    },
-
-    // Collections
-    collections: {
-        list:         ()           => apiRequest('/collections', { method: 'GET' }),
-        get:          (slug)       => apiRequest(`/collections/${slug}`, { method: 'GET' }),
-        create:       (data)       => apiRequest('/collections', { method: 'POST', body: JSON.stringify(data) }),
-        update:       (slug, data) => apiRequest(`/collections/${slug}`, { method: 'PUT', body: JSON.stringify(data) }),
-        delete:       (slug)       => apiRequest(`/collections/${slug}`, { method: 'DELETE' }),
-
-        listEntries:  (slug, params = {}) => {
-            const qs = new URLSearchParams(params).toString();
-            return apiRequest(`/collections/${slug}/entries${qs ? '?' + qs : ''}`, { method: 'GET' });
-        },
-        getEntry:     (slug, id)       => apiRequest(`/collections/${slug}/entries/${id}`, { method: 'GET' }),
-        createEntry:  (slug, data)     => apiRequest(`/collections/${slug}/entries`, { method: 'POST', body: JSON.stringify({ data }) }),
-        updateEntry:  (slug, id, data) => apiRequest(`/collections/${slug}/entries/${id}`, { method: 'PUT', body: JSON.stringify({ data }) }),
-        deleteEntry:  (slug, id)       => apiRequest(`/collections/${slug}/entries/${id}`, { method: 'DELETE' }),
-        clearEntries: (slug)           => apiRequest(`/collections/${slug}/entries`, { method: 'DELETE' }),
-
-        import:       (slug, entries)  => apiRequest(`/collections/${slug}/import`, { method: 'POST', body: JSON.stringify({ entries }) }),
-
-        // Public API (no auth needed when collection is public)
-        publicList:   (slug, params = {}) => {
-            const qs = new URLSearchParams(params).toString();
-            return apiRequest(`/collections/${slug}/public${qs ? '?' + qs : ''}`, { method: 'GET' });
-        }
-    },
-
-    // Settings (extended)
-    settingsExt: {
-        testEmail: (to) => apiRequest('/settings/test-email', { method: 'POST', body: JSON.stringify({ to }) })
-    }
-};
-
-// ---------------------------------------------------------------------------
-// Auth state helpers (used by app.js)
-// ---------------------------------------------------------------------------
-
-export function isAuthenticated() {
-    return !!getToken();
-}
-
-export function getUser() {
-    return S.get('auth_user');
-}
-
-export function setAuthData({ token, refreshToken, user }) {
-    if (token)        setToken(token);
-    if (refreshToken) S.set('auth_refresh_token', refreshToken);
-    if (user)         S.set('auth_user', user);
-}
-
-export function logout() {
-    clearAuth();
-    R.navigate('/login');
-}
-
-export {apiRequest};
+const r="/api";function d(){return S.get("auth_token")}function h(){return S.get("auth_refresh_token")}function c(e){S.set("auth_token",e)}function u(){S.remove("auth_token"),S.remove("auth_refresh_token"),S.remove("auth_user")}async function m(){const e=h();if(!e)throw new Error("No refresh token");const o=await fetch(`${r}/auth/refresh`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({refreshToken:e})});if(!o.ok)throw u(),R.navigate("/login"),new Error("Token refresh failed");const{token:n}=await o.json();return c(n),n}async function t(e,o={}){let n=d();const a=i=>({...o.body!==void 0?{"Content-Type":"application/json"}:{},...o.headers,...i?{Authorization:`Bearer ${i}`}:{}});let s=await fetch(`${r}${e}`,{...o,headers:a(n)});if(s.status===401&&h())try{n=await m(),s=await fetch(`${r}${e}`,{...o,headers:a(n)})}catch{return}if(!s.ok){const i=await s.json().catch(()=>({error:"Request failed"}));throw new Error(i.error||i.message||`HTTP ${s.status}`)}return s.status===204?null:s.json()}async function l(e,o){const n=d(),a=n?{Authorization:`Bearer ${n}`}:{},s=await fetch(`${r}${e}`,{method:"POST",headers:a,body:o});if(!s.ok){const i=await s.json().catch(()=>({error:"Upload failed"}));throw new Error(i.error||i.message||`HTTP ${s.status}`)}return s.json()}export const api={auth:{setupStatus:()=>t("/auth/setup-status",{method:"GET"}),setup:e=>t("/auth/setup",{method:"POST",body:JSON.stringify(e)}),login:e=>t("/auth/login",{method:"POST",body:JSON.stringify(e)}),me:()=>t("/auth/me",{method:"GET"}),refresh:e=>t("/auth/refresh",{method:"POST",body:JSON.stringify({refreshToken:e})})},pages:{list:()=>t("/pages",{method:"GET"}),get:e=>t(`/pages${e}`,{method:"GET"}),create:e=>t("/pages",{method:"POST",body:JSON.stringify(e)}),update:(e,o)=>t(`/pages${e}`,{method:"PUT",body:JSON.stringify(o)}),delete:e=>t(`/pages${e}`,{method:"DELETE"}),preview:e=>t("/pages/preview",{method:"POST",body:JSON.stringify({markdown:e})})},settings:{get:()=>t("/settings",{method:"GET"}),save:e=>t("/settings",{method:"PUT",body:JSON.stringify(e)})},navigation:{get:()=>t("/navigation",{method:"GET"}),save:e=>t("/navigation",{method:"PUT",body:JSON.stringify(e)})},layouts:{get:()=>t("/layouts",{method:"GET"}),save:e=>t("/layouts",{method:"PUT",body:JSON.stringify(e)}),getOptions:()=>t("/layouts/options",{method:"GET"}),saveOptions:e=>t("/layouts/options",{method:"PUT",body:JSON.stringify(e)})},media:{list:()=>t("/media",{method:"GET"}),upload:e=>l("/media",e),delete:e=>t(`/media/${encodeURIComponent(e)}`,{method:"DELETE"}),rename:(e,o)=>t(`/media/${encodeURIComponent(e)}`,{method:"PATCH",body:JSON.stringify({newName:o})}),info:e=>t(`/media/${encodeURIComponent(e)}/info`,{method:"GET"}),transform:(e,o)=>t(`/media/${encodeURIComponent(e)}/transform`,{method:"POST",body:JSON.stringify(o)})},users:{list:()=>t("/users",{method:"GET"}),get:e=>t(`/users/${e}`,{method:"GET"}),create:e=>t("/users",{method:"POST",body:JSON.stringify(e)}),update:(e,o)=>t(`/users/${e}`,{method:"PUT",body:JSON.stringify(o)}),delete:e=>t(`/users/${e}`,{method:"DELETE"})},plugins:{list:()=>t("/plugins",{method:"GET"}),update:(e,o)=>t(`/plugins/${e}`,{method:"PUT",body:JSON.stringify(o)}),adminConfig:()=>t("/plugins/admin-config",{method:"GET"})},collections:{list:()=>t("/collections",{method:"GET"}),get:e=>t(`/collections/${e}`,{method:"GET"}),create:e=>t("/collections",{method:"POST",body:JSON.stringify(e)}),update:(e,o)=>t(`/collections/${e}`,{method:"PUT",body:JSON.stringify(o)}),delete:e=>t(`/collections/${e}`,{method:"DELETE"}),listEntries:(e,o={})=>{const n=new URLSearchParams(o).toString();return t(`/collections/${e}/entries${n?"?"+n:""}`,{method:"GET"})},getEntry:(e,o)=>t(`/collections/${e}/entries/${o}`,{method:"GET"}),createEntry:(e,o)=>t(`/collections/${e}/entries`,{method:"POST",body:JSON.stringify({data:o})}),updateEntry:(e,o,n)=>t(`/collections/${e}/entries/${o}`,{method:"PUT",body:JSON.stringify({data:n})}),deleteEntry:(e,o)=>t(`/collections/${e}/entries/${o}`,{method:"DELETE"}),clearEntries:e=>t(`/collections/${e}/entries`,{method:"DELETE"}),import:(e,o)=>t(`/collections/${e}/import`,{method:"POST",body:JSON.stringify({entries:o})}),publicList:(e,o={})=>{const n=new URLSearchParams(o).toString();return t(`/collections/${e}/public${n?"?"+n:""}`,{method:"GET"})}},settingsExt:{testEmail:e=>t("/settings/test-email",{method:"POST",body:JSON.stringify({to:e})})}};export function isAuthenticated(){return!!d()}export function getUser(){return S.get("auth_user")}export function setAuthData({token:e,refreshToken:o,user:n}){e&&c(e),o&&S.set("auth_refresh_token",o),n&&S.set("auth_user",n)}export function logout(){const e=h();e&&fetch(`${r}/auth/logout`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({refreshToken:e})}).catch(()=>{}),u(),R.navigate("/login")}export{t as apiRequest};

package/admin/js/app.js

@@ -1,231 +1,7 @@
-/**
- * Domma CMS Admin - SPA Entry Point
- * Mirrors the domma-board candidate/app.js pattern.
- * Adds JWT auth guard, role-aware sidebar, and dynamic plugin loading.
- */
-import {getSidebarConfig} from './config/sidebar-config.js';
-import {views as coreViews} from './views/index.js';
-import {api, getUser, isAuthenticated, logout} from './api.js';
-
-$(() => {
-    // Fetch admin theme preference from server config; fall back to charcoal-dark
-    (async () => {
-        try {
-            const site = await api.settings.get();
-            Domma.theme.init({ theme: site.adminTheme || 'charcoal-dark', persist: true });
-        } catch {
-            Domma.theme.init({ theme: 'charcoal-dark', persist: true });
-        }
-    })();
-
-    // -------------------------------------------------------------------------
-    // Auth guard — redirect to login unless already on /login
-    // -------------------------------------------------------------------------
-    R.use(async (to, from, next) => {
-        if (to.path === '/login') return next();
-
-        if (!isAuthenticated()) {
-            R.navigate('/login');
-            return;
-        }
-
-        next();
-    });
-
-    // -------------------------------------------------------------------------
-    // Sidebar (role-aware — re-built after login lands on dashboard)
-    // -------------------------------------------------------------------------
-    let sidebar = null;
-
-    async function fetchSidebarCounts() {
-        if (!isAuthenticated()) return {};
-        try {
-            const [pages, media, users, plugins, collections] = await Promise.all([
-                api.pages.list().catch(() => []),
-                api.media.list().catch(() => []),
-                api.users.list().catch(() => []),
-                api.plugins.list().catch(() => []),
-                api.collections.list().catch(() => [])
-            ]);
-            return {
-                pages:       pages.length,
-                media:       media.length,
-                users:       users.length,
-                plugins:     plugins.filter(p => p.enabled).length || plugins.length,
-                collections: collections.length
-            };
-        } catch {
-            return {};
-        }
-    }
-
-    async function buildSidebar(role) {
-        if (sidebar) {
-            $('#admin-sidebar').empty();
-        }
-        const counts = await fetchSidebarCounts();
-        sidebar = Domma.elements.sidebar('#admin-sidebar', {
-            header: { title: 'CMS Admin', icon: 'layout' },
-          items: getSidebarConfig(role, counts, pluginSidebarItems),
-            collapsible: true,
-            collapseAt: 992,
-            push: true,
-            contentSelector: '.dashboard-main',
-            top: '60px'
-        });
-        attachSidebarTooltips();
-        attachCollapsibleHeadings();
-    }
-
-    function attachSidebarTooltips() {
-        $('#admin-sidebar .sidebar-link').each(function () {
-            const label = $(this).find('.sidebar-text').text().trim();
-            if (label) $(this).attr('data-tooltip', label);
-        });
-        E.tooltip('#admin-sidebar [data-tooltip]', { placement: 'right' });
-    }
-
-    function attachCollapsibleHeadings() {
-        $('#admin-sidebar .sidebar-heading').each(function () {
-            const $heading = $(this);
-            $heading.addClass('sidebar-heading--collapsible');
-            $heading.append('<span class="sidebar-heading-toggle"><span data-icon="chevron-down"></span></span>');
-
-            $heading.on('click', function () {
-                const collapsing = !$heading.hasClass('is-collapsed');
-                $heading.toggleClass('is-collapsed', collapsing);
-
-                let $el = $heading.next();
-                while ($el.length && !$el.hasClass('sidebar-heading') && !$el.hasClass('sidebar-divider')) {
-                    $el.toggle(!collapsing);
-                    $el = $el.next();
-                }
-            });
-        });
-
-        Domma.icons.scan('#admin-sidebar');
-    }
-
-    // Build with no role initially (login page has no sidebar)
-    buildSidebar(null);
-
-    // Keep sidebar active item in sync with route
-    M.subscribe('router:afterChange', ({ to }) => {
-        if (sidebar && to.path !== '/login') {
-            sidebar.setActive('#' + to.path);
-        }
-    });
-
-    // -------------------------------------------------------------------------
-    // Router — core routes + login
-    // -------------------------------------------------------------------------
-    const coreRoutes = [
-        { path: '/',               view: 'dashboard',   title: 'Dashboard - Domma CMS' },
-        { path: '/pages',          view: 'pages',        title: 'Pages - Domma CMS' },
-        { path: '/pages/new',      view: 'pageEditor',   title: 'New Page - Domma CMS' },
-        { path: '/pages/edit/*',   view: 'pageEditor',   title: 'Edit Page - Domma CMS' },
-        { path: '/media',          view: 'media',        title: 'Media - Domma CMS' },
-        { path: '/navigation',     view: 'navigation',   title: 'Navigation - Domma CMS' },
-        { path: '/layouts',        view: 'layouts',      title: 'Layouts - Domma CMS' },
-        { path: '/settings',       view: 'settings',     title: 'Settings - Domma CMS' },
-        { path: '/users',          view: 'users',        title: 'Users - Domma CMS' },
-        { path: '/users/new',      view: 'userEditor',   title: 'New User - Domma CMS' },
-        { path: '/users/edit/:id', view: 'userEditor',   title: 'Edit User - Domma CMS' },
-      {path: '/plugins', view: 'plugins', title: 'Plugins - Domma CMS'},
-      {path: '/documentation', view: 'documentation', title: 'Usage - Domma CMS'},
-      {path: '/tutorials', view: 'tutorials', title: 'Tutorials - Domma CMS'},
-      {path: '/collections',              view: 'collections',       title: 'Collections - Domma CMS'},
-      {path: '/collections/new',          view: 'collectionEditor',  title: 'New Collection - Domma CMS'},
-      {path: '/collections/edit/:slug',   view: 'collectionEditor',  title: 'Edit Collection - Domma CMS'},
-      {path: '/collections/:slug/entries',view: 'collectionEntries', title: 'Entries - Domma CMS'},
-        { path: '/login',          view: 'login',        title: 'Sign in - Domma CMS',
-          onEnter: () => {
-              $('#admin-sidebar').hide();
-              $('#admin-topbar').hide();
-          }
-        }
-    ];
-
-    // After login, re-show chrome and rebuild sidebar with correct role
-    M.subscribe('router:afterChange', ({ to, from }) => {
-        if (to.path !== '/login') {
-            $('#admin-sidebar').show();
-            $('#admin-topbar').show();
-            if (from?.path === '/login') {
-                const user = getUser();
-                if (user) buildSidebar(user.role);
-            }
-            injectUserMenu();
-        }
-    });
-
-  // Reveal primary/danger buttons after each view renders
-    M.subscribe('router:afterChange', () => {
-      setTimeout(() => {
-        if ($('.btn-primary, .btn-danger').length) {
-          Domma.effects.reveal('.btn-primary, .btn-danger', {animation: 'fade', stagger: 40, duration: 300});
-        }
-      }, 50);
-    });
-
-  // Collapsible cards — event delegation handles all views including plugins
-  $('#view-container').on('click', '.card-collapsible .card-header', function (e) {
-    if ($(e.target).closest('button, a').length) return;
-    $(this).closest('.card').toggleClass('card-collapsed');
-  });
-
-  // Global Ctrl+S / Cmd+S — click the primary save button in any view
-  document.addEventListener('keydown', (e) => {
-    if (!(e.ctrlKey || e.metaKey) || e.key !== 's') return;
-    if (window.location.hash === '#/login') return;
-    const saveBtn = document.querySelector('#view-container .view-header button.btn-primary');
-    if (saveBtn) {
-      e.preventDefault();
-      saveBtn.click();
-    }
-  });
-
-    // -------------------------------------------------------------------------
-    // Dynamic plugin routes (loaded before R.init)
-    // -------------------------------------------------------------------------
-    const allViews  = { ...coreViews };
-    const allRoutes = [...coreRoutes];
-  let pluginSidebarItems = [];
-
-    async function loadPlugins() {
-        if (!isAuthenticated()) return;
-        try {
-            const pluginConfig = await api.plugins.adminConfig();
-          pluginSidebarItems = pluginConfig.sidebar || [];
-            if (pluginConfig.routes?.length) allRoutes.push(...pluginConfig.routes);
-            for (const [viewName, viewDef] of Object.entries(pluginConfig.views || {})) {
-                try {
-                    const mod = await import(`/plugins/${viewDef.entry}`);
-                    allViews[viewName] = mod[viewDef.exportName];
-                } catch { /* plugin view load failure is non-fatal */ }
-            }
-        } catch { /* plugins endpoint unreachable — continue without plugins */ }
-    }
-
-    // -------------------------------------------------------------------------
-    // Inject user info + sign out into topbar
-    // -------------------------------------------------------------------------
-    function injectUserMenu() {
-        const user = getUser();
-        if (!user) return;
-        if ($('#topbar-user-name').length) return; // already injected
-
-        const roleLabelMap = {
-            admin: 'Admin', manager: 'Manager', editor: 'Editor', subscriber: 'Subscriber'
-        };
-        const roleLabel = roleLabelMap[user.role] || user.role;
-
-        $('#topbar-user').html(`
-            <span id="topbar-user-name" class="topbar-user-name">${escapeHtml(user.name)}</span>
-            <span class="topbar-role-badge topbar-role-badge--${escapeHtml(user.role)}">${roleLabel}</span>
-        `);
-
-        $('#topbar-actions').html(`
+import{getSidebarConfig as S}from"./config/sidebar-config.js";import{views as D}from"./views/index.js";import{api as n,getUser as d,isAuthenticated as r,logout as y}from"./api.js";$(()=>{(async()=>{try{const t=await n.settings.get();Domma.theme.init({theme:t.adminTheme||"charcoal-dark",persist:!0})}catch{Domma.theme.init({theme:"charcoal-dark",persist:!0})}})(),R.use(async(t,a,e)=>{if(t.path==="/login")return e();if(!r()){R.navigate("/login");return}e()});let o=null;async function f(){if(!r())return{};try{const[t,a,e,i,s]=await Promise.all([n.pages.list().catch(()=>[]),n.media.list().catch(()=>[]),n.users.list().catch(()=>[]),n.plugins.list().catch(()=>[]),n.collections.list().catch(()=>[])]);return{pages:t.length,media:a.length,users:e.length,plugins:i.filter(c=>c.enabled).length||i.length,collections:s.length}}catch{return{}}}async function p(t){o&&$("#admin-sidebar").empty();const a=await f();o=Domma.elements.sidebar("#admin-sidebar",{header:{title:"CMS Admin",icon:"layout"},items:S(t,a,u),collapsible:!0,collapseAt:992,push:!0,contentSelector:".dashboard-main",top:"60px"}),w(),v()}function w(){$("#admin-sidebar .sidebar-link").each(function(){const t=$(this).find(".sidebar-text").text().trim();t&&$(this).attr("data-tooltip",t)}),E.tooltip("#admin-sidebar [data-tooltip]",{placement:"right"})}function v(){$("#admin-sidebar .sidebar-heading").each(function(){const t=$(this);t.addClass("sidebar-heading--collapsible"),t.append('<span class="sidebar-heading-toggle"><span data-icon="chevron-down"></span></span>'),t.on("click",function(){const a=!t.hasClass("is-collapsed");t.toggleClass("is-collapsed",a);let e=t.next();for(;e.length&&!e.hasClass("sidebar-heading")&&!e.hasClass("sidebar-divider");)e.toggle(!a),e=e.next()})}),Domma.icons.scan("#admin-sidebar")}M.subscribe("router:afterChange",({to:t})=>{o&&t.path!=="/login"&&o.setActive("#"+t.path)});const C=[{path:"/",view:"dashboard",title:"Dashboard - Domma CMS"},{path:"/pages",view:"pages",title:"Pages - Domma CMS"},{path:"/pages/new",view:"pageEditor",title:"New Page - Domma CMS"},{path:"/pages/edit/*",view:"pageEditor",title:"Edit Page - Domma CMS"},{path:"/media",view:"media",title:"Media - Domma CMS"},{path:"/navigation",view:"navigation",title:"Navigation - Domma CMS"},{path:"/layouts",view:"layouts",title:"Layouts - Domma CMS"},{path:"/settings",view:"settings",title:"Settings - Domma CMS"},{path:"/users",view:"users",title:"Users - Domma CMS"},{path:"/users/new",view:"userEditor",title:"New User - Domma CMS"},{path:"/users/edit/:id",view:"userEditor",title:"Edit User - Domma CMS"},{path:"/plugins",view:"plugins",title:"Plugins - Domma CMS"},{path:"/documentation",view:"documentation",title:"Usage - Domma CMS"},{path:"/tutorials",view:"tutorials",title:"Tutorials - Domma CMS"},{path:"/collections",view:"collections",title:"Collections - Domma CMS"},{path:"/collections/new",view:"collectionEditor",title:"New Collection - Domma CMS"},{path:"/collections/edit/:slug",view:"collectionEditor",title:"Edit Collection - Domma CMS"},{path:"/collections/:slug/entries",view:"collectionEntries",title:"Entries - Domma CMS"},{path:"/login",view:"login",title:"Sign in - Domma CMS",onEnter:()=>{$("#admin-sidebar").hide(),$("#admin-topbar").hide()}}];M.subscribe("router:afterChange",async({to:t,from:a})=>{if(t.path!=="/login"){if($("#admin-sidebar").show(),$("#admin-topbar").show(),a?.path==="/login"){await g();const e=d();e&&p(e.role)}h()}}),M.subscribe("router:afterChange",()=>{setTimeout(()=>{$(".btn-primary, .btn-danger").length&&Domma.effects.reveal(".btn-primary, .btn-danger",{animation:"fade",stagger:40,duration:300})},50)}),$("#view-container").on("click",".card-collapsible .card-header",function(t){$(t.target).closest("button, a").length||$(this).closest(".card").toggleClass("card-collapsed")}),document.addEventListener("keydown",t=>{if(!(t.ctrlKey||t.metaKey)||t.key!=="s"||window.location.hash==="#/login")return;const a=document.querySelector("#view-container .view-header button.btn-primary");a&&(t.preventDefault(),a.click())});const m={...D},l=[...C];let u=[];async function g(){if(r())try{const t=await n.plugins.adminConfig();u=t.sidebar||[],t.routes?.length&&l.push(...t.routes);for(const[a,e]of Object.entries(t.views||{}))try{const i=await import(`/plugins/${e.entry}`);m[a]=i[e.exportName]}catch{}}catch{}}function h(){const t=d();if(!t||$("#topbar-user-name").length)return;const e={admin:"Admin",manager:"Manager",editor:"Editor",subscriber:"Subscriber"}[t.role]||t.role;$("#topbar-user").html(`
+            <span id="topbar-user-name" class="topbar-user-name">${b(t.name)}</span>
+            <span class="topbar-role-badge topbar-role-badge--${b(t.role)}">${e}</span>
+        `),$("#topbar-actions").html(`
             <a href="#/settings" class="topbar-action-link" data-tooltip="Settings" data-tooltip-placement="bottom">
                 <span data-icon="settings"></span>
                 <span>Settings</span>
@@ -234,54 +10,4 @@ $(() => {
                 <span data-icon="log-out"></span>
                 <span>Sign out</span>
             </a>
-        `);
-
-        $('#topbar-logout-btn').on('click', (e) => { e.preventDefault(); logout(); });
-        Domma.icons.scan('#admin-topbar');
-        E.tooltip('#topbar-actions [data-tooltip]', { placement: 'bottom' });
-    }
-
-    function escapeHtml(str) {
-        return String(str)
-            .replace(/&/g, '&amp;')
-            .replace(/</g, '&lt;')
-            .replace(/>/g, '&gt;');
-    }
-
-    // -------------------------------------------------------------------------
-    // Boot sequence
-    // -------------------------------------------------------------------------
-    (async () => {
-        await loadPlugins();
-
-        const user = getUser();
-        if (user) {
-            await buildSidebar(user.role);
-            injectUserMenu();
-        }
-
-        R.init({
-            container: '#view-container',
-            routes: allRoutes,
-            views: allViews,
-            default: '/',
-            transitions: { enter: 'fadeIn', leave: 'fadeOut', duration: 150 }
-        });
-
-        // Patch Domma router to support /* wildcard routes (multi-segment catch-all)
-        const origExtract = R._extractParams.bind(R);
-        R._extractParams = function(routePath, actualPath) {
-            if (routePath.endsWith('/*')) {
-                const prefix = routePath.slice(0, -2);
-                return actualPath.startsWith(prefix + '/') ? {} : null;
-            }
-            return origExtract(routePath, actualPath);
-        };
-        // Only re-trigger if the current URL needs the wildcard patch (e.g. /pages/edit/about)
-        const currentPath = (window.location.hash || '#/').slice(1) || '/';
-        const needsWildcard = allRoutes
-            .filter(r => r.path.endsWith('/*'))
-            .some(r => currentPath.startsWith(r.path.slice(0, -2) + '/'));
-        if (needsWildcard) R._handleRouteChange();
-    })();
-});
+        `),$("#topbar-logout-btn").on("click",i=>{i.preventDefault(),y()}),Domma.icons.scan("#admin-topbar"),E.tooltip("#topbar-actions [data-tooltip]",{placement:"bottom"})}function b(t){return String(t).replace(/&/g,"&amp;").replace(/</g,"&lt;").replace(/>/g,"&gt;")}(async()=>{if(!r())window.location.hash="#/login";else{await g();const i=d();i&&(await p(i.role),h())}R.init({container:"#view-container",routes:l,views:m,default:"/",transitions:{enter:"fadeIn",leave:"fadeOut",duration:150}});const t=R._extractParams.bind(R);R._extractParams=function(i,s){if(i.endsWith("/*")){const c=i.slice(0,-2);return s.startsWith(c+"/")?{}:null}return t(i,s)};const a=(window.location.hash||"#/").slice(1)||"/";l.filter(i=>i.path.endsWith("/*")).some(i=>a.startsWith(i.path.slice(0,-2)+"/"))&&R._handleRouteChange()})()});