domma-cms 0.22.5 → 0.23.0

package/server/routes/api/projects.js

@@ -5,9 +5,9 @@
  * GET    /api/projects/:slug                 — full project
  * POST   /api/projects                       — create
  * PUT    /api/projects/:slug                 — edit (slug immutable)
- * DELETE /api/projects/:slug                 — delete (409 if any artefacts tagged)
+ * DELETE /api/projects/:slug                 — delete (403 for core; 409 if any artefacts tagged)
  * GET    /api/projects/:slug/artefacts       — grouped artefacts
- * POST   /api/projects/:slug/untag-all       — escape hatch before delete
+ * POST   /api/projects/:slug/untag-all       — escape hatch before delete (403 for core)
  *
  * Auth middlewares are accepted as DI options so tests can supply no-ops.
  */
@@ -16,6 +16,7 @@ import {
     requirePermission as defaultRequirePermission
 } from '../../middleware/auth.js';
 import {
+    CORE_PROJECT_SLUG,
     createProject,
     deleteProject,
     getArtefactsForProject,
@@ -76,6 +77,9 @@ export async function projectsRoutes(fastify, opts = {}) {
     });
 
     fastify.delete('/projects/:slug', canDelete, async (request, reply) => {
+        if (request.params.slug === CORE_PROJECT_SLUG) {
+            return reply.status(403).send({error: 'Cannot delete the core project'});
+        }
         const grouped = await getArtefactsForProject(request.params.slug);
         const total = Object.values(grouped).reduce((sum, arr) => sum + arr.length, 0);
         if (total > 0) {
@@ -98,6 +102,9 @@ export async function projectsRoutes(fastify, opts = {}) {
     });
 
     fastify.post('/projects/:slug/untag-all', canDelete, async (request, reply) => {
+        if (request.params.slug === CORE_PROJECT_SLUG) {
+            return reply.status(403).send({error: 'Cannot untag the core project — artefacts would immediately resolve back to it'});
+        }
         if (!(await getProject(request.params.slug))) {
             return reply.status(404).send({error: 'Project not found'});
         }

package/server/server.js

@@ -22,6 +22,7 @@ import {getLoadedPlugins, getPluginSettings, registerPlugins} from './services/p
 import {load as loadRoles, seed as seedRoles} from './services/roles.js';
 import {ensureAllProfiles, seed as seedUserProfiles} from './services/userProfiles.js';
 import {seedAll as seedPresetCollections} from './services/presetCollections.js';
+import {seedCoreProject} from './services/projects.js';
 import {seedDefaultBlocks} from './services/blocks.js';
 import {seedDefaultComponents} from './services/components.js';
 import {refreshComponentTagAllowlist} from './services/markdown.js';
@@ -184,6 +185,7 @@ await loadRoles();
 await seedUserProfiles();
 await ensureAllProfiles();
 await seedPresetCollections();
+await seedCoreProject();
 await seedDefaultBlocks();
 await seedDefaultComponents();
 await refreshComponentTagAllowlist();

package/server/services/forms.js

@@ -1,255 +1,345 @@
-/**
- * Core Forms Service
- * CRUD operations for form definitions stored in content/forms/.
- * Submissions are stored exclusively in Collections (slug matching form slug).
- */
-import fs from 'fs/promises';
-import path from 'path';
-import {fileURLToPath} from 'url';
-import * as cache from './cache/index.js';
-
-const __dirname = path.dirname(fileURLToPath(import.meta.url));
-const ROOT      = path.resolve(__dirname, '..', '..');
-export const FORMS_DIR = path.join(ROOT, 'content', 'forms');
-
-/**
- * Ensure the forms directory exists.
- *
- * @returns {Promise<void>}
- */
-export async function ensureFormsDir() {
-    await fs.mkdir(FORMS_DIR, { recursive: true });
-}
-
-/**
- * Read a single form definition by slug.
- *
- * @param {string} slug
- * @returns {Promise<object>}
- * @throws {Error} If the form file does not exist or cannot be parsed.
- */
-export async function readForm(slug) {
-    const file = path.join(FORMS_DIR, `${slug}.json`);
-    return JSON.parse(await fs.readFile(file, 'utf8'));
-}
-
-/**
- * Write a form definition to disk.
- *
- * @param {string} slug
- * @param {object} data
- * @returns {Promise<void>}
- */
-export async function writeForm(slug, data) {
-    await ensureFormsDir();
-    const file = path.join(FORMS_DIR, `${slug}.json`);
-    await fs.writeFile(file, JSON.stringify(data, null, 4) + '\n', 'utf8');
-    await cache.invalidateTags([`form:${slug}`]);
-}
-
-/**
- * List all form definitions.
- *
- * @returns {Promise<object[]>}
- */
-export async function listForms() {
-    let entries;
-    try {
-        entries = await fs.readdir(FORMS_DIR);
-    } catch {
-        return [];
-    }
-    const forms = [];
-    for (const entry of entries.filter(e => e.endsWith('.json'))) {
-        try {
-            const data = JSON.parse(await fs.readFile(path.join(FORMS_DIR, entry), 'utf8'));
-            forms.push(data);
-        } catch {
-            // skip malformed
-        }
-    }
-    return forms;
-}
-
-/**
- * Delete a form definition by slug.
- *
- * @param {string} slug
- * @returns {Promise<void>}
- * @throws {Error} If the form file does not exist.
- */
-export async function deleteForm(slug) {
-    await fs.unlink(path.join(FORMS_DIR, `${slug}.json`));
-    await cache.invalidateTags([`form:${slug}`]);
-}
-
-/**
- * Convert a string to a URL-friendly slug.
- *
- * @param {string} str
- * @returns {string}
- */
-export function slugify(str) {
-    return str.toLowerCase().replace(/[^a-z0-9]+/g, '-').replace(/^-|-$/g, '');
-}
-
-/**
- * Get a single form definition by slug (alias for readForm).
- *
- * @param {string} slug
- * @returns {Promise<object>}
- * @throws {Error} If the form file does not exist or cannot be parsed.
- */
-export async function getForm(slug) {
-    return readForm(slug);
-}
-
-/**
- * Create a new form definition and write it to disk.
- *
- * @param {object} data - Form definition data
- * @param {string} data.title - Form title (required if no slug)
- * @param {string} [data.slug] - Explicit slug (derived from title if omitted)
- * @param {string} [data.description]
- * @param {Array}  [data.fields]
- * @param {object} [data.settings]
- * @param {object} [data.actions]
- * @returns {Promise<object>} The created form object
- * @throws {Error} If title is missing, slug cannot be derived, or a form with the slug already exists.
- */
-export async function createForm(data) {
-    const { title, slug: rawSlug, description = '', fields = [], settings = {}, actions = {}, plugin } = data || {};
-
-    if (!title?.trim() && !rawSlug?.trim()) {
-        throw new Error('A title or slug is required to create a form.');
-    }
-
-    const slug = rawSlug ? slugify(rawSlug) : slugify(title);
-    if (!slug) {
-        throw new Error('Could not derive a valid slug from the provided title or slug.');
-    }
-
-    // Throw if a form with this slug already exists
-    try {
-        await readForm(slug);
-        const err = new Error(`Form with slug "${slug}" already exists`);
-        err.code = 'FORM_ALREADY_EXISTS';
-        throw err;
-    } catch (err) {
-        if (err.code === 'FORM_ALREADY_EXISTS') throw err;
-        // File not found — safe to proceed
-    }
-
-    const now = new Date().toISOString();
-    const trimmedTitle = title ? title.trim() : slug;
-
-    const form = {
-        slug,
-        title: trimmedTitle,
-        description,
-        ...(plugin ? {plugin} : {}),
-        fields: Array.isArray(fields) ? fields : [],
-        settings: {
-            submitText: 'Submit',
-            successMessage: 'Thank you for your submission.',
-            layout: 'stacked',
-            honeypot: true,
-            rateLimitPerMinute: 3,
-            ...settings
-        },
-        actions: {
-            email:      { enabled: false, recipients: '', subjectPrefix: `[${trimmedTitle}]` },
-            webhook:    { enabled: false, url: '', method: 'POST' },
-            collection: { enabled: true, slug },
-            ...actions
-        },
-        createdAt: now,
-        updatedAt: now
-    };
-
-    await writeForm(slug, form);
-    return form;
-}
-
-/** System collections that should never have an auto-generated public form. */
-const NO_FORM_SLUGS = new Set(['roles', 'user-profiles']);
-
-/**
- * Collection field type → form field type mapping.
- *
- * @param {string} type
- * @returns {string}
- */
-function toFormFieldType(type) {
-    const map = {
-        string: 'string', text: 'string', email: 'email', tel: 'tel',
-        number: 'number', textarea: 'textarea', select: 'select', radio: 'radio',
-        checkbox: 'checkbox', 'checkbox-group': 'checkbox-group',
-        date: 'date', time: 'time', url: 'url', hidden: 'hidden'
-    };
-    return map[type] || 'string';
-}
-
-/**
- * Build a form definition object from a collection schema.
- *
- * @param {object} schema - Collection schema
- * @returns {object} Form definition
- */
-function buildFormFromCollection(schema) {
-    const now = new Date().toISOString();
-    const fields = (schema.fields || []).map(f => {
-        const field = {
-            name: f.name,
-            type: toFormFieldType(f.type),
-            label: f.label || f.name,
-            required: !!f.required,
-            placeholder: f.placeholder || '',
-            helper: f.helper || '',
-            tooltip: f.tooltip || ''
-        };
-        if (f.options) field.options = f.options;
-        if (f.validation) field.validation = f.validation;
-        return field;
-    });
-
-    return {
-        slug: schema.slug,
-        title: schema.title,
-        description: schema.description || '',
-        fields,
-        settings: {
-            submitText: 'Submit',
-            successMessage: 'Thank you for your submission.',
-            layout: 'stacked',
-            honeypot: true,
-            rateLimitPerMinute: 5
-        },
-        actions: {
-            email: {enabled: false, recipients: '', subjectPrefix: `[${schema.slug}]`},
-            webhook: {enabled: false, url: '', method: 'POST'},
-            collection: {enabled: true, slug: schema.slug}
-        },
-        createdAt: now,
-        updatedAt: now
-    };
-}
-
-/**
- * Ensure a form exists for the given collection schema.
- * Creates the form only if absent — never overwrites an existing one.
- * Skips system collections (roles, user-profiles).
- *
- * @param {object} schema - Collection schema
- * @returns {Promise<void>}
- */
-export async function ensureFormForCollection(schema) {
-    if (NO_FORM_SLUGS.has(schema.slug)) return;
-    await ensureFormsDir();
-    const filePath = path.join(FORMS_DIR, `${schema.slug}.json`);
-    try {
-        await fs.access(filePath);
-    } catch {
-        await writeForm(schema.slug, buildFormFromCollection(schema));
-    }
-}
+/**
+ * Core Forms Service
+ * CRUD operations for form definitions stored in content/forms/.
+ * Submissions are stored exclusively in Collections (slug matching form slug).
+ */
+import fs from 'fs/promises';
+import path from 'path';
+import {fileURLToPath} from 'url';
+import * as cache from './cache/index.js';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const ROOT      = path.resolve(__dirname, '..', '..');
+export const FORMS_DIR = path.join(ROOT, 'content', 'forms');
+
+/**
+ * Ensure the forms directory exists.
+ *
+ * @returns {Promise<void>}
+ */
+export async function ensureFormsDir() {
+    await fs.mkdir(FORMS_DIR, { recursive: true });
+}
+
+/**
+ * Read a single form definition by slug.
+ *
+ * @param {string} slug
+ * @returns {Promise<object>}
+ * @throws {Error} If the form file does not exist or cannot be parsed.
+ */
+export async function readForm(slug) {
+    const file = path.join(FORMS_DIR, `${slug}.json`);
+    return JSON.parse(await fs.readFile(file, 'utf8'));
+}
+
+/**
+ * Write a form definition to disk.
+ *
+ * @param {string} slug
+ * @param {object} data
+ * @returns {Promise<void>}
+ */
+export async function writeForm(slug, data) {
+    await ensureFormsDir();
+    const file = path.join(FORMS_DIR, `${slug}.json`);
+    await fs.writeFile(file, JSON.stringify(data, null, 4) + '\n', 'utf8');
+    await cache.invalidateTags([`form:${slug}`]);
+}
+
+/**
+ * List all form definitions.
+ *
+ * @returns {Promise<object[]>}
+ */
+export async function listForms() {
+    let entries;
+    try {
+        entries = await fs.readdir(FORMS_DIR);
+    } catch {
+        return [];
+    }
+    const forms = [];
+    for (const entry of entries.filter(e => e.endsWith('.json'))) {
+        try {
+            const data = JSON.parse(await fs.readFile(path.join(FORMS_DIR, entry), 'utf8'));
+            forms.push(data);
+        } catch {
+            // skip malformed
+        }
+    }
+    return forms;
+}
+
+/**
+ * Delete a form definition by slug.
+ *
+ * @param {string} slug
+ * @returns {Promise<void>}
+ * @throws {Error} If the form file does not exist.
+ */
+export async function deleteForm(slug) {
+    await fs.unlink(path.join(FORMS_DIR, `${slug}.json`));
+    await cache.invalidateTags([`form:${slug}`]);
+}
+
+/**
+ * Convert a string to a URL-friendly slug.
+ *
+ * @param {string} str
+ * @returns {string}
+ */
+export function slugify(str) {
+    return str.toLowerCase().replace(/[^a-z0-9]+/g, '-').replace(/^-|-$/g, '');
+}
+
+/**
+ * Get a single form definition by slug (alias for readForm).
+ *
+ * @param {string} slug
+ * @returns {Promise<object>}
+ * @throws {Error} If the form file does not exist or cannot be parsed.
+ */
+export async function getForm(slug) {
+    return readForm(slug);
+}
+
+/**
+ * Create a new form definition and write it to disk.
+ *
+ * @param {object} data - Form definition data
+ * @param {string} data.title - Form title (required if no slug)
+ * @param {string} [data.slug] - Explicit slug (derived from title if omitted)
+ * @param {string} [data.description]
+ * @param {Array}  [data.fields]
+ * @param {object} [data.settings]
+ * @param {object} [data.actions]
+ * @returns {Promise<object>} The created form object
+ * @throws {Error} If title is missing, slug cannot be derived, or a form with the slug already exists.
+ */
+export async function createForm(data) {
+    const { title, slug: rawSlug, description = '', fields = [], settings = {}, actions = {}, plugin } = data || {};
+
+    if (!title?.trim() && !rawSlug?.trim()) {
+        throw new Error('A title or slug is required to create a form.');
+    }
+
+    const slug = rawSlug ? slugify(rawSlug) : slugify(title);
+    if (!slug) {
+        throw new Error('Could not derive a valid slug from the provided title or slug.');
+    }
+
+    // Throw if a form with this slug already exists
+    try {
+        await readForm(slug);
+        const err = new Error(`Form with slug "${slug}" already exists`);
+        err.code = 'FORM_ALREADY_EXISTS';
+        throw err;
+    } catch (err) {
+        if (err.code === 'FORM_ALREADY_EXISTS') throw err;
+        // File not found — safe to proceed
+    }
+
+    const now = new Date().toISOString();
+    const trimmedTitle = title ? title.trim() : slug;
+
+    const form = {
+        slug,
+        title: trimmedTitle,
+        description,
+        ...(plugin ? {plugin} : {}),
+        fields: Array.isArray(fields) ? fields : [],
+        settings: {
+            submitText: 'Submit',
+            successMessage: 'Thank you for your submission.',
+            layout: 'stacked',
+            honeypot: true,
+            rateLimitPerMinute: 3,
+            ...settings
+        },
+        actions: {
+            email:      { enabled: false, recipients: '', subjectPrefix: `[${trimmedTitle}]` },
+            webhook:    { enabled: false, url: '', method: 'POST' },
+            collection: { enabled: true, slug },
+            ...actions
+        },
+        createdAt: now,
+        updatedAt: now
+    };
+
+    await writeForm(slug, form);
+    return form;
+}
+
+/** System collections that should never have an auto-generated public form. */
+const NO_FORM_SLUGS = new Set(['roles', 'user-profiles']);
+
+/**
+ * Collection field type → form field type mapping.
+ *
+ * @param {string} type
+ * @returns {string}
+ */
+function toFormFieldType(type) {
+    const map = {
+        string: 'string', text: 'string', email: 'email', tel: 'tel',
+        number: 'number', textarea: 'textarea', select: 'select', radio: 'radio',
+        checkbox: 'checkbox', 'checkbox-group': 'checkbox-group',
+        date: 'date', time: 'time', url: 'url', hidden: 'hidden'
+    };
+    return map[type] || 'string';
+}
+
+/**
+ * Build a form definition object from a collection schema.
+ *
+ * @param {object} schema - Collection schema
+ * @returns {object} Form definition
+ */
+function buildFormFromCollection(schema) {
+    const now = new Date().toISOString();
+    const fields = (schema.fields || []).map(f => {
+        const field = {
+            name: f.name,
+            type: toFormFieldType(f.type),
+            label: f.label || f.name,
+            required: !!f.required,
+            placeholder: f.placeholder || '',
+            helper: f.helper || '',
+            tooltip: f.tooltip || ''
+        };
+        if (f.options) field.options = f.options;
+        if (f.validation) field.validation = f.validation;
+        return field;
+    });
+
+    return {
+        slug: schema.slug,
+        title: schema.title,
+        description: schema.description || '',
+        fields,
+        settings: {
+            submitText: 'Submit',
+            successMessage: 'Thank you for your submission.',
+            layout: 'stacked',
+            honeypot: true,
+            rateLimitPerMinute: 5
+        },
+        actions: {
+            email: {enabled: false, recipients: '', subjectPrefix: `[${schema.slug}]`},
+            webhook: {enabled: false, url: '', method: 'POST'},
+            collection: {enabled: true, slug: schema.slug}
+        },
+        createdAt: now,
+        updatedAt: now
+    };
+}
+
+/**
+ * Ensure a form exists for the given collection schema.
+ * Creates the form only if absent — never overwrites an existing one.
+ * Skips system collections (roles, user-profiles).
+ *
+ * @param {object} schema - Collection schema
+ * @returns {Promise<void>}
+ */
+export async function ensureFormForCollection(schema) {
+    if (NO_FORM_SLUGS.has(schema.slug)) return;
+    await ensureFormsDir();
+    const filePath = path.join(FORMS_DIR, `${schema.slug}.json`);
+    try {
+        await fs.access(filePath);
+    } catch {
+        await writeForm(schema.slug, buildFormFromCollection(schema));
+    }
+}
+
+/** Form field types that are presentational only and store no value. */
+const NON_DATA_FIELD_TYPES = new Set(['page-break', 'spacer', 'heading', 'paragraph', 'html']);
+
+/**
+ * Form field type → collection field type. Mostly an identity mapping; a form's
+ * field types are a superset of (and align with) collection field types.
+ *
+ * @param {string} type
+ * @returns {string}
+ */
+function toCollectionFieldType(type) {
+    const map = {
+        string: 'string', email: 'email', tel: 'tel', number: 'number',
+        textarea: 'textarea', select: 'select', radio: 'radio',
+        checkbox: 'checkbox', 'checkbox-group': 'checkbox-group',
+        date: 'date', time: 'time', url: 'url', hidden: 'hidden'
+    };
+    return map[type] || 'string';
+}
+
+/**
+ * Ensure the collection that backs a form's submissions exists.
+ *
+ * This is the inverse of {@link ensureFormForCollection}. A form whose
+ * `collection` action points at a slug that was never created is permanently
+ * broken: listing submissions 404s and — worse — every public submission is
+ * rejected and lost. Provisioning the collection from the form's own fields
+ * makes such forms self-heal instead of silently dropping data.
+ *
+ * Creates the collection only if absent — never overwrites an existing one.
+ * No-op when the form disables collection storage.
+ *
+ * @param {object} form - Form definition
+ * @returns {Promise<object|null>} The existing or newly created collection schema, or null when not applicable.
+ */
+export async function ensureCollectionForForm(form) {
+    if (!form || typeof form !== 'object') return null;
+
+    const action = form.actions?.collection;
+    // Respect an explicitly disabled collection store — nothing to provision.
+    if (action && action.enabled === false) return null;
+
+    const targetSlug = (action && action.slug) ? action.slug : form.slug;
+    if (!targetSlug) return null;
+
+    // Dynamic import avoids a forms ↔ collections module cycle at load time.
+    const { getCollection, createCollection } = await import('./collections.js');
+
+    const existing = await getCollection(targetSlug);
+    if (existing) return existing;
+
+    const fields = (form.fields || [])
+        .filter(f => f && f.name && !NON_DATA_FIELD_TYPES.has(f.type))
+        .map(f => {
+            const field = {
+                name: f.name,
+                type: toCollectionFieldType(f.type),
+                label: f.label || f.name,
+                required: !!f.required
+            };
+            if (f.options) field.options = f.options;
+            if (f.validation) field.validation = f.validation;
+            return field;
+        });
+
+    try {
+        return await createCollection({
+            title: form.title || targetSlug,
+            slug: targetSlug,
+            description: form.description || `Submissions for the "${form.title || targetSlug}" form.`,
+            fields,
+            // Submissions can contain PII — lock the backing collection to admin
+            // access so it is never exposed through the public collections API.
+            // (Mirrors the access config the POST /forms create path applies.)
+            api: {
+                create: { enabled: false, access: 'admin' },
+                read:   { enabled: true,  access: 'admin' },
+                update: { enabled: false, access: 'admin' },
+                delete: { enabled: false, access: 'admin' }
+            },
+            meta: { generatedFromForm: form.slug }
+        });
+    } catch (err) {
+        // Lost a race with a concurrent provision (EEXIST) — re-read and use it.
+        const now = await getCollection(targetSlug);
+        if (now) return now;
+        throw err;
+    }
+}

package/server/services/plugins.js

@@ -64,7 +64,7 @@ const _loadedPlugins = {};
  * Core plugins — always loaded regardless of plugins.json enabled state.
  * These are considered first-class CMS features, not optional add-ons.
  */
-const CORE_PLUGINS = new Set();
+const CORE_PLUGINS = new Set(['analytics']);
 
 /**
  * Scan the plugins/ directory and return all valid manifests.
@@ -222,9 +222,12 @@ export async function registerPlugins(fastify) {
             // reads plugin nav from /api/sidebar/registered-items; plugins
             // declare their nav in the manifest rather than calling
             // registerSidebarItem, so register it here on their behalf.
+            // Tag each item with the plugin's core status so the admin sidebar
+            // can auto-group it: core plugins → Tools folder, optional → Plugins.
+            const isCore = CORE_PLUGINS.has(manifest.name);
             for (const item of manifest.admin?.sidebar || []) {
                 try {
-                    registerSidebarItem({item});
+                    registerSidebarItem({item: {...item, core: isCore}});
                 } catch (err) {
                     fastify.log.warn(`[plugins] sidebar item for "${manifest.name}" skipped: ${err.message}`);
                 }