domma-cms 0.23.0 → 0.25.0

package/server/routes/api/settings.js

@@ -1,141 +1,141 @@
-/**
- * Settings API
- * GET  /api/settings            - get site settings
- * PUT  /api/settings            - save site settings
- * POST /api/settings/test-email - send a test email using stored SMTP config
- */
-import {getConfig, saveConfig} from '../../config.js';
-import {authenticate, requirePermission} from '../../middleware/auth.js';
-import nodemailer from 'nodemailer';
-import fs from 'fs/promises';
-import path from 'path';
-import {fileURLToPath} from 'url';
-import * as cache from '../../services/cache/index.js';
-
-const __dirname = path.dirname(fileURLToPath(import.meta.url));
-const CUSTOM_CSS_FILE = path.resolve(__dirname, '../../../content/custom.css');
-const CONNECTIONS_FILE = path.resolve(__dirname, '../../../config/connections.json');
-const CUSTOM_CSS_MAX = 100 * 1024; // 100 KB
-
-export async function settingsRoutes(fastify) {
-    const canRead = {preHandler: [authenticate, requirePermission('settings', 'read')]};
-    const canUpdate = {preHandler: [authenticate, requirePermission('settings', 'update')]};
-
-    fastify.get('/settings', canRead, async (request, reply) => {
-        const config = getConfig('site');
-        const safeConfig = { ...config };
-        if (safeConfig.smtp) {
-            safeConfig.smtp = { ...safeConfig.smtp, pass: '' };
-        }
-        return reply.send(safeConfig);
-    });
-
-    fastify.put('/settings', canUpdate, async (request, reply) => {
-        const data = request.body;
-        if (!data || typeof data !== 'object') {
-            return reply.status(400).send({ error: 'Invalid settings data' });
-        }
-        const ALLOWED_KEYS = new Set([
-            'title', 'tagline', 'description', 'logo', 'favicon',
-            'theme', 'adminTheme', 'fontFamily', 'fontSize',
-            'smtp', 'footer', 'analytics', 'social', 'locale',
-            'layoutOptions', 'seo', 'backToTop', 'cookieConsent', 'breadcrumbs', 'autoTheme',
-            'adminBrand'
-        ]);
-        const unknownKeys = Object.keys(data).filter(k => !ALLOWED_KEYS.has(k));
-        if (unknownKeys.length > 0) {
-            return reply.status(400).send({ error: `Unknown settings keys: ${unknownKeys.join(', ')}` });
-        }
-        // Merge incoming data with existing config so partial updates (e.g. just adminBrand)
-        // don't wipe unrelated keys. Nested objects get a shallow merge so sub-fields are
-        // preserved even when only some sub-fields are sent.
-        const existing = getConfig('site');
-        const merged = {...existing};
-        for (const [k, v] of Object.entries(data)) {
-            const isPlainObject = v !== null && typeof v === 'object' && !Array.isArray(v);
-            const existingIsPlainObject = existing[k] !== null && typeof existing[k] === 'object' && !Array.isArray(existing[k]);
-            if (isPlainObject && existingIsPlainObject) {
-                merged[k] = {...existing[k], ...v};
-            } else {
-                merged[k] = v;
-            }
-        }
-        // Never erase smtp.pass with the empty string that the GET endpoint injects for safety
-        if (merged.smtp && merged.smtp.pass === '' && existing.smtp?.pass) {
-            merged.smtp = {...merged.smtp, pass: existing.smtp.pass};
-        }
-        saveConfig('site', merged);
-        await cache.invalidateTags(['site']);
-        return { success: true };
-    });
-
-    fastify.post('/settings/test-email', canRead, async (request, reply) => {
-        const smtp = getConfig('site')?.smtp;
-        if (!smtp?.host) {
-            return reply.status(400).send({ error: 'SMTP is not configured. Save your SMTP settings first.' });
-        }
-
-        const transporter = nodemailer.createTransport({
-            host:   smtp.host,
-            port:   smtp.port || 587,
-            secure: smtp.secure || false,
-            auth:   smtp.user ? { user: smtp.user, pass: smtp.pass } : undefined
-        });
-
-        const to = request.body?.to || smtp.fromAddress;
-        if (!to) {
-            return reply.status(400).send({ error: 'No recipient address. Provide "to" in the request body or set a From Address.' });
-        }
-
-        try {
-            await transporter.sendMail({
-                from:    smtp.fromName ? `"${smtp.fromName}" <${smtp.fromAddress}>` : smtp.fromAddress,
-                to,
-                subject: 'Domma CMS — Test Email',
-                text:    'This is a test email sent from Domma CMS to verify your SMTP configuration.',
-                html:    '<p>This is a test email sent from <strong>Domma CMS</strong> to verify your SMTP configuration.</p>'
-            });
-            return { success: true, message: `Test email sent to ${to}` };
-        } catch (err) {
-            return reply.status(500).send({ error: `Failed to send email: ${err.message}` });
-        }
-    });
-
-    // GET /api/settings/db-status — returns whether MongoDB connections are configured
-    fastify.get('/settings/db-status', canRead, async () => {
-        try {
-            const raw = await fs.readFile(CONNECTIONS_FILE, 'utf8');
-            const connections = JSON.parse(raw);
-            const names = Object.keys(connections).filter(k =>
-                connections[k]?.type === 'mongodb' && connections[k]?.uri
-            );
-            return {configured: names.length > 0, connections: names};
-        } catch {
-            return {configured: false, connections: []};
-        }
-    });
-
-    // GET /api/settings/custom-css — return current CSS as JSON
-    fastify.get('/settings/custom-css', canUpdate, async () => {
-        try {
-            const css = await fs.readFile(CUSTOM_CSS_FILE, 'utf8');
-            return { css };
-        } catch {
-            return { css: '' };
-        }
-    });
-
-    // PUT /api/settings/custom-css — save CSS to content/custom.css
-    fastify.put('/settings/custom-css', canUpdate, async (request, reply) => {
-        const { css } = request.body || {};
-        if (typeof css !== 'string') {
-            return reply.status(400).send({ error: 'css must be a string.' });
-        }
-        if (Buffer.byteLength(css, 'utf8') > CUSTOM_CSS_MAX) {
-            return reply.status(400).send({ error: 'CSS exceeds the 100 KB limit.' });
-        }
-        await fs.writeFile(CUSTOM_CSS_FILE, css, 'utf8');
-        await cache.invalidateTags(['site']);
-        return { success: true };
-    });
-}
+/**
+ * Settings API
+ * GET  /api/settings            - get site settings
+ * PUT  /api/settings            - save site settings
+ * POST /api/settings/test-email - send a test email using stored SMTP config
+ */
+import {getConfig, saveConfig} from '../../config.js';
+import {authenticate, requirePermission} from '../../middleware/auth.js';
+import nodemailer from 'nodemailer';
+import fs from 'fs/promises';
+import path from 'path';
+import {fileURLToPath} from 'url';
+import * as cache from '../../services/cache/index.js';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const CUSTOM_CSS_FILE = path.resolve(__dirname, '../../../content/custom.css');
+const CONNECTIONS_FILE = path.resolve(__dirname, '../../../config/connections.json');
+const CUSTOM_CSS_MAX = 100 * 1024; // 100 KB
+
+export async function settingsRoutes(fastify) {
+    const canRead = {preHandler: [authenticate, requirePermission('settings', 'read')]};
+    const canUpdate = {preHandler: [authenticate, requirePermission('settings', 'update')]};
+
+    fastify.get('/settings', canRead, async (request, reply) => {
+        const config = getConfig('site');
+        const safeConfig = { ...config };
+        if (safeConfig.smtp) {
+            safeConfig.smtp = { ...safeConfig.smtp, pass: '' };
+        }
+        return reply.send(safeConfig);
+    });
+
+    fastify.put('/settings', canUpdate, async (request, reply) => {
+        const data = request.body;
+        if (!data || typeof data !== 'object') {
+            return reply.status(400).send({ error: 'Invalid settings data' });
+        }
+        const ALLOWED_KEYS = new Set([
+            'title', 'tagline', 'description', 'logo', 'favicon',
+            'theme', 'adminTheme', 'fontFamily', 'fontSize',
+            'smtp', 'footer', 'analytics', 'social', 'locale',
+            'layoutOptions', 'seo', 'backToTop', 'cookieConsent', 'breadcrumbs', 'autoTheme',
+            'adminBrand'
+        ]);
+        const unknownKeys = Object.keys(data).filter(k => !ALLOWED_KEYS.has(k));
+        if (unknownKeys.length > 0) {
+            return reply.status(400).send({ error: `Unknown settings keys: ${unknownKeys.join(', ')}` });
+        }
+        // Merge incoming data with existing config so partial updates (e.g. just adminBrand)
+        // don't wipe unrelated keys. Nested objects get a shallow merge so sub-fields are
+        // preserved even when only some sub-fields are sent.
+        const existing = getConfig('site');
+        const merged = {...existing};
+        for (const [k, v] of Object.entries(data)) {
+            const isPlainObject = v !== null && typeof v === 'object' && !Array.isArray(v);
+            const existingIsPlainObject = existing[k] !== null && typeof existing[k] === 'object' && !Array.isArray(existing[k]);
+            if (isPlainObject && existingIsPlainObject) {
+                merged[k] = {...existing[k], ...v};
+            } else {
+                merged[k] = v;
+            }
+        }
+        // Never erase smtp.pass with the empty string that the GET endpoint injects for safety
+        if (merged.smtp && merged.smtp.pass === '' && existing.smtp?.pass) {
+            merged.smtp = {...merged.smtp, pass: existing.smtp.pass};
+        }
+        saveConfig('site', merged);
+        await cache.invalidateTags(['site']);
+        return { success: true };
+    });
+
+    fastify.post('/settings/test-email', canRead, async (request, reply) => {
+        const smtp = getConfig('site')?.smtp;
+        if (!smtp?.host) {
+            return reply.status(400).send({ error: 'SMTP is not configured. Save your SMTP settings first.' });
+        }
+
+        const transporter = nodemailer.createTransport({
+            host:   smtp.host,
+            port:   smtp.port || 587,
+            secure: smtp.secure || false,
+            auth:   smtp.user ? { user: smtp.user, pass: smtp.pass } : undefined
+        });
+
+        const to = request.body?.to || smtp.fromAddress;
+        if (!to) {
+            return reply.status(400).send({ error: 'No recipient address. Provide "to" in the request body or set a From Address.' });
+        }
+
+        try {
+            await transporter.sendMail({
+                from:    smtp.fromName ? `"${smtp.fromName}" <${smtp.fromAddress}>` : smtp.fromAddress,
+                to,
+                subject: 'Domma CMS — Test Email',
+                text:    'This is a test email sent from Domma CMS to verify your SMTP configuration.',
+                html:    '<p>This is a test email sent from <strong>Domma CMS</strong> to verify your SMTP configuration.</p>'
+            });
+            return { success: true, message: `Test email sent to ${to}` };
+        } catch (err) {
+            return reply.status(500).send({ error: `Failed to send email: ${err.message}` });
+        }
+    });
+
+    // GET /api/settings/db-status — returns whether MongoDB connections are configured
+    fastify.get('/settings/db-status', canRead, async () => {
+        try {
+            const raw = await fs.readFile(CONNECTIONS_FILE, 'utf8');
+            const connections = JSON.parse(raw);
+            const names = Object.keys(connections).filter(k =>
+                connections[k]?.type === 'mongodb' && connections[k]?.uri
+            );
+            return {configured: names.length > 0, connections: names};
+        } catch {
+            return {configured: false, connections: []};
+        }
+    });
+
+    // GET /api/settings/custom-css — return current CSS as JSON
+    fastify.get('/settings/custom-css', canUpdate, async () => {
+        try {
+            const css = await fs.readFile(CUSTOM_CSS_FILE, 'utf8');
+            return { css };
+        } catch {
+            return { css: '' };
+        }
+    });
+
+    // PUT /api/settings/custom-css — save CSS to content/custom.css
+    fastify.put('/settings/custom-css', canUpdate, async (request, reply) => {
+        const { css } = request.body || {};
+        if (typeof css !== 'string') {
+            return reply.status(400).send({ error: 'css must be a string.' });
+        }
+        if (Buffer.byteLength(css, 'utf8') > CUSTOM_CSS_MAX) {
+            return reply.status(400).send({ error: 'CSS exceeds the 100 KB limit.' });
+        }
+        await fs.writeFile(CUSTOM_CSS_FILE, css, 'utf8');
+        await cache.invalidateTags(['site']);
+        return { success: true };
+    });
+}