domma-cms 0.24.0 → 0.25.1

package/server/services/apiTokens.js

@@ -22,6 +22,15 @@ const LAST_USED_THROTTLE_MS = 60_000;
 /** In-memory hash → entry cache; null = needs rebuild. */
 let tokenCache = null;
 
+/**
+ * Serialises this service's fire-and-forget writes (the throttled lastUsedAt
+ * update) against its mutations. FileAdapter does unlocked read-modify-write,
+ * so an in-flight lastUsedAt update that read the data file BEFORE a revoke
+ * wrote it would write the revoked token straight back — resurrection.
+ * Mutations await the chain; lastUsedAt updates append to it.
+ */
+let writeChain = Promise.resolve();
+
 function invalidateCache() {
     tokenCache = null;
 }
@@ -178,7 +187,10 @@ export async function validateToken(plaintext) {
         // updateEntry replaces data wholesale — pass the full object.
         const data = {...entry.data, lastUsedAt: new Date().toISOString()};
         entry.data = data; // keep the cached copy current without invalidating
-        updateEntry(API_TOKENS_COLLECTION_SLUG, entry.id, data).catch(() => {});
+        // Fire-and-forget, but chained so revoke/update can await it.
+        writeChain = writeChain
+            .then(() => updateEntry(API_TOKENS_COLLECTION_SLUG, entry.id, data))
+            .catch(() => {});
     }
 
     return sanitise(entry);
@@ -218,6 +230,7 @@ export async function getTokenSanitised(id) {
  * @throws {Error} On validation failure
  */
 export async function updateToken(id, patch = {}) {
+    await writeChain; // drain any in-flight lastUsedAt write first
     const entry = await getEntry(API_TOKENS_COLLECTION_SLUG, id);
     if (!entry) return null;
 
@@ -251,6 +264,7 @@ export async function updateToken(id, patch = {}) {
  * @returns {Promise<boolean>}
  */
 export async function revokeToken(id) {
+    await writeChain; // drain any in-flight lastUsedAt write — revoke must be final
     const entry = await getEntry(API_TOKENS_COLLECTION_SLUG, id);
     if (!entry) return false;
     await deleteEntry(API_TOKENS_COLLECTION_SLUG, id);

package/server/services/permissionRegistry.js

@@ -215,6 +215,19 @@ export const REGISTRY = [
             {key: 'update', label: 'Edit',   description: 'Rename, enable/disable, or edit token scopes'},
             {key: 'delete', label: 'Revoke', description: 'Revoke (delete) API tokens'}
         ]
+    },
+    {
+        key: 'api-endpoints',
+        label: 'API Builder',
+        description: 'Build custom REST endpoints over collection data (/api/x/*).',
+        icon: 'code',
+        group: 'Configuration',
+        actions: [
+            {key: 'read',   label: 'View',   description: 'View custom API endpoint definitions'},
+            {key: 'create', label: 'Create', description: 'Create new endpoint definitions'},
+            {key: 'update', label: 'Edit',   description: 'Edit endpoint definitions'},
+            {key: 'delete', label: 'Delete', description: 'Delete endpoint definitions'}
+        ]
     }
 ];
 

package/server/services/presetCollections.js

@@ -85,6 +85,35 @@ const PRESETS = [
             delete: {enabled: false, access: 'admin'}
         }
     }
+    ,
+    {
+        slug: 'api-endpoints',
+        title: 'API Endpoints',
+        description: 'Curated custom REST endpoints over collection data (/api/x/*).',
+        preset: true,
+        systemManaged: true,
+        fields: [
+            {name: 'name',       label: 'Name',        type: 'text',     required: true},
+            {name: 'project',    label: 'Project',     type: 'text',     required: true},
+            {name: 'path',       label: 'Path',        type: 'text',     required: true},
+            {name: 'collection', label: 'Collection',  type: 'text',     required: true},
+            {name: 'auth',       label: 'Auth',        type: 'text',     default: 'public'},
+            {name: 'mode',       label: 'Mode',        type: 'select',   options: ['list', 'single'], default: 'list'},
+            {name: 'filter',     label: 'Filter',      type: 'object',   default: {}},
+            {name: 'sort',       label: 'Sort Field',  type: 'text'},
+            {name: 'order',      label: 'Sort Order',  type: 'select',   options: ['asc', 'desc'], default: 'desc'},
+            {name: 'limit',      label: 'Limit',       type: 'number',   default: 50},
+            {name: 'fields',     label: 'Fields',      type: 'array',    items: 'string', default: []},
+            {name: 'enabled',    label: 'Enabled',     type: 'boolean',  default: true},
+            {name: 'createdBy',  label: 'Created By',  type: 'text'}
+        ],
+        api: {
+            create: {enabled: false, access: 'admin'},
+            read:   {enabled: false, access: 'admin'},
+            update: {enabled: false, access: 'admin'},
+            delete: {enabled: false, access: 'admin'}
+        }
+    }
 ];
 
 /** Slugs exported for use in adapterRegistry and the delete guard. */

package/server/services/projects.js

@@ -337,7 +337,7 @@ export async function getProjectForPage(urlPath, explicitProject) {
 export async function getArtefactsForProject(projectSlug) {
     const out = {
         pages: [], collections: [], forms: [], actions: [],
-        menus: [], blocks: [], views: [], roles: [], users: []
+        menus: [], blocks: [], views: [], roles: [], users: [], apis: []
     };
 
     try {
@@ -411,6 +411,17 @@ export async function getArtefactsForProject(projectSlug) {
         }
     } catch { /* skip */ }
 
+    try {
+        // Custom API endpoints store their project in data.project (required
+        // field — no untagged-→core fallback applies, so match directly).
+        const {entries} = await listEntries('api-endpoints', {limit: 0});
+        for (const e of entries) {
+            if (e.data?.project === projectSlug) {
+                out.apis.push({id: e.id, name: e.data.name, path: e.data.path, collection: e.data.collection});
+            }
+        }
+    } catch { /* skip */ }
+
     return out;
 }
 
@@ -436,7 +447,7 @@ export async function untagAllForProject(projectSlug) {
     }
     const counts = {
         pages: 0, collections: 0, forms: 0, actions: 0,
-        menus: 0, blocks: 0, views: 0, roles: 0, users: 0
+        menus: 0, blocks: 0, views: 0, roles: 0, users: 0, apis: 0
     };
     const grouped = await getArtefactsForProject(projectSlug);
 
@@ -516,6 +527,11 @@ export async function untagAllForProject(projectSlug) {
     // plumbing to land first; pages need frontmatter rewriting which is a
     // separate concern. Counts remain 0 for those types in this task; later
     // tasks may revisit.
+    //
+    // API endpoints: intentionally skipped. An endpoint's project IS its URL
+    // namespace (/api/x/<project>/...) — silently untagging would move live
+    // endpoints to /api/x/core/... and break external callers. Delete or
+    // recreate them explicitly instead.
 
     return counts;
 }

package/server/services/roles.js

@@ -73,7 +73,8 @@ const SEED_ENTRIES = [
         permissions: [
             'pages', 'media', 'blocks', 'navigation', 'layouts',
             'collections', 'views', 'actions',
-            'users', 'settings', 'notifications', 'plugins'
+            'users', 'settings', 'notifications', 'plugins',
+            'api-tokens', 'api-endpoints'
         ],
         badgeClass: 'badge-warning'
     },
@@ -198,21 +199,30 @@ export async function seed() {
         await writeData(entries);
     }
 
-    // Self-heal: ensure the level-0 root role always carries every registry
-    // resource. Role permissions are a persisted snapshot taken at seed time,
-    // so new permission families added in an update (e.g. api-tokens) would
-    // otherwise be invisible — even to the super-admin — on existing installs.
-    // Other roles are intentionally NOT back-filled; admins grant new
-    // families via the role editor.
-    const root = entries.find(e => e.data?.level === 0);
-    if (root) {
-        const perms = root.data.permissions || [];
-        const missing = RESOURCES.filter(r => !perms.some(p => p === r || p.startsWith(`${r}.`)));
+    // Self-heal: base roles always gain permissions newly added to their SEED
+    // definitions in an update. Role permissions are a persisted snapshot
+    // taken at seed time, so a new family (e.g. api-endpoints) would
+    // otherwise be invisible on existing installs until granted by hand.
+    // Append-only — permissions an admin ADDED are preserved; note that a
+    // seeded permission deliberately removed from a base role is re-added on
+    // boot (use a custom role to run with less than the base set). The root
+    // role's seed list is the full registry, so it always carries every
+    // resource. Custom (non-seed) roles are never touched.
+    let healed = false;
+    for (const seedRole of SEED_ENTRIES) {
+        const onDisk = seedRole.level === 0
+            ? entries.find(e => e.data?.level === 0)               // root may be renamed
+            : entries.find(e => e.data?.name === seedRole.name);
+        if (!onDisk) continue;
+        const perms = onDisk.data.permissions || [];
+        const seedPerms = seedRole.level === 0 ? RESOURCES : seedRole.permissions;
+        const missing = seedPerms.filter(r => !perms.some(p => p === r || p.startsWith(`${r}.`)));
         if (missing.length) {
-            root.data.permissions = [...perms, ...missing];
-            await writeData(entries);
+            onDisk.data.permissions = [...perms, ...missing];
+            healed = true;
         }
     }
+    if (healed) await writeData(entries);
 
     // Migrate existing user files whose role is no longer recognised
     await migrateUserRoles(entries);

package/server/services/scaffolder.js

@@ -279,7 +279,7 @@ export async function applyRecipe(recipeSlug, opts = {}) {
         throw err;
     }
 
-    const created  = { collection: null, form: null, actions: [], roles: [], users: [], menus: [], apiTokens: [] };
+    const created  = { collection: null, form: null, actions: [], roles: [], users: [], menus: [], apiTokens: [], apiEndpoints: [] };
     const skipped  = [];
     const warnings = [];
 
@@ -489,6 +489,29 @@ export async function applyRecipe(recipeSlug, opts = {}) {
         }
     }
 
+    // Custom API endpoints — declared as definition objects (path, collection,
+    // filter, ...). Idempotent: an existing (project, path-shape) match is
+    // skipped so re-applying a recipe never clobbers a tuned definition.
+    const endpointDecls = resolved.apiEndpoints ? [].concat(resolved.apiEndpoints) : [];
+    if (endpointDecls.length) {
+        const {createEndpoint, findEndpointByPath} = await import('./apiEndpoints.js');
+        const epProject = projectSlug || tokens.namespace || 'core';
+        for (const ep of endpointDecls) {
+            if (!ep.path) continue;
+            if (await findEndpointByPath(epProject, ep.path)) {
+                skipped.push(`apiEndpoint:${ep.path}`);
+                warnings.push(`API endpoint "${ep.path}" already exists for project "${epProject}" — left unchanged`);
+                continue;
+            }
+            try {
+                await createEndpoint({...ep, project: epProject, createdBy: opts.createdBy || null});
+                created.apiEndpoints.push(ep.path);
+            } catch (err) {
+                warnings.push(`API endpoint "${ep.path}" failed: ${err.message}`);
+            }
+        }
+    }
+
     const snippet = resolved.snippet || null;
 
     return { created, skipped, warnings, snippet };

package/server/services/sidebar-migration.js

@@ -41,6 +41,7 @@ const SEED_ITEMS = [
             {text: 'Forms',       url: '#/forms',       icon: 'layout',    permission: 'collections'},
             {text: 'Views',       url: '#/views',       icon: 'eye',       permission: 'views'},
             {text: 'Actions',     url: '#/actions',     icon: 'zap',       permission: 'actions'},
+            {text: 'API Builder', url: '#/api-endpoints', icon: 'code',    permission: 'api-endpoints'},
             {text: 'Blocks',      url: '#/blocks',      icon: 'box',       permission: 'pages'},
             {text: 'Components',  url: '#/components',  icon: 'component', permission: 'components'}
         ]