npm - domma-cms - Versions diffs - 0.8.6 → 0.8.10 - Mend

domma-cms 0.8.6 → 0.8.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/README.md +31 -9
package/admin/js/templates/effects.html +147 -72
package/admin/js/views/effects.js +1 -1
package/admin/js/views/page-editor.js +36 -30
package/package.json +1 -1
package/server/routes/api/blocks.js +18 -42
package/server/routes/api/forms.js +8 -1
package/server/services/blocks.js +107 -5
package/server/services/forms.js +77 -0
package/server/services/plugins.js +32 -2

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "domma-cms",
-  "version": "0.8.6",
+  "version": "0.8.10",
   "description": "File-based CMS powered by Domma and Fastify. Run npx domma-cms my-site to create a new project.",
   "type": "module",
   "main": "server/server.js",

package/server/routes/api/blocks.js CHANGED Viewed

@@ -6,20 +6,8 @@
  * PUT    /api/blocks/:name   - create or update block
  * DELETE /api/blocks/:name   - delete block
  */
-import path from 'path';
-import fs from 'fs/promises';
-import {fileURLToPath} from 'url';
 import {authenticate, requirePermission} from '../../middleware/auth.js';
-const __dirname = path.dirname(fileURLToPath(import.meta.url));
-const ROOT = path.resolve(__dirname, '../../..');
-const BLOCKS_DIR = path.join(ROOT, 'content', 'blocks');
-const NAME_RE = /^[a-z0-9][a-z0-9-]*$/;
-function blockPath(name) {
-    return path.join(BLOCKS_DIR, `${name}.html`);
-}
+import {deleteBlock, getBlock, listBlocks, saveBlock} from '../../services/blocks.js';
 export async function blocksRoutes(fastify) {
     const canRead = {preHandler: [authenticate, requirePermission('pages', 'read')]};
@@ -28,57 +16,45 @@ export async function blocksRoutes(fastify) {
     // List all blocks
     fastify.get('/blocks', canRead, async () => {
-        await fs.mkdir(BLOCKS_DIR, {recursive: true});
-        const files = await fs.readdir(BLOCKS_DIR);
-        const blocks = [];
-        for (const file of files.filter(f => f.endsWith('.html'))) {
-            const name = file.slice(0, -5);
-            const stat = await fs.stat(path.join(BLOCKS_DIR, file)).catch(() => null);
-            blocks.push({
-                name,
-                size: stat?.size ?? 0,
-                updatedAt: stat?.mtime?.toISOString() ?? null
-            });
-        }
-        return blocks.sort((a, b) => a.name.localeCompare(b.name));
+        return listBlocks();
     });
     // Get single block
     fastify.get('/blocks/:name', canRead, async (request, reply) => {
         const {name} = request.params;
-        if (!NAME_RE.test(name)) return reply.status(400).send({error: 'Invalid block name'});
         try {
-            const content = await fs.readFile(blockPath(name), 'utf8');
-            return {name, content};
-        } catch {
-            return reply.status(404).send({error: 'Block not found'});
+            return await getBlock(name);
+        } catch (err) {
+            if (err.code === 'INVALID_NAME') return reply.status(400).send({error: err.message});
+            if (err.code === 'ENOENT') return reply.status(404).send({error: 'Block not found'});
+            throw err;
         }
     });
     // Create or update block
     fastify.put('/blocks/:name', canUpdate, async (request, reply) => {
         const {name} = request.params;
-        if (!NAME_RE.test(name)) return reply.status(400).send({error: 'Invalid block name. Use lowercase letters, digits, and hyphens only.'});
         const {content} = request.body || {};
         if (typeof content !== 'string') return reply.status(400).send({error: 'content (string) is required'});
-        await fs.mkdir(BLOCKS_DIR, {recursive: true});
-        await fs.writeFile(blockPath(name), content, 'utf8');
-        return {success: true, name};
+        try {
+            return await saveBlock(name, content);
+        } catch (err) {
+            if (err.code === 'INVALID_NAME') return reply.status(400).send({error: err.message});
+            throw err;
+        }
     });
     // Delete block
     fastify.delete('/blocks/:name', canDelete, async (request, reply) => {
         const {name} = request.params;
-        if (!NAME_RE.test(name)) return reply.status(400).send({error: 'Invalid block name'});
         try {
-            await fs.unlink(blockPath(name));
+            await deleteBlock(name);
             return reply.status(204).send();
-        } catch {
-            return reply.status(404).send({error: 'Block not found'});
+        } catch (err) {
+            if (err.code === 'INVALID_NAME') return reply.status(400).send({error: err.message});
+            if (err.code === 'ENOENT') return reply.status(404).send({error: 'Block not found'});
+            throw err;
         }
     });
 }

package/server/routes/api/forms.js CHANGED Viewed

@@ -456,10 +456,17 @@ export async function formsRoutes(fastify) {
         hooks.emit('form:submitted', {slug, entryId: entry?.id || null, data, formTitle: form.title});
+        // Template interpolation for successRedirect
+        let redirect = settings.successRedirect || null;
+        if (redirect && entry?.id) {
+            redirect = redirect.replace(/\{\{entryId\}\}/g, entry.id);
+        }
         return {
             ok:       true,
+            entryId:  entry?.id || null,
             message:  settings.successMessage  || 'Thank you for your submission.',
-            redirect: settings.successRedirect || null
+            redirect: redirect
         };
     });

package/server/services/blocks.js CHANGED Viewed

@@ -1,9 +1,9 @@
 /**
  * Blocks Service
- * Seeds default block templates for built-in forms.
- * Never overwrites existing files — user customisations are preserved.
+ * CRUD operations and seeding for reusable HTML block templates in content/blocks/.
+ * Never overwrites existing files during seeding — user customisations are preserved.
  */
-import {access, writeFile} from 'fs/promises';
+import fs from 'fs/promises';
 import path from 'path';
 import {fileURLToPath} from 'url';
@@ -19,10 +19,10 @@ const BLOCKS_DIR = path.resolve(__dirname, '../../content/blocks');
 async function seedBlock(name, content) {
     const filePath = path.join(BLOCKS_DIR, `${name}.html`);
     try {
-        await access(filePath);
+        await fs.access(filePath);
         // File exists — leave it alone
     } catch {
-        await writeFile(filePath, content.trim() + '\n', 'utf8');
+        await fs.writeFile(filePath, content.trim() + '\n', 'utf8');
     }
 }
@@ -145,6 +145,108 @@ const BLOCKS = {
 };
+// ---------------------------------------------------------------------------
+// Validation
+// ---------------------------------------------------------------------------
+/** Block names must be lowercase alphanumeric + hyphens, no path traversal. */
+const NAME_RE = /^[a-z0-9][a-z0-9-]*$/;
+function assertValidName(name) {
+    if (!NAME_RE.test(name)) {
+        const err = new Error('Invalid block name. Use lowercase letters, digits, and hyphens only.');
+        err.code = 'INVALID_NAME';
+        throw err;
+    }
+}
+function blockFilePath(name) {
+    return path.join(BLOCKS_DIR, `${name}.html`);
+}
+// ---------------------------------------------------------------------------
+// CRUD service functions
+// ---------------------------------------------------------------------------
+/**
+ * List all blocks in the blocks directory.
+ *
+ * @returns {Promise<Array<{name: string, size: number, updatedAt: string|null}>>}
+ */
+export async function listBlocks() {
+    await fs.mkdir(BLOCKS_DIR, {recursive: true});
+    const files = await fs.readdir(BLOCKS_DIR);
+    const blocks = [];
+    for (const file of files.filter(f => f.endsWith('.html'))) {
+        const name = file.slice(0, -5);
+        const fileStat = await fs.stat(path.join(BLOCKS_DIR, file)).catch(() => null);
+        blocks.push({
+            name,
+            size: fileStat?.size ?? 0,
+            updatedAt: fileStat?.mtime?.toISOString() ?? null,
+        });
+    }
+    return blocks.sort((a, b) => a.name.localeCompare(b.name));
+}
+/**
+ * Read a single block's content by name.
+ *
+ * @param {string} name - Block name (without .html extension)
+ * @returns {Promise<{name: string, content: string}>}
+ * @throws {Error} With code INVALID_NAME or ENOENT when not found
+ */
+export async function getBlock(name) {
+    assertValidName(name);
+    try {
+        const content = await fs.readFile(blockFilePath(name), 'utf8');
+        return {name, content};
+    } catch (err) {
+        if (err.code === 'ENOENT') {
+            const notFound = new Error('Block not found');
+            notFound.code = 'ENOENT';
+            throw notFound;
+        }
+        throw err;
+    }
+}
+/**
+ * Create or update a block file (upsert).
+ *
+ * @param {string} name    - Block name (without .html extension)
+ * @param {string} content - HTML template content
+ * @returns {Promise<{success: boolean, name: string}>}
+ * @throws {Error} With code INVALID_NAME on bad name
+ */
+export async function saveBlock(name, content) {
+    assertValidName(name);
+    await fs.mkdir(BLOCKS_DIR, {recursive: true});
+    await fs.writeFile(blockFilePath(name), content, 'utf8');
+    return {success: true, name};
+}
+/**
+ * Delete a block file.
+ *
+ * @param {string} name - Block name (without .html extension)
+ * @returns {Promise<void>}
+ * @throws {Error} With code INVALID_NAME or ENOENT when not found
+ */
+export async function deleteBlock(name) {
+    assertValidName(name);
+    try {
+        await fs.unlink(blockFilePath(name));
+    } catch (err) {
+        if (err.code === 'ENOENT') {
+            const notFound = new Error('Block not found');
+            notFound.code = 'ENOENT';
+            throw notFound;
+        }
+        throw err;
+    }
+}
 // ---------------------------------------------------------------------------
 // Public API
 // ---------------------------------------------------------------------------

package/server/services/forms.js CHANGED Viewed

@@ -90,6 +90,83 @@ export function slugify(str) {
     return str.toLowerCase().replace(/[^a-z0-9]+/g, '-').replace(/^-|-$/g, '');
 }
+/**
+ * Get a single form definition by slug (alias for readForm).
+ *
+ * @param {string} slug
+ * @returns {Promise<object>}
+ * @throws {Error} If the form file does not exist or cannot be parsed.
+ */
+export async function getForm(slug) {
+    return readForm(slug);
+}
+/**
+ * Create a new form definition and write it to disk.
+ *
+ * @param {object} data - Form definition data
+ * @param {string} data.title - Form title (required if no slug)
+ * @param {string} [data.slug] - Explicit slug (derived from title if omitted)
+ * @param {string} [data.description]
+ * @param {Array}  [data.fields]
+ * @param {object} [data.settings]
+ * @param {object} [data.actions]
+ * @returns {Promise<object>} The created form object
+ * @throws {Error} If title is missing, slug cannot be derived, or a form with the slug already exists.
+ */
+export async function createForm(data) {
+    const { title, slug: rawSlug, description = '', fields = [], settings = {}, actions = {} } = data || {};
+    if (!title?.trim() && !rawSlug?.trim()) {
+        throw new Error('A title or slug is required to create a form.');
+    }
+    const slug = rawSlug ? slugify(rawSlug) : slugify(title);
+    if (!slug) {
+        throw new Error('Could not derive a valid slug from the provided title or slug.');
+    }
+    // Throw if a form with this slug already exists
+    try {
+        await readForm(slug);
+        const err = new Error(`Form with slug "${slug}" already exists`);
+        err.code = 'FORM_ALREADY_EXISTS';
+        throw err;
+    } catch (err) {
+        if (err.code === 'FORM_ALREADY_EXISTS') throw err;
+        // File not found — safe to proceed
+    }
+    const now = new Date().toISOString();
+    const trimmedTitle = title ? title.trim() : slug;
+    const form = {
+        slug,
+        title: trimmedTitle,
+        description,
+        fields: Array.isArray(fields) ? fields : [],
+        settings: {
+            submitText: 'Submit',
+            successMessage: 'Thank you for your submission.',
+            layout: 'stacked',
+            honeypot: true,
+            rateLimitPerMinute: 3,
+            ...settings
+        },
+        actions: {
+            email:      { enabled: false, recipients: '', subjectPrefix: `[${trimmedTitle}]` },
+            webhook:    { enabled: false, url: '', method: 'POST' },
+            collection: { enabled: true, slug },
+            ...actions
+        },
+        createdAt: now,
+        updatedAt: now
+    };
+    await writeForm(slug, form);
+    return form;
+}
 /** System collections that should never have an auto-generated public form. */
 const NO_FORM_SLUGS = new Set(['roles', 'user-profiles']);

package/server/services/plugins.js CHANGED Viewed

@@ -250,12 +250,42 @@ export async function runLifecycleHook(name, hook, fastify) {
         const mod = await import(pluginJsPath);
         if (typeof mod[hook] !== 'function') return;
-        const [collections, roles] = await Promise.all([
+        // Use Promise.allSettled to prevent total failure if any service import rejects
+        // (e.g. MongoDB-dependent modules like actions.js or views.js)
+        const results = await Promise.allSettled([
             import(path.resolve('server/services/collections.js')),
+            import(path.resolve('server/services/forms.js')),
+            import(path.resolve('server/services/blocks.js')),
+            import(path.resolve('server/services/content.js')),
+            import(path.resolve('server/config.js')),
             import(path.resolve('server/services/roles.js')),
+            import(path.resolve('server/services/users.js')),
+            import(path.resolve('server/services/actions.js')),
+            import(path.resolve('server/services/views.js')),
         ]);
-        await mod[hook]({ fastify, services: { collections, roles } });
+        const [collectionsResult, formsResult, blocksResult, contentResult, configResult, rolesResult, usersResult, actionsResult, viewsResult] = results;
+        const services = {
+            collections: collectionsResult.status === 'fulfilled' ? collectionsResult.value : null,
+            forms:       formsResult.status === 'fulfilled' ? formsResult.value : null,
+            blocks:      blocksResult.status === 'fulfilled' ? blocksResult.value : null,
+            content:     contentResult.status === 'fulfilled' ? contentResult.value : null,
+            config:      configResult.status === 'fulfilled' ? configResult.value : null,
+            roles:       rolesResult.status === 'fulfilled' ? rolesResult.value : null,
+            users:       usersResult.status === 'fulfilled' ? usersResult.value : null,
+            actions:     actionsResult.status === 'fulfilled' ? actionsResult.value : null,
+            views:       viewsResult.status === 'fulfilled' ? viewsResult.value : null,
+        };
+        // Log any import failures as warnings (not errors)
+        results.forEach((result, i) => {
+            if (result.status === 'rejected') {
+                fastify.log.warn({ err: result.reason }, `[plugins] Failed to load service ${i} for lifecycle hook`);
+            }
+        });
+        await mod[hook]({ fastify, services });
     } catch (err) {
         fastify.log.error(`Plugin "${name}" lifecycle hook "${hook}" failed: ${err.message}`);
     }