flarecms 0.1.0 → 0.1.2

package/src/api/routes/content.ts

@@ -1,175 +0,0 @@
-import { Hono } from 'hono';
-import { createDb, ensureUniqueSlug } from '../../db';
-import { sql } from 'kysely';
-import { ulid } from 'ulidx';
-import { dynamicContentSchema } from '../schemas';
-import type { Bindings } from '../index';
-import { apiResponse } from '../lib/response';
-
-import { requireRole, requireScope } from '../middlewares/rbac';
-
-export const contentRoutes = new Hono<{ Bindings: Bindings }>();
-
-// Write operations (POST, PUT, DELETE) restricted to admin or editor roles.
-contentRoutes.post('/:collection', requireScope('write', 'collection_slug'), requireRole(['admin', 'editor']));
-contentRoutes.put('/:collection/*', requireScope('update', 'collection_slug'), requireRole(['admin', 'editor']));
-contentRoutes.delete('/:collection/*', requireScope('delete', 'collection_slug'), requireRole(['admin', 'editor']));
-
-contentRoutes.get('/:collection', requireScope('read', 'collection_slug'), async (c) => {
-  const collection = c.req.param('collection');
-  const db = createDb(c.env.DB);
-
-  const page = Number(c.req.query('page')) || 1;
-  const limit = Math.min(Number(c.req.query('limit')) || 20, 100);
-  const offset = (page - 1) * limit;
-
-  try {
-    // 1. Get total count
-    const countRes = await db.selectFrom(`ec_${collection}` as any)
-      .select(db.fn.count('id').as('count'))
-      .where('status', '!=', 'deleted')
-      .executeTakeFirst();
-
-    const total = Number(countRes?.count || 0);
-    const totalPages = Math.ceil(total / limit);
-
-    // 2. Get data slice
-    const result = await db.selectFrom(`ec_${collection}` as any)
-      .selectAll()
-      .where('status', '!=', 'deleted')
-      .orderBy('created_at', 'desc')
-      .limit(limit)
-      .offset(offset)
-      .execute();
-
-    return apiResponse.paginated(c, result, {
-      page,
-      limit,
-      total,
-      totalPages,
-      hasNextPage: page < totalPages,
-      hasPrevPage: page > 1,
-    });
-  } catch (e: any) {
-    return apiResponse.error(c, e.message);
-  }
-});
-
-contentRoutes.get('/:collection/:id', async (c) => {
-  const collection = c.req.param('collection');
-  const id = c.req.param('id');
-  const db = createDb(c.env.DB);
-  try {
-    const result = await db.selectFrom(`ec_${collection}` as any)
-      .selectAll()
-      .where('id', '=', id)
-      .executeTakeFirst();
-
-    if (!result) return apiResponse.error(c, 'Document not found', 404);
-    return apiResponse.ok(c, result);
-  } catch (e) {
-    return apiResponse.error(c, 'Access error', 404);
-  }
-});
-
-
-contentRoutes.post('/:collection', async (c) => {
-  const collectionName = c.req.param('collection');
-  const db = createDb(c.env.DB);
-
-  // 1. Get collection metadata
-  const collection = await db.selectFrom('fc_collections')
-    .select('id')
-    .where('slug', '=', collectionName)
-    .executeTakeFirst();
-
-  if (!collection) return apiResponse.error(c, 'Collection not found', 404);
-
-  // 2. Check for fields
-  const fieldCount = await db.selectFrom('fc_fields')
-    .select(db.fn.count('id').as('total'))
-    .where('collection_id', '=', collection.id)
-    .executeTakeFirst();
-
-  if (!fieldCount || Number(fieldCount.total) === 0) {
-    return apiResponse.error(c, 'Cannot create documents in a collection without fields. Please define your schema first.');
-  }
-
-  const body = await c.req.json();
-  const parsed = dynamicContentSchema.safeParse(body);
-  if (!parsed.success) {
-    return apiResponse.error(c, parsed.error.format());
-  }
-
-  const id = ulid();
-  const data = parsed.data;
-
-  // Handle Required Columns
-  const baseSlug = data.slug || data.title?.toLowerCase().replace(/[^a-z0-9]+/g, '-') || id;
-  const slug = await ensureUniqueSlug(db, collectionName, baseSlug);
-  const status = data.status || 'draft';
-
-  const doc = {
-    ...data,
-    id,
-    slug,
-    status,
-  };
-
-  try {
-    await db.insertInto(`ec_${collectionName}` as any)
-      .values(doc)
-      .execute();
-    return apiResponse.created(c, { id, slug });
-  } catch (e: any) {
-    return apiResponse.error(c, `Failed query: ${e.message}`);
-  }
-});
-
-contentRoutes.put('/:collection/:id', async (c) => {
-  const collectionName = c.req.param('collection');
-  const id = c.req.param('id');
-  const body = await c.req.json();
-  const parsed = dynamicContentSchema.safeParse(body);
-  if (!parsed.success) {
-    return apiResponse.error(c, parsed.error.format());
-  }
-
-  const db = createDb(c.env.DB);
-  const data = parsed.data;
-
-  // Handle slug change uniqueness
-  let finalData = { ...data };
-  if (data.slug) {
-    const uniqueSlug = await ensureUniqueSlug(db, collectionName, data.slug, id);
-    finalData.slug = uniqueSlug;
-  }
-
-  try {
-    await db.updateTable(`ec_${collectionName}` as any)
-      .set({
-        ...finalData,
-        updated_at: sql`CURRENT_TIMESTAMP`
-      })
-      .where('id', '=', id)
-      .execute();
-    return apiResponse.ok(c, { id, success: true, slug: finalData.slug });
-  } catch (e: any) {
-    return apiResponse.error(c, e.message);
-  }
-});
-
-contentRoutes.delete('/:collection/:id', async (c) => {
-  const collectionName = c.req.param('collection');
-  const id = c.req.param('id');
-  const db = createDb(c.env.DB);
-
-  try {
-    await db.deleteFrom(`ec_${collectionName}` as any)
-      .where('id', '=', id)
-      .execute();
-    return apiResponse.ok(c, { success: true });
-  } catch (e: any) {
-    return apiResponse.error(c, e.message);
-  }
-});

package/src/api/routes/device.ts

@@ -1,160 +0,0 @@
-import { Hono } from 'hono';
-import { createDb } from '../../db';
-import { ulid } from 'ulidx';
-import { deviceCodeRequestSchema, deviceTokenRequestSchema, deviceApproveSchema } from '../schemas/tokens';
-import { encodeHexLowerCase } from '@oslojs/encoding';
-import type { Bindings, Variables } from '../index';
-import { requireRole } from '../middlewares/rbac';
-import { authMiddleware } from '../middlewares/auth';
-import { apiResponse } from '../lib/response';
-
-export const deviceRoutes = new Hono<{ Bindings: Bindings; Variables: Variables }>();
-
-
-/**
- * 1. CLI requests a device code
- * Public unauthenticated endpoint
- */
-deviceRoutes.post('/code', async (c) => {
-  const body = await c.req.json();
-  const parsed = deviceCodeRequestSchema.safeParse(body);
-  if (!parsed.success) return apiResponse.error(c, parsed.error.format());
-
-  const db = createDb(c.env.DB);
-  const clientId = parsed.data.client_id;
-  const requestedScopes = parsed.data.scope ? parsed.data.scope.split(' ') : ['content:read']; // Default Scope
-
-  // Generate Device Code
-  const bytes = new Uint8Array(16);
-  crypto.getRandomValues(bytes);
-  const deviceCode = encodeHexLowerCase(bytes);
-
-  // Generate short user code (ex: ABCD-1234)
-  const userCode = Math.random().toString(36).substring(2, 6).toUpperCase() + '-' + Math.random().toString(36).substring(2, 6).toUpperCase();
-
-  const expiresAt = new Date();
-  expiresAt.setMinutes(expiresAt.getMinutes() + 15); // 15 mins to authorize
-
-  await db.insertInto('fc_device_codes')
-    .values({
-      device_code: deviceCode,
-      user_code: userCode,
-      client_id: clientId,
-      user_id: null,
-      scopes: JSON.stringify(requestedScopes),
-      expires_at: expiresAt.toISOString(),
-    })
-    .execute();
-
-  return apiResponse.ok(c, {
-    device_code: deviceCode,
-    user_code: userCode,
-    verification_uri: new URL(c.req.url).origin + '/device', // Assuming UI is there
-    expires_in: 900,
-    interval: 5
-  });
-});
-
-/**
- * 2. CLI Polls for token using device code
- * Public unauthenticated endpoint
- */
-deviceRoutes.post('/token', async (c) => {
-  const body = await c.req.json();
-  const parsed = deviceTokenRequestSchema.safeParse(body);
-  if (!parsed.success) return apiResponse.error(c, parsed.error.format());
-
-  const db = createDb(c.env.DB);
-  const { device_code, client_id } = parsed.data;
-
-  const codeRecord = await db.selectFrom('fc_device_codes')
-    .selectAll()
-    .where('device_code', '=', device_code)
-    .where('client_id', '=', client_id)
-    .executeTakeFirst();
-
-  if (!codeRecord) return apiResponse.error(c, 'invalid_grant');
-
-  if (new Date(codeRecord.expires_at) < new Date()) {
-    return apiResponse.error(c, 'expired_token');
-  }
-
-  if (!codeRecord.user_id) {
-    return apiResponse.error(c, 'authorization_pending');
-  }
-
-  // Approved! Create a real PAT
-  const randomBytes = new Uint8Array(24);
-  crypto.getRandomValues(randomBytes);
-  const suffix = encodeHexLowerCase(randomBytes);
-  const tokenId = `ec_pat_${ulid()}`;
-  const fullToken = `${tokenId}_${suffix}`;
-
-  const encoder = new TextEncoder();
-  const hashBuffer = await crypto.subtle.digest("SHA-256", encoder.encode(suffix));
-  const hashHex = Array.from(new Uint8Array(hashBuffer)).map(b => b.toString(16).padStart(2, '0')).join('');
-
-  await db.insertInto('fc_api_tokens')
-    .values({
-      id: tokenId,
-      user_id: codeRecord.user_id,
-      name: `Device Authorization (${client_id})`,
-      hash: hashHex,
-      scopes: codeRecord.scopes, // Inherit requested scopes
-      expires_at: null,
-      last_used_at: null,
-    })
-    .execute();
-
-  // Delete consumed device code
-  await db.deleteFrom('fc_device_codes').where('device_code', '=', device_code).execute();
-
-  return apiResponse.ok(c, {
-    access_token: fullToken,
-    token_type: 'bearer',
-    scope: JSON.parse(codeRecord.scopes).join(' ')
-  });
-});
-
-/**
- * 3. UI Approves code
- * Authenticated Endpoint (User must be logged in to approve)
- */
-// Temporary middleware stack application for this route specifically
-const approvalApp = new Hono<{ Bindings: Bindings; Variables: Variables }>();
-
-approvalApp.use('*', authMiddleware);
-approvalApp.use('*', requireRole(['admin', 'editor']));
-
-approvalApp.post('/verify', async (c) => {
-  const body = await c.req.json();
-  const parsed = deviceApproveSchema.safeParse(body);
-  if (!parsed.success) return apiResponse.error(c, parsed.error.format());
-
-  const user = c.get('user');
-  const db = createDb(c.env.DB);
-  const userCode = parsed.data.user_code.toUpperCase(); // normalize
-
-  const codeRecord = await db.selectFrom('fc_device_codes')
-    .selectAll()
-    .where('user_code', '=', userCode)
-    .where('user_id', 'is', null) // Only unapproved codes
-    .executeTakeFirst();
-
-  if (!codeRecord) return apiResponse.error(c, 'Invalid or expired user code', 404);
-
-  if (new Date(codeRecord.expires_at) < new Date()) {
-    await db.deleteFrom('fc_device_codes').where('user_code', '=', userCode).execute();
-    return apiResponse.error(c, 'Code expired');
-  }
-
-  // Approve it! Attach the user ID
-  await db.updateTable('fc_device_codes')
-    .set({ user_id: user.id })
-    .where('user_code', '=', userCode)
-    .execute();
-
-  return apiResponse.ok(c, { success: true, scopes: JSON.parse(codeRecord.scopes) });
-});
-
-deviceRoutes.route('/', approvalApp);

package/src/api/routes/magic.ts

@@ -1,150 +0,0 @@
-import { Hono } from 'hono';
-import { createDb } from '../../db';
-import { generateSessionToken } from '../../auth';
-import { setCookie } from 'hono/cookie';
-import { magicLinkRequestSchema, magicLinkVerifySchema } from '../schemas/auth';
-import { encodeHexLowerCase } from '@oslojs/encoding';
-import { ulid } from 'ulidx';
-import type { Bindings, Variables } from '../index';
-import { apiResponse } from '../lib/response';
-
-export const magicRoutes = new Hono<{ Bindings: Bindings; Variables: Variables }>();
-
-
-// Generate Magic Link
-magicRoutes.post('/request', async (c) => {
-  const body = await c.req.json();
-  const parsed = magicLinkRequestSchema.safeParse(body);
-  if (!parsed.success) return apiResponse.error(c, parsed.error.format());
-
-  const db = createDb(c.env.DB);
-  const { email } = parsed.data;
-
-  // 1. Check Registration Policy
-  const signupEnabled = await db.selectFrom('options').select('value').where('name', '=', 'flare:signup_enabled').executeTakeFirst();
-  const defaultRole = await db.selectFrom('options').select('value').where('name', '=', 'flare:signup_default_role').executeTakeFirst();
-  const domainRulesRaw = await db.selectFrom('options').select('value').where('name', '=', 'flare:signup_domain_rules').executeTakeFirst();
-  
-  const isEnabled = signupEnabled?.value === 'true';
-  const roleDefault = defaultRole?.value || 'editor';
-  const domainRules = JSON.parse(domainRulesRaw?.value || '{}') as Record<string, string>;
-
-  // 2. Link or Provision User
-  let user = await db.selectFrom('fc_users').selectAll().where('email', '=', email).executeTakeFirst();
-  
-  if (!user) {
-    if (!isEnabled) {
-      return apiResponse.error(c, 'Signups are currently disabled', 403);
-    }
-
-    // Determine role based on domain
-    const domain = email.split('@')[1] || '';
-    const assignedRole = domainRules[domain] || roleDefault;
-
-    // Provision new user
-    const newUser = {
-      id: ulid(),
-      email,
-      password: null,
-      role: assignedRole,
-      disabled: 0,
-    };
-    await db.insertInto('fc_users').values(newUser as any).execute();
-    user = await db.selectFrom('fc_users').selectAll().where('id', '=', newUser.id).executeTakeFirst();
-  }
-
-  if (!user || user.disabled) {
-    return apiResponse.error(c, 'Account disabled or not found', 403);
-  }
-
-  // Generate secure token
-  const randomBytes = new Uint8Array(32);
-  crypto.getRandomValues(randomBytes);
-  const rawToken = encodeHexLowerCase(randomBytes);
-  
-  // Hash for storage
-  const encoder = new TextEncoder();
-  const hashBuffer = await crypto.subtle.digest("SHA-256", encoder.encode(rawToken));
-  const hashHex = Array.from(new Uint8Array(hashBuffer)).map(b => b.toString(16).padStart(2, '0')).join('');
-
-  const expiresAt = new Date();
-  expiresAt.setMinutes(expiresAt.getMinutes() + 15); // 15 mins expiry
-
-  // Upsert pattern: delete old tokens for this email
-  await db.deleteFrom('fc_verification_tokens').where('identifier', '=', email).execute();
-
-  await db.insertInto('fc_verification_tokens')
-    .values({
-      identifier: email,
-      token: hashHex,
-      expires_at: expiresAt.toISOString(),
-    })
-    .execute();
-
-  // In a real app we'd send an email here using SendGrid/Resend
-  // For now, we simulate logging it
-  console.log(`[MAGIC LINK] -> https://${new URL(c.req.url).hostname}/verify?email=${encodeURIComponent(email)}&token=${rawToken}`);
-
-  return apiResponse.ok(c, { 
-    success: true, 
-    message: 'Magic link sent', 
-    dev_link: `https://${new URL(c.req.url).hostname}/verify?email=${encodeURIComponent(email)}&token=${rawToken}` 
-  });
-});
-
-// Verify Magic Link
-magicRoutes.post('/verify', async (c) => {
-  const body = await c.req.json();
-  const parsed = magicLinkVerifySchema.safeParse(body);
-  if (!parsed.success) return apiResponse.error(c, parsed.error.format());
-
-  const db = createDb(c.env.DB);
-  const { email, token } = parsed.data;
-
-  const user = await db.selectFrom('fc_users').selectAll().where('email', '=', email).executeTakeFirst();
-  if (!user || user.disabled) return apiResponse.error(c, 'Invalid or expired link', 401);
-
-  // Hash provided token
-  const encoder = new TextEncoder();
-  const hashBuffer = await crypto.subtle.digest("SHA-256", encoder.encode(token));
-  const hashHex = Array.from(new Uint8Array(hashBuffer)).map(b => b.toString(16).padStart(2, '0')).join('');
-
-  const record = await db.selectFrom('fc_verification_tokens')
-    .selectAll()
-    .where('identifier', '=', email)
-    .where('token', '=', hashHex)
-    .executeTakeFirst();
-
-  if (!record) return apiResponse.error(c, 'Invalid or expired link', 401);
-
-  if (new Date(record.expires_at) < new Date()) {
-    await db.deleteFrom('fc_verification_tokens').where('identifier', '=', email).execute();
-    return apiResponse.error(c, 'Link expired', 401);
-  }
-
-  // Success! Delete token and create session
-  await db.deleteFrom('fc_verification_tokens').where('identifier', '=', email).execute();
-
-  const sessionId = generateSessionToken();
-  const expiresAt = new Date();
-  expiresAt.setDate(expiresAt.getDate() + 30);
-
-  await db.insertInto('fc_sessions')
-    .values({
-      id: sessionId,
-      user_id: user.id,
-      expires_at: expiresAt.toISOString(),
-    })
-    .execute();
-
-    setCookie(c, 'session', sessionId, {
-      httpOnly: true,
-      secure: true,
-      sameSite: 'Strict',
-      expires: expiresAt,
-      path: '/'
-    });
-
-
-  return apiResponse.ok(c, { success: true, message: 'Logged in via Magic Link' });
-});