flarecms 0.1.0 → 0.1.2

package/src/api/routes/mcp.ts

@@ -1,273 +0,0 @@
-import { Hono } from 'hono';
-
-import { setupMiddleware, authMiddleware } from '../middlewares/auth';
-import { createDb, ensureUniqueSlug, createCollectionTable, addFieldToTable } from '../../db';
-import { ulid } from 'ulidx';
-import { dynamicContentSchema, collectionSchema, fieldSchema } from '../schemas';
-import { sql } from 'kysely';
-import { cache } from '../lib/cache';
-import type { Bindings, Variables } from 'src/types';
-
-export const mcpRoutes = new Hono<{ Bindings: Bindings; Variables: Variables }>();
-
-mcpRoutes.use('*', setupMiddleware);
-mcpRoutes.use('*', authMiddleware);
-
-/**
- * In Cloudflare Workers, long-polling / SSE streams combined with separate POST endpoints can fail
- * because a POST might route to a different worker isolate than the GET SSE connection, dropping the message.
- *
- * FlareCMS implements a "Stateless RPC Endpoint" that allows specialized proxy agents to 
- * execute standard MCP-like tool calls synchronously. This works 100% within the Edge environment.
- */
-
-mcpRoutes.post("/execute", async (c) => {
-  try {
-    const db = createDb(c.env.DB);
-    const body = await c.req.json();
-    const { tool, arguments: args } = body;
-
-    if (!tool) {
-      return c.json({ error: "No tool specified" }, 400);
-    }
-
-    if (tool === "list_collections") {
-      const collections = await db.selectFrom('fc_collections').selectAll().execute();
-      return c.json({
-        content: [{ type: "text", text: JSON.stringify(collections, null, 2) }]
-      });
-    }
-
-    if (tool === "read_content") {
-      const collectionSlug = args?.collection as string;
-      const limit = (args?.limit as number) || 10;
-
-      if (!collectionSlug) return c.json({ error: "Missing 'collection' argument" }, 400);
-
-      const collectionRecord = await db.selectFrom('fc_collections')
-        .select('id')
-        .where('slug', '=', collectionSlug)
-        .executeTakeFirst();
-
-      if (!collectionRecord) {
-        return c.json({ content: [{ type: "text", text: `Error: Collection '${collectionSlug}' not found.` }] });
-      }
-
-      const tableName = `ec_${collectionSlug}`;
-
-      const content = await db.selectFrom(tableName as any)
-        .selectAll()
-        .where('status', '!=', 'deleted')
-        .limit(limit)
-        .execute().catch(() => []); // Graceful fail if table doesn't exist yet
-
-      return c.json({ content: [{ type: "text", text: JSON.stringify(content, null, 2) }] });
-    }
-
-    if (tool === "get_collection_schema") {
-      const collectionSlug = args?.collection as string;
-      if (!collectionSlug) return c.json({ error: "Missing 'collection' argument" }, 400);
-
-      const collection = await db.selectFrom('fc_collections')
-        .selectAll()
-        .where('slug', '=', collectionSlug)
-        .executeTakeFirst();
-
-      if (!collection) {
-        return c.json({ content: [{ type: "text", text: `Error: Collection '${collectionSlug}' not found.` }] });
-      }
-
-      const fields = await db.selectFrom('fc_fields')
-        .selectAll()
-        .where('collection_id', '=', collection.id)
-        .execute();
-
-      const schema = {
-        metadata: {
-          ...collection,
-          features: collection.features ? JSON.parse(collection.features) : []
-        },
-        fields
-      };
-
-      return c.json({
-        content: [{ type: "text", text: JSON.stringify(schema, null, 2) }]
-      });
-    }
-
-    if (tool === "create_document") {
-      const collectionName = args?.collection as string;
-      const data = args?.data;
-
-      if (!collectionName || !data) {
-        return c.json({ error: "Missing 'collection' or 'data' argument" }, 400);
-      }
-
-      const collection = await db.selectFrom('fc_collections')
-        .select('id')
-        .where('slug', '=', collectionName)
-        .executeTakeFirst();
-
-      if (!collection) return c.json({ error: `Collection '${collectionName}' not found` }, 404);
-
-      const parsed = dynamicContentSchema.safeParse(data);
-      if (!parsed.success) return c.json({ error: parsed.error.format() }, 400);
-
-      const id = ulid();
-      const docData = parsed.data;
-
-      const baseSlug = docData.slug || docData.title?.toLowerCase().replace(/[^a-z0-9]+/g, '-') || id;
-      const slug = await ensureUniqueSlug(db, collectionName, baseSlug);
-      const status = docData.status || 'draft';
-
-      const doc = {
-        ...docData,
-        id,
-        slug,
-        status,
-      };
-
-      await db.insertInto(`ec_${collectionName}` as any)
-        .values(doc)
-        .execute();
-
-      return c.json({
-        content: [{ type: "text", text: `Success: Document created with ID ${id} and slug ${slug}` }]
-      });
-    }
-
-    if (tool === "update_document") {
-      const collectionName = args?.collection as string;
-      const id = args?.id as string;
-      const data = args?.data;
-
-      if (!collectionName || !id || !data) {
-        return c.json({ error: "Missing 'collection', 'id', or 'data' argument" }, 400);
-      }
-
-      const parsed = dynamicContentSchema.safeParse(data);
-      if (!parsed.success) return c.json({ error: parsed.error.format() }, 400);
-
-      // Handle slug change uniqueness
-      let finalData = { ...parsed.data };
-      if (finalData.slug) {
-        finalData.slug = await ensureUniqueSlug(db, collectionName, finalData.slug, id);
-      }
-
-      await db.updateTable(`ec_${collectionName}` as any)
-        .set({
-          ...finalData,
-          updated_at: sql`CURRENT_TIMESTAMP`
-        })
-        .where('id', '=', id)
-        .execute();
-
-      return c.json({
-        content: [{ type: "text", text: `Success: Document ${id} updated.` }]
-      });
-    }
-
-    if (tool === "create_collection") {
-      const data = args;
-      const parsed = collectionSchema.safeParse(data);
-      if (!parsed.success) return c.json({ error: parsed.error.format() }, 400);
-
-      const id = ulid();
-      const slug = parsed.data.slug;
-
-      await db.insertInto('fc_collections')
-        .values({
-          id,
-          slug,
-          label: parsed.data.label,
-          label_singular: parsed.data.labelSingular || null,
-          description: parsed.data.description || null,
-          icon: parsed.data.icon || null,
-          is_public: parsed.data.isPublic ? 1 : 0,
-        })
-        .execute();
-
-      await createCollectionTable(db, slug);
-
-      // Sync cache
-      await cache.invalidateSchema(c.env.KV, slug);
-      await cache.invalidateCollectionList(c.env.KV);
-
-      return c.json({
-        content: [{ type: "text", text: `Success: Collection '${slug}' created with ID ${id}` }]
-      });
-    }
-
-    if (tool === "update_collection") {
-      const id = args?.id as string;
-      const data = args?.data;
-
-      if (!id || !data) return c.json({ error: "Missing 'id' or 'data' argument" }, 400);
-
-      await db.updateTable('fc_collections')
-        .set({
-          ...data,
-          updated_at: sql`CURRENT_TIMESTAMP`
-        })
-        .where('id', '=', id)
-        .execute();
-
-      // Sync cache
-      const updatedCol = await db.selectFrom('fc_collections')
-        .select('slug')
-        .where('id', '=', id)
-        .executeTakeFirst();
-
-      if (updatedCol) {
-        await cache.invalidateSchema(c.env.KV, updatedCol.slug);
-        await cache.invalidateCollectionList(c.env.KV);
-      }
-
-      return c.json({
-        content: [{ type: "text", text: `Success: Collection ${id} updated.` }]
-      });
-    }
-
-    if (tool === "add_field") {
-      const collectionId = args?.collection_id as string;
-      const data = args?.field;
-
-      if (!collectionId || !data) return c.json({ error: "Missing 'collection_id' or 'field' argument" }, 400);
-
-      const parsed = fieldSchema.safeParse(data);
-      if (!parsed.success) return c.json({ error: parsed.error.format() }, 400);
-
-      const collection = await db.selectFrom('fc_collections')
-        .select('slug')
-        .where('id', '=', collectionId)
-        .executeTakeFirst();
-
-      if (!collection) return c.json({ error: 'Collection not found' }, 404);
-
-      const fieldId = ulid();
-      await db.insertInto('fc_fields')
-        .values({
-          id: fieldId,
-          collection_id: collectionId,
-          slug: parsed.data.slug,
-          label: parsed.data.label,
-          type: parsed.data.type,
-          required: parsed.data.required ? 1 : 0,
-        })
-        .execute();
-
-      await addFieldToTable(db, collection.slug, parsed.data.slug, parsed.data.type);
-
-      // Sync cache
-      await cache.invalidateSchema(c.env.KV, collection.slug);
-
-      return c.json({
-        content: [{ type: "text", text: `Success: Field '${parsed.data.slug}' added to collection '${collection.slug}'` }]
-      });
-    }
-
-    return c.json({ error: "Tool not found" }, 404);
-  } catch (error: any) {
-    return c.json({ error: `Server Error: ${error.message}` }, 500);
-  }
-});

package/src/api/routes/oauth.ts

@@ -1,160 +0,0 @@
-import { Hono } from 'hono';
-import { createDb } from '../../db';
-import { generateSessionToken } from '../../auth';
-import { setCookie } from 'hono/cookie';
-import { oauthCallbackSchema } from '../schemas/auth';
-import { ulid } from 'ulidx';
-import type { Bindings, Variables } from '../index';
-import { apiResponse } from '../lib/response';
-
-export const oauthRoutes = new Hono<{ Bindings: Bindings; Variables: Variables }>();
-
-// OAuth Login (Initiate Redirect)
-oauthRoutes.get('/github/login', (c) => {
-  const clientId = c.env.GITHUB_CLIENT_ID;
-  if (!clientId) return apiResponse.error(c, 'GitHub OAuth not configured', 500);
-
-  const redirectUri = encodeURIComponent(`https://${new URL(c.req.url).hostname}/api/oauth/github/callback`);
-  const scope = encodeURIComponent('read:user user:email');
-  
-  // Create secure random state parameter here to store in cookies usually
-  const state = Math.random().toString(36).substring(2);
-
-  return c.redirect(`https://github.com/login/oauth/authorize?client_id=${clientId}&redirect_uri=${redirectUri}&scope=${scope}&state=${state}`);
-});
-
-// OAuth Callback
-oauthRoutes.get('/github/callback', async (c) => {
-  const code = c.req.query('code');
-  if (!code) return apiResponse.error(c, 'Missing code');
-
-  const clientId = c.env.GITHUB_CLIENT_ID;
-  const clientSecret = c.env.GITHUB_CLIENT_SECRET;
-  
-  if (!clientId || !clientSecret) return apiResponse.error(c, 'GitHub OAuth not configured', 500);
-
-  const db = createDb(c.env.DB);
-
-  try {
-    // 1. Exchange Code for Access Token
-    const tokenRes = await fetch('https://github.com/login/oauth/access_token', {
-      method: 'POST',
-      headers: {
-        'Accept': 'application/json',
-        'Content-Type': 'application/json'
-      },
-      body: JSON.stringify({
-        client_id: clientId,
-        client_secret: clientSecret,
-        code
-      })
-    });
-    const tokenData: any = await tokenRes.json();
-    if (tokenData.error) throw new Error(tokenData.error_description || tokenData.error);
-
-    // 2. Fetch User Profile
-    const userRes = await fetch('https://api.github.com/user', {
-      headers: {
-        'Authorization': `Bearer ${tokenData.access_token}`,
-        'User-Agent': 'FlareCMS'
-      }
-    });
-    const userData: any = await userRes.json();
-
-    // 3. Fetch User Emails (GitHub separates primary email)
-    const emailRes = await fetch('https://api.github.com/user/emails', {
-      headers: {
-        'Authorization': `Bearer ${tokenData.access_token}`,
-        'User-Agent': 'FlareCMS'
-      }
-    });
-    const emailData: any[] = await emailRes.json();
-    const primaryEmail = emailData.find((e: any) => e.primary)?.email || userData.email;
-
-    if (!primaryEmail) throw new Error('No public email found in GitHub account');
-
-    // 4. Link or Provision User Account
-    const githubId = String(userData.id);
-    let user = await db.selectFrom('fc_oauth_accounts')
-      .innerJoin('fc_users', 'fc_oauth_accounts.user_id', 'fc_users.id')
-      .select(['fc_users.id', 'fc_users.disabled'])
-      .where('fc_oauth_accounts.provider_id', '=', 'github')
-      .where('fc_oauth_accounts.provider_user_id', '=', githubId)
-      .executeTakeFirst();
-
-    if (!user) {
-      // Look for existing user by email
-      let localUser = await db.selectFrom('fc_users').selectAll().where('email', '=', primaryEmail).executeTakeFirst();
-
-      if (!localUser) {
-        // 1. Check Registration Policy
-        const signupEnabled = await db.selectFrom('options').select('value').where('name', '=', 'flare:signup_enabled').executeTakeFirst();
-        const defaultRole = await db.selectFrom('options').select('value').where('name', '=', 'flare:signup_default_role').executeTakeFirst();
-        const domainRulesRaw = await db.selectFrom('options').select('value').where('name', '=', 'flare:signup_domain_rules').executeTakeFirst();
-        
-        const isEnabled = signupEnabled?.value === 'true';
-        const roleDefault = defaultRole?.value || 'editor';
-        const domainRules = JSON.parse(domainRulesRaw?.value || '{}') as Record<string, string>;
-
-        if (!isEnabled) {
-          throw new Error('Signups are currently disabled');
-        }
-
-        // Determine role based on domain
-        const domain = primaryEmail.split('@')[1];
-        const assignedRole = domainRules[domain] || roleDefault;
-
-        // Provision new user
-        localUser = {
-          id: ulid(),
-          email: primaryEmail,
-          password: null,
-          role: assignedRole,
-          disabled: 0,
-          created_at: new Date().toISOString(),
-          updated_at: new Date().toISOString()
-        };
-        await db.insertInto('fc_users').values(localUser as any).execute();
-      }
-
-      // Link Account
-      await db.insertInto('fc_oauth_accounts')
-        .values({
-          provider_id: 'github',
-          provider_user_id: githubId,
-          user_id: localUser.id
-        })
-        .execute();
-
-      user = localUser as any;
-    }
-
-    if (user!.disabled) return apiResponse.error(c, 'Account is disabled', 403);
-
-    // 5. Create Session
-    const sessionId = generateSessionToken();
-    const expiresAt = new Date();
-    expiresAt.setDate(expiresAt.getDate() + 30);
-
-    await db.insertInto('fc_sessions')
-      .values({
-        id: sessionId,
-        user_id: user!.id,
-        expires_at: expiresAt.toISOString(),
-      })
-      .execute();
-
-    setCookie(c, 'session', sessionId, {
-      httpOnly: true,
-      secure: true,
-      sameSite: 'Strict',
-      expires: expiresAt,
-      path: '/'
-    });
-
-    return c.redirect('/admin'); // Assuming frontend handles redirect logic to dashboard
-  } catch (error: any) {
-    return apiResponse.error(c, error.message);
-  }
-});
-

package/src/api/routes/settings.ts

@@ -1,43 +0,0 @@
-import { Hono } from 'hono';
-import { createDb } from '../../db';
-import { requireRole } from '../middlewares/rbac';
-import type { Bindings } from '../index';
-import { apiResponse } from '../lib/response';
-
-export const settingsRoutes = new Hono<{ Bindings: Bindings }>();
-
-// All settings operations require admin role
-settingsRoutes.use('/*', requireRole(['admin']));
-
-// Only admins can modify core settings
-settingsRoutes.get('/', async (c) => {
-  const db = createDb(c.env.DB);
-  const result = await db.selectFrom('options')
-    .selectAll()
-    .where('name', 'like', 'flare:%')
-    .execute();
-  return apiResponse.ok(c, result);
-});
-
-settingsRoutes.patch('/', requireRole(['admin']), async (c) => {
-  const body = await c.req.json();
-  const db = createDb(c.env.DB);
-
-  try {
-    for (const [key, value] of Object.entries(body)) {
-      const settingName = key.startsWith('flare:') ? key : `flare:${key}`;
-      await db.insertInto('options')
-        .values({
-          name: settingName,
-          value: String(value)
-        })
-        .onConflict((oc) => oc.column('name').doUpdateSet({
-          value: String(value)
-        }))
-        .execute();
-    }
-    return apiResponse.ok(c, { success: true });
-  } catch (e: any) {
-    return apiResponse.error(c, e.message);
-  }
-});