flarecms 0.1.0

package/src/db/migrations/002_auth_tables.ts

@@ -0,0 +1,84 @@
+import { Kysely, sql } from 'kysely';
+
+export async function up(db: Kysely<any>): Promise<void> {
+  // Core Sessions
+  await db.schema
+    .createTable('fc_sessions')
+    .ifNotExists()
+    .addColumn('id', 'text', (col) => col.primaryKey())
+    .addColumn('user_id', 'text', (col) => col.notNull())
+    .addColumn('expires_at', 'text', (col) => col.notNull())
+    .execute();
+
+  // Biometric Passkeys
+  await db.schema
+    .createTable('fc_passkeys')
+    .ifNotExists()
+    .addColumn('id', 'text', (col) => col.primaryKey())
+    .addColumn('user_id', 'text', (col) => col.notNull())
+    .addColumn('name', 'text')
+    .addColumn('public_key', 'text', (col) => col.notNull())
+    .addColumn('counter', 'integer', (col) => col.notNull())
+    .addColumn('device_type', 'text', (col) => col.notNull())
+    .addColumn('backed_up', 'integer', (col) => col.notNull())
+    .addColumn('transports', 'text')
+    .addColumn('created_at', 'text', (col) => col.defaultTo(sql`CURRENT_TIMESTAMP`))
+    .addColumn('last_used_at', 'text')
+    .execute();
+
+  // API Token Management
+  await db.schema
+    .createTable('fc_api_tokens')
+    .ifNotExists()
+    .addColumn('id', 'text', (col) => col.primaryKey())
+    .addColumn('user_id', 'text', (col) => col.notNull())
+    .addColumn('name', 'text', (col) => col.notNull())
+    .addColumn('hash', 'text', (col) => col.notNull())
+    .addColumn('scopes', 'text', (col) => col.notNull())
+    .addColumn('expires_at', 'text')
+    .addColumn('last_used_at', 'text')
+    .addColumn('created_at', 'text', (col) => col.defaultTo(sql`CURRENT_TIMESTAMP`))
+    .execute();
+
+  // OAuth Providers Linkage
+  await db.schema
+    .createTable('fc_oauth_accounts')
+    .ifNotExists()
+    .addColumn('provider_id', 'text', (col) => col.notNull())
+    .addColumn('provider_user_id', 'text', (col) => col.notNull())
+    .addColumn('user_id', 'text', (col) => col.notNull())
+    .addPrimaryKeyConstraint('pk_oauth_accounts', ['provider_id', 'provider_user_id'])
+    .execute();
+
+  // Email/OTP Verification Tokens
+  await db.schema
+    .createTable('fc_verification_tokens')
+    .ifNotExists()
+    .addColumn('identifier', 'text', (col) => col.notNull())
+    .addColumn('token', 'text', (col) => col.notNull())
+    .addColumn('expires_at', 'text', (col) => col.notNull())
+    .addPrimaryKeyConstraint('pk_verification_tokens', ['identifier', 'token'])
+    .execute();
+
+  // Device Code Authorization (IoT/TV flows)
+  await db.schema
+    .createTable('fc_device_codes')
+    .ifNotExists()
+    .addColumn('device_code', 'text', (col) => col.primaryKey())
+    .addColumn('user_code', 'text', (col) => col.notNull().unique())
+    .addColumn('client_id', 'text', (col) => col.notNull())
+    .addColumn('user_id', 'text')
+    .addColumn('scopes', 'text', (col) => col.notNull())
+    .addColumn('expires_at', 'text', (col) => col.notNull())
+    .addColumn('created_at', 'text', (col) => col.defaultTo(sql`CURRENT_TIMESTAMP`))
+    .execute();
+}
+
+export async function down(db: Kysely<any>): Promise<void> {
+  await db.schema.dropTable('fc_sessions').ifExists().execute();
+  await db.schema.dropTable('fc_passkeys').ifExists().execute();
+  await db.schema.dropTable('fc_api_tokens').ifExists().execute();
+  await db.schema.dropTable('fc_oauth_accounts').ifExists().execute();
+  await db.schema.dropTable('fc_verification_tokens').ifExists().execute();
+  await db.schema.dropTable('fc_device_codes').ifExists().execute();
+}

package/src/db/migrator.ts

@@ -0,0 +1,61 @@
+import { sql, type Migration } from 'kysely';
+import type { FlareDb } from './index';
+
+import * as initialSchema from './migrations/001_initial_schema';
+import * as authTables from './migrations/002_auth_tables';
+
+const STATIC_MIGRATIONS: Record<string, any> = {
+  '001_initial_schema': initialSchema,
+  '002_auth_tables': authTables,
+};
+
+/**
+ * Manual D1-safe migration runner.
+ * We avoid Kysely's built-in Migrator because it uses introspection (sqlite_master)
+ * which Cloudflare D1 restricts, causing SQLITE_AUTH errors.
+ */
+export async function runMigrations(db: FlareDb) {
+  // 1. Ensure migrations table exists
+  await sql`
+    CREATE TABLE IF NOT EXISTS _fc_migrations (
+      name TEXT PRIMARY KEY,
+      executed_at TEXT DEFAULT CURRENT_TIMESTAMP
+    )
+  `.execute(db);
+
+  // 2. Get executed migrations
+  const executed = await db
+    .selectFrom('_fc_migrations' as any)
+    .select('name')
+    .execute();
+  const executedNames = new Set(executed.map((m: any) => m.name));
+
+  const results: { name: string; status: 'Success' | 'Skipped' | 'Error' }[] = [];
+
+  // 3. Run missing migrations in order
+  const migrationNames = Object.keys(STATIC_MIGRATIONS).sort();
+
+  for (const name of migrationNames) {
+    if (executedNames.has(name)) {
+      results.push({ name, status: 'Skipped' });
+      continue;
+    }
+
+    try {
+      const migration = STATIC_MIGRATIONS[name];
+      await migration.up(db);
+
+      await db
+        .insertInto('_fc_migrations' as any)
+        .values({ name })
+        .execute();
+
+      results.push({ name, status: 'Success' });
+    } catch (err) {
+      console.error(`Migration ${name} failed:`, err);
+      throw err;
+    }
+  }
+
+  return results;
+}

package/src/db/schema.ts

@@ -0,0 +1,142 @@
+import type { ColumnType, Generated, Selectable, Insertable, Updateable } from 'kysely';
+
+export interface Database {
+  options: OptionsTable;
+  fc_collections: CollectionsTable;
+  fc_fields: FieldsTable;
+  fc_users: UsersTable;
+  fc_passkeys: PasskeysTable;
+  fc_sessions: SessionsTable;
+  fc_api_tokens: ApiTokensTable;
+  fc_oauth_accounts: OAuthAccountsTable;
+  fc_verification_tokens: VerificationTokensTable;
+  fc_device_codes: DeviceCodesTable;
+  // This helps typescript understand that we can have arbitrary string tables for dynamic content
+  [tableName: string]: any; 
+}
+
+export interface OptionsTable {
+  name: string;
+  value: string;
+}
+
+export type Option = Selectable<OptionsTable>;
+export type NewOption = Insertable<OptionsTable>;
+
+export interface CollectionsTable {
+  id: string;
+  slug: string;
+  label: string;
+  label_singular: string | null;
+  description: string | null;
+  icon: string | null;
+  is_public: ColumnType<number, number | undefined, number>;
+  features: string | null; // JSON array of strings
+  url_pattern: string | null;
+  created_at: ColumnType<string, string | undefined, never>;
+  updated_at: ColumnType<string, string | undefined, string>;
+}
+
+export type Collection = Selectable<CollectionsTable>;
+export type NewCollection = Insertable<CollectionsTable>;
+export type CollectionUpdate = Updateable<CollectionsTable>;
+
+export interface FieldsTable {
+  id: string;
+  collection_id: string;
+  label: string;
+  slug: string;
+  type: string;
+  required: ColumnType<number, number | undefined, number>; // sqlite boolean
+  created_at: ColumnType<string, string | undefined, never>;
+}
+
+export type Field = Selectable<FieldsTable>;
+export type NewField = Insertable<FieldsTable>;
+
+export interface UsersTable {
+  id: string;
+  email: string;
+  password: string | null; // Nullable if passkey only
+  role: string;
+  disabled: ColumnType<number, number | undefined, number>;
+  created_at: ColumnType<string, string | undefined, never>;
+  updated_at: ColumnType<string, string | undefined, string>;
+}
+
+export type User = Selectable<UsersTable>;
+export type NewUser = Insertable<UsersTable>;
+export type UserUpdate = Updateable<UsersTable>;
+
+export interface PasskeysTable {
+  id: string; // credentialID base64url encoded
+  user_id: string;
+  name: string | null; // User-defined alias
+  public_key: string; // base64url encoded
+  counter: number;
+  device_type: string;
+  backed_up: number;
+  transports: string | null;
+  created_at: ColumnType<string, string | undefined, never>;
+  last_used_at: string | null;
+}
+
+export type Passkey = Selectable<PasskeysTable>;
+export type NewPasskey = Insertable<PasskeysTable>;
+export type PasskeyUpdate = Updateable<PasskeysTable>;
+
+export interface SessionsTable {
+  id: string;
+  user_id: string;
+  expires_at: string;
+}
+
+export type Session = Selectable<SessionsTable>;
+export type NewSession = Insertable<SessionsTable>;
+export type SessionUpdate = Updateable<SessionsTable>;
+
+export interface ApiTokensTable {
+  id: string; // Token prefix (ec_pat_...)
+  user_id: string;
+  name: string;
+  hash: string; // SHA-256 hashed secret
+  scopes: string; // JSON string (array or structured object)
+  expires_at: string | null;
+  last_used_at: string | null;
+  created_at: ColumnType<string, string | undefined, never>;
+}
+
+export type ApiToken = Selectable<ApiTokensTable>;
+export type NewApiToken = Insertable<ApiTokensTable>;
+
+export interface OAuthAccountsTable {
+  provider_id: string;
+  provider_user_id: string;
+  user_id: string;
+}
+
+export type OAuthAccount = Selectable<OAuthAccountsTable>;
+export type NewOAuthAccount = Insertable<OAuthAccountsTable>;
+
+export interface VerificationTokensTable {
+  identifier: string; // Email
+  token: string;      // Hashed token
+  expires_at: string;
+}
+
+export type VerificationToken = Selectable<VerificationTokensTable>;
+export type NewVerificationToken = Insertable<VerificationTokensTable>;
+
+export interface DeviceCodesTable {
+  device_code: string;
+  user_code: string;
+  client_id: string;
+  user_id: string | null; // Null until user approves
+  scopes: string; // JSON string array
+  expires_at: string;
+  created_at: ColumnType<string, string | undefined, never>;
+}
+
+export type DeviceCode = Selectable<DeviceCodesTable>;
+export type NewDeviceCode = Insertable<DeviceCodesTable>;
+export type DeviceCodeUpdate = Updateable<DeviceCodesTable>;

package/src/index.ts

@@ -0,0 +1,12 @@
+export * from './auth';
+export * from './db';
+export * from './server';
+export * from './client';
+export * from './types';
+
+import { createFlareAPI } from './server';
+
+/**
+ * @deprecated Use createFlareAPI from 'flarecms/server' for better modularity.
+ */
+export const flarecms = createFlareAPI;

package/src/server/index.ts

@@ -0,0 +1,66 @@
+import { Hono } from 'hono';
+import { corsMiddleware } from '../api/middlewares/cors';
+import { setupMiddleware, authMiddleware } from '../api/middlewares/auth';
+import { authRoutes } from '../api/routes/auth';
+import { setupRoutes } from '../api/routes/setup';
+import { collectionsRoutes } from '../api/routes/collections';
+import { contentRoutes } from '../api/routes/content';
+import { tokenRoutes } from '../api/routes/tokens';
+import { deviceRoutes } from '../api/routes/device';
+import { magicRoutes } from '../api/routes/magic';
+import { oauthRoutes } from '../api/routes/oauth';
+import { settingsRoutes } from '../api/routes/settings';
+import { mcpRoutes } from '../api/routes/mcp';
+import { apiResponse } from '../api/lib/response';
+import type { Bindings, Variables } from '../types';
+
+/**
+ * Creates the modular FlareCMS API router.
+ * This can be mounted into any Hono application.
+ * 
+ * @example
+ * app.route('/api', createFlareAPI({ base: '/admin' }));
+ */
+export function createFlareAPI(options: { base?: string } = {}) {
+  const base = options.base || '/admin';
+  const api = new Hono<{ Bindings: Bindings; Variables: Variables }>();
+
+  // Middlewares
+  api.use('*', corsMiddleware);
+  api.use('*', async (c, next) => {
+    // Collect reserved slugs from base and standard system paths
+    const adminPrefix = base.replace(/^\//, '') || 'admin';
+    c.set('reservedSlugs', [
+      adminPrefix,
+      'api',
+      'setup',
+      'auth',
+      'login',
+      'signup',
+      'collections',
+      'users',
+      'settings',
+      'oauth',
+    ]);
+    await next();
+  });
+
+  api.use('/*', setupMiddleware);
+  api.use('/*', authMiddleware);
+
+  // Routes
+  api.route('/auth', authRoutes);
+  api.route('/setup', setupRoutes);
+  api.route('/collections', collectionsRoutes);
+  api.route('/content', contentRoutes);
+  api.route('/tokens', tokenRoutes);
+  api.route('/device', deviceRoutes);
+  api.route('/magic', magicRoutes);
+  api.route('/oauth', oauthRoutes);
+  api.route('/settings', settingsRoutes);
+  api.route('/mcp', mcpRoutes);
+  
+  api.get('/health', (c) => apiResponse.ok(c, { status: 'ok' }));
+
+  return api;
+}

package/src/types.ts

@@ -0,0 +1,20 @@
+import {
+  type D1Database,
+  type KVNamespace,
+  type Fetcher,
+} from '@cloudflare/workers-types';
+
+export type Bindings = {
+  DB: D1Database;
+  KV: KVNamespace;
+  ASSETS: Fetcher;
+  AUTH_SECRET: string;
+  GITHUB_CLIENT_ID?: string;
+  GITHUB_CLIENT_SECRET?: string;
+};
+
+export type Variables = {
+  user: any;
+  scopes: string[];
+  reservedSlugs: string[];
+};

package/style.css.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Type declarations for the FlareCMS prefixed stylesheet.
+ * This allows importing the CSS file as a side-effect in TypeScript projects.
+ */
+declare module 'flarecms/style.css' {
+  const content: any;
+  export default content;
+}

package/tests/css.test.ts

@@ -0,0 +1,21 @@
+import { expect, test, describe } from "bun:test";
+import fs from "node:fs";
+
+describe("CSS Modularization", () => {
+  test("CSS is built with flare-cms prefix", () => {
+    const css = fs.readFileSync("./dist/style.css", "utf8");
+    // Verify prefix exists
+    expect(css).toContain(".flare-cms");
+  });
+
+  test("Global tags are scoped under flare-cms", () => {
+    const css = fs.readFileSync("./dist/style.css", "utf8");
+    
+    // html/body are converted to .flare-cms
+    expect(css).toContain(".flare-cms {");
+    
+    // Verify that utility classes are prefixed with the scope
+    // Example: .flare-cms .bg-background
+    expect(css).toContain(".flare-cms .bg-background");
+  });
+});

package/tests/modular.test.ts

@@ -0,0 +1,29 @@
+import { expect, test, describe } from "bun:test";
+import { createFlareAPI } from "../src/server";
+import { Hono } from "hono";
+
+describe("Modular API", () => {
+  test("createFlareAPI returns a Hono instance", () => {
+    const api = createFlareAPI();
+    expect(api).toBeInstanceOf(Hono);
+  });
+
+  test("API has health check route", async () => {
+    const api = createFlareAPI();
+    const res = await api.request("/health");
+    expect(res.status).toBe(200);
+    const data: any = await res.json();
+    expect(data.data.status).toBe("ok");
+  });
+
+  test("API injects reservedSlugs middleware", async () => {
+    const api = createFlareAPI({ base: '/custom-admin' });
+    api.get('/test-context', (c) => {
+      return c.json({ slugs: c.get('reservedSlugs') });
+    });
+    const res = await api.request("/test-context");
+    const data: any = await res.json();
+    expect(data.slugs).toContain('custom-admin');
+    expect(data.slugs).toContain('api');
+  });
+});

package/tsconfig.json

@@ -0,0 +1,10 @@
+{
+  "extends": "../../tsconfig.json",
+  "compilerOptions": {
+    "baseUrl": ".",
+    "paths": {
+      "@/*": ["./src/client/*"]
+    }
+  },
+  "include": ["src"]
+}