flarecms 0.1.0

package/src/api/routes/mcp.ts

@@ -0,0 +1,273 @@
+import { Hono } from 'hono';
+
+import { setupMiddleware, authMiddleware } from '../middlewares/auth';
+import { createDb, ensureUniqueSlug, createCollectionTable, addFieldToTable } from '../../db';
+import { ulid } from 'ulidx';
+import { dynamicContentSchema, collectionSchema, fieldSchema } from '../schemas';
+import { sql } from 'kysely';
+import { cache } from '../lib/cache';
+import type { Bindings, Variables } from 'src/types';
+
+export const mcpRoutes = new Hono<{ Bindings: Bindings; Variables: Variables }>();
+
+mcpRoutes.use('*', setupMiddleware);
+mcpRoutes.use('*', authMiddleware);
+
+/**
+ * In Cloudflare Workers, long-polling / SSE streams combined with separate POST endpoints can fail
+ * because a POST might route to a different worker isolate than the GET SSE connection, dropping the message.
+ *
+ * FlareCMS implements a "Stateless RPC Endpoint" that allows specialized proxy agents to 
+ * execute standard MCP-like tool calls synchronously. This works 100% within the Edge environment.
+ */
+
+mcpRoutes.post("/execute", async (c) => {
+  try {
+    const db = createDb(c.env.DB);
+    const body = await c.req.json();
+    const { tool, arguments: args } = body;
+
+    if (!tool) {
+      return c.json({ error: "No tool specified" }, 400);
+    }
+
+    if (tool === "list_collections") {
+      const collections = await db.selectFrom('fc_collections').selectAll().execute();
+      return c.json({
+        content: [{ type: "text", text: JSON.stringify(collections, null, 2) }]
+      });
+    }
+
+    if (tool === "read_content") {
+      const collectionSlug = args?.collection as string;
+      const limit = (args?.limit as number) || 10;
+
+      if (!collectionSlug) return c.json({ error: "Missing 'collection' argument" }, 400);
+
+      const collectionRecord = await db.selectFrom('fc_collections')
+        .select('id')
+        .where('slug', '=', collectionSlug)
+        .executeTakeFirst();
+
+      if (!collectionRecord) {
+        return c.json({ content: [{ type: "text", text: `Error: Collection '${collectionSlug}' not found.` }] });
+      }
+
+      const tableName = `ec_${collectionSlug}`;
+
+      const content = await db.selectFrom(tableName as any)
+        .selectAll()
+        .where('status', '!=', 'deleted')
+        .limit(limit)
+        .execute().catch(() => []); // Graceful fail if table doesn't exist yet
+
+      return c.json({ content: [{ type: "text", text: JSON.stringify(content, null, 2) }] });
+    }
+
+    if (tool === "get_collection_schema") {
+      const collectionSlug = args?.collection as string;
+      if (!collectionSlug) return c.json({ error: "Missing 'collection' argument" }, 400);
+
+      const collection = await db.selectFrom('fc_collections')
+        .selectAll()
+        .where('slug', '=', collectionSlug)
+        .executeTakeFirst();
+
+      if (!collection) {
+        return c.json({ content: [{ type: "text", text: `Error: Collection '${collectionSlug}' not found.` }] });
+      }
+
+      const fields = await db.selectFrom('fc_fields')
+        .selectAll()
+        .where('collection_id', '=', collection.id)
+        .execute();
+
+      const schema = {
+        metadata: {
+          ...collection,
+          features: collection.features ? JSON.parse(collection.features) : []
+        },
+        fields
+      };
+
+      return c.json({
+        content: [{ type: "text", text: JSON.stringify(schema, null, 2) }]
+      });
+    }
+
+    if (tool === "create_document") {
+      const collectionName = args?.collection as string;
+      const data = args?.data;
+
+      if (!collectionName || !data) {
+        return c.json({ error: "Missing 'collection' or 'data' argument" }, 400);
+      }
+
+      const collection = await db.selectFrom('fc_collections')
+        .select('id')
+        .where('slug', '=', collectionName)
+        .executeTakeFirst();
+
+      if (!collection) return c.json({ error: `Collection '${collectionName}' not found` }, 404);
+
+      const parsed = dynamicContentSchema.safeParse(data);
+      if (!parsed.success) return c.json({ error: parsed.error.format() }, 400);
+
+      const id = ulid();
+      const docData = parsed.data;
+
+      const baseSlug = docData.slug || docData.title?.toLowerCase().replace(/[^a-z0-9]+/g, '-') || id;
+      const slug = await ensureUniqueSlug(db, collectionName, baseSlug);
+      const status = docData.status || 'draft';
+
+      const doc = {
+        ...docData,
+        id,
+        slug,
+        status,
+      };
+
+      await db.insertInto(`ec_${collectionName}` as any)
+        .values(doc)
+        .execute();
+
+      return c.json({
+        content: [{ type: "text", text: `Success: Document created with ID ${id} and slug ${slug}` }]
+      });
+    }
+
+    if (tool === "update_document") {
+      const collectionName = args?.collection as string;
+      const id = args?.id as string;
+      const data = args?.data;
+
+      if (!collectionName || !id || !data) {
+        return c.json({ error: "Missing 'collection', 'id', or 'data' argument" }, 400);
+      }
+
+      const parsed = dynamicContentSchema.safeParse(data);
+      if (!parsed.success) return c.json({ error: parsed.error.format() }, 400);
+
+      // Handle slug change uniqueness
+      let finalData = { ...parsed.data };
+      if (finalData.slug) {
+        finalData.slug = await ensureUniqueSlug(db, collectionName, finalData.slug, id);
+      }
+
+      await db.updateTable(`ec_${collectionName}` as any)
+        .set({
+          ...finalData,
+          updated_at: sql`CURRENT_TIMESTAMP`
+        })
+        .where('id', '=', id)
+        .execute();
+
+      return c.json({
+        content: [{ type: "text", text: `Success: Document ${id} updated.` }]
+      });
+    }
+
+    if (tool === "create_collection") {
+      const data = args;
+      const parsed = collectionSchema.safeParse(data);
+      if (!parsed.success) return c.json({ error: parsed.error.format() }, 400);
+
+      const id = ulid();
+      const slug = parsed.data.slug;
+
+      await db.insertInto('fc_collections')
+        .values({
+          id,
+          slug,
+          label: parsed.data.label,
+          label_singular: parsed.data.labelSingular || null,
+          description: parsed.data.description || null,
+          icon: parsed.data.icon || null,
+          is_public: parsed.data.isPublic ? 1 : 0,
+        })
+        .execute();
+
+      await createCollectionTable(db, slug);
+
+      // Sync cache
+      await cache.invalidateSchema(c.env.KV, slug);
+      await cache.invalidateCollectionList(c.env.KV);
+
+      return c.json({
+        content: [{ type: "text", text: `Success: Collection '${slug}' created with ID ${id}` }]
+      });
+    }
+
+    if (tool === "update_collection") {
+      const id = args?.id as string;
+      const data = args?.data;
+
+      if (!id || !data) return c.json({ error: "Missing 'id' or 'data' argument" }, 400);
+
+      await db.updateTable('fc_collections')
+        .set({
+          ...data,
+          updated_at: sql`CURRENT_TIMESTAMP`
+        })
+        .where('id', '=', id)
+        .execute();
+
+      // Sync cache
+      const updatedCol = await db.selectFrom('fc_collections')
+        .select('slug')
+        .where('id', '=', id)
+        .executeTakeFirst();
+
+      if (updatedCol) {
+        await cache.invalidateSchema(c.env.KV, updatedCol.slug);
+        await cache.invalidateCollectionList(c.env.KV);
+      }
+
+      return c.json({
+        content: [{ type: "text", text: `Success: Collection ${id} updated.` }]
+      });
+    }
+
+    if (tool === "add_field") {
+      const collectionId = args?.collection_id as string;
+      const data = args?.field;
+
+      if (!collectionId || !data) return c.json({ error: "Missing 'collection_id' or 'field' argument" }, 400);
+
+      const parsed = fieldSchema.safeParse(data);
+      if (!parsed.success) return c.json({ error: parsed.error.format() }, 400);
+
+      const collection = await db.selectFrom('fc_collections')
+        .select('slug')
+        .where('id', '=', collectionId)
+        .executeTakeFirst();
+
+      if (!collection) return c.json({ error: 'Collection not found' }, 404);
+
+      const fieldId = ulid();
+      await db.insertInto('fc_fields')
+        .values({
+          id: fieldId,
+          collection_id: collectionId,
+          slug: parsed.data.slug,
+          label: parsed.data.label,
+          type: parsed.data.type,
+          required: parsed.data.required ? 1 : 0,
+        })
+        .execute();
+
+      await addFieldToTable(db, collection.slug, parsed.data.slug, parsed.data.type);
+
+      // Sync cache
+      await cache.invalidateSchema(c.env.KV, collection.slug);
+
+      return c.json({
+        content: [{ type: "text", text: `Success: Field '${parsed.data.slug}' added to collection '${collection.slug}'` }]
+      });
+    }
+
+    return c.json({ error: "Tool not found" }, 404);
+  } catch (error: any) {
+    return c.json({ error: `Server Error: ${error.message}` }, 500);
+  }
+});

package/src/api/routes/oauth.ts

@@ -0,0 +1,160 @@
+import { Hono } from 'hono';
+import { createDb } from '../../db';
+import { generateSessionToken } from '../../auth';
+import { setCookie } from 'hono/cookie';
+import { oauthCallbackSchema } from '../schemas/auth';
+import { ulid } from 'ulidx';
+import type { Bindings, Variables } from '../index';
+import { apiResponse } from '../lib/response';
+
+export const oauthRoutes = new Hono<{ Bindings: Bindings; Variables: Variables }>();
+
+// OAuth Login (Initiate Redirect)
+oauthRoutes.get('/github/login', (c) => {
+  const clientId = c.env.GITHUB_CLIENT_ID;
+  if (!clientId) return apiResponse.error(c, 'GitHub OAuth not configured', 500);
+
+  const redirectUri = encodeURIComponent(`https://${new URL(c.req.url).hostname}/api/oauth/github/callback`);
+  const scope = encodeURIComponent('read:user user:email');
+  
+  // Create secure random state parameter here to store in cookies usually
+  const state = Math.random().toString(36).substring(2);
+
+  return c.redirect(`https://github.com/login/oauth/authorize?client_id=${clientId}&redirect_uri=${redirectUri}&scope=${scope}&state=${state}`);
+});
+
+// OAuth Callback
+oauthRoutes.get('/github/callback', async (c) => {
+  const code = c.req.query('code');
+  if (!code) return apiResponse.error(c, 'Missing code');
+
+  const clientId = c.env.GITHUB_CLIENT_ID;
+  const clientSecret = c.env.GITHUB_CLIENT_SECRET;
+  
+  if (!clientId || !clientSecret) return apiResponse.error(c, 'GitHub OAuth not configured', 500);
+
+  const db = createDb(c.env.DB);
+
+  try {
+    // 1. Exchange Code for Access Token
+    const tokenRes = await fetch('https://github.com/login/oauth/access_token', {
+      method: 'POST',
+      headers: {
+        'Accept': 'application/json',
+        'Content-Type': 'application/json'
+      },
+      body: JSON.stringify({
+        client_id: clientId,
+        client_secret: clientSecret,
+        code
+      })
+    });
+    const tokenData: any = await tokenRes.json();
+    if (tokenData.error) throw new Error(tokenData.error_description || tokenData.error);
+
+    // 2. Fetch User Profile
+    const userRes = await fetch('https://api.github.com/user', {
+      headers: {
+        'Authorization': `Bearer ${tokenData.access_token}`,
+        'User-Agent': 'FlareCMS'
+      }
+    });
+    const userData: any = await userRes.json();
+
+    // 3. Fetch User Emails (GitHub separates primary email)
+    const emailRes = await fetch('https://api.github.com/user/emails', {
+      headers: {
+        'Authorization': `Bearer ${tokenData.access_token}`,
+        'User-Agent': 'FlareCMS'
+      }
+    });
+    const emailData: any[] = await emailRes.json();
+    const primaryEmail = emailData.find((e: any) => e.primary)?.email || userData.email;
+
+    if (!primaryEmail) throw new Error('No public email found in GitHub account');
+
+    // 4. Link or Provision User Account
+    const githubId = String(userData.id);
+    let user = await db.selectFrom('fc_oauth_accounts')
+      .innerJoin('fc_users', 'fc_oauth_accounts.user_id', 'fc_users.id')
+      .select(['fc_users.id', 'fc_users.disabled'])
+      .where('fc_oauth_accounts.provider_id', '=', 'github')
+      .where('fc_oauth_accounts.provider_user_id', '=', githubId)
+      .executeTakeFirst();
+
+    if (!user) {
+      // Look for existing user by email
+      let localUser = await db.selectFrom('fc_users').selectAll().where('email', '=', primaryEmail).executeTakeFirst();
+
+      if (!localUser) {
+        // 1. Check Registration Policy
+        const signupEnabled = await db.selectFrom('options').select('value').where('name', '=', 'flare:signup_enabled').executeTakeFirst();
+        const defaultRole = await db.selectFrom('options').select('value').where('name', '=', 'flare:signup_default_role').executeTakeFirst();
+        const domainRulesRaw = await db.selectFrom('options').select('value').where('name', '=', 'flare:signup_domain_rules').executeTakeFirst();
+        
+        const isEnabled = signupEnabled?.value === 'true';
+        const roleDefault = defaultRole?.value || 'editor';
+        const domainRules = JSON.parse(domainRulesRaw?.value || '{}') as Record<string, string>;
+
+        if (!isEnabled) {
+          throw new Error('Signups are currently disabled');
+        }
+
+        // Determine role based on domain
+        const domain = primaryEmail.split('@')[1];
+        const assignedRole = domainRules[domain] || roleDefault;
+
+        // Provision new user
+        localUser = {
+          id: ulid(),
+          email: primaryEmail,
+          password: null,
+          role: assignedRole,
+          disabled: 0,
+          created_at: new Date().toISOString(),
+          updated_at: new Date().toISOString()
+        };
+        await db.insertInto('fc_users').values(localUser as any).execute();
+      }
+
+      // Link Account
+      await db.insertInto('fc_oauth_accounts')
+        .values({
+          provider_id: 'github',
+          provider_user_id: githubId,
+          user_id: localUser.id
+        })
+        .execute();
+
+      user = localUser as any;
+    }
+
+    if (user!.disabled) return apiResponse.error(c, 'Account is disabled', 403);
+
+    // 5. Create Session
+    const sessionId = generateSessionToken();
+    const expiresAt = new Date();
+    expiresAt.setDate(expiresAt.getDate() + 30);
+
+    await db.insertInto('fc_sessions')
+      .values({
+        id: sessionId,
+        user_id: user!.id,
+        expires_at: expiresAt.toISOString(),
+      })
+      .execute();
+
+    setCookie(c, 'session', sessionId, {
+      httpOnly: true,
+      secure: true,
+      sameSite: 'Strict',
+      expires: expiresAt,
+      path: '/'
+    });
+
+    return c.redirect('/admin'); // Assuming frontend handles redirect logic to dashboard
+  } catch (error: any) {
+    return apiResponse.error(c, error.message);
+  }
+});
+

package/src/api/routes/settings.ts

@@ -0,0 +1,43 @@
+import { Hono } from 'hono';
+import { createDb } from '../../db';
+import { requireRole } from '../middlewares/rbac';
+import type { Bindings } from '../index';
+import { apiResponse } from '../lib/response';
+
+export const settingsRoutes = new Hono<{ Bindings: Bindings }>();
+
+// All settings operations require admin role
+settingsRoutes.use('/*', requireRole(['admin']));
+
+// Only admins can modify core settings
+settingsRoutes.get('/', async (c) => {
+  const db = createDb(c.env.DB);
+  const result = await db.selectFrom('options')
+    .selectAll()
+    .where('name', 'like', 'flare:%')
+    .execute();
+  return apiResponse.ok(c, result);
+});
+
+settingsRoutes.patch('/', requireRole(['admin']), async (c) => {
+  const body = await c.req.json();
+  const db = createDb(c.env.DB);
+
+  try {
+    for (const [key, value] of Object.entries(body)) {
+      const settingName = key.startsWith('flare:') ? key : `flare:${key}`;
+      await db.insertInto('options')
+        .values({
+          name: settingName,
+          value: String(value)
+        })
+        .onConflict((oc) => oc.column('name').doUpdateSet({
+          value: String(value)
+        }))
+        .execute();
+    }
+    return apiResponse.ok(c, { success: true });
+  } catch (e: any) {
+    return apiResponse.error(c, e.message);
+  }
+});