npm - mktcms - Versions diffs - 0.2.13 → 0.2.14 - Mend

mktcms 0.2.13 → 0.2.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (48) hide show

package/README.md +5 -3
package/dist/module.json +1 -1
package/dist/module.mjs +8 -5
package/dist/runtime/app/components/content/index.vue +5 -17
package/dist/runtime/app/components/content/upload.vue +7 -3
package/dist/runtime/app/composables/useFileType.js +6 -6
package/dist/runtime/app/pages/admin/login.vue +34 -7
package/dist/runtime/server/api/admin/blob.js +4 -3
package/dist/runtime/server/api/admin/csv.js +3 -2
package/dist/runtime/server/api/admin/csv.post.js +6 -4
package/dist/runtime/server/api/admin/delete.js +6 -4
package/dist/runtime/server/api/admin/download.js +11 -8
package/dist/runtime/server/api/admin/git-branch.js +3 -2
package/dist/runtime/server/api/admin/git-history.js +3 -2
package/dist/runtime/server/api/admin/git-update-status.js +3 -2
package/dist/runtime/server/api/admin/git-update.post.js +2 -2
package/dist/runtime/server/api/admin/image.post.js +14 -10
package/dist/runtime/server/api/admin/list.js +11 -6
package/dist/runtime/server/api/admin/login.js +6 -4
package/dist/runtime/server/api/admin/logout.js +2 -1
package/dist/runtime/server/api/admin/md.js +3 -2
package/dist/runtime/server/api/admin/md.post.js +6 -4
package/dist/runtime/server/api/admin/pdf.post.js +13 -9
package/dist/runtime/server/api/admin/txt.js +3 -2
package/dist/runtime/server/api/admin/txt.post.js +6 -4
package/dist/runtime/server/api/admin/upload.js +10 -6
package/dist/runtime/server/api/content/[path].js +14 -12
package/dist/runtime/server/api/content/list.js +9 -7
package/dist/runtime/server/middleware/auth.js +2 -1
package/dist/runtime/server/utils/authCookie.d.ts +9 -0
package/dist/runtime/server/utils/authCookie.js +12 -0
package/dist/runtime/server/utils/contentKey.d.ts +2 -0
package/dist/runtime/server/utils/contentKey.js +67 -0
package/dist/runtime/server/utils/gitErrorSanitization.d.ts +1 -0
package/dist/runtime/server/utils/gitErrorSanitization.js +17 -0
package/dist/runtime/server/utils/gitVersioning.d.ts +1 -2
package/dist/runtime/server/utils/gitVersioning.js +2 -13
package/dist/runtime/server/utils/loginRateLimit.d.ts +4 -0
package/dist/runtime/server/utils/loginRateLimit.js +72 -0
package/dist/runtime/server/utils/uploadGuard.d.ts +2 -0
package/dist/runtime/server/utils/uploadGuard.js +20 -0
package/dist/runtime/shared/contentFiles.d.ts +15 -0
package/dist/runtime/shared/contentFiles.js +38 -0
package/package.json +1 -1
package/dist/runtime/app/composables/useImport.d.ts +0 -6
package/dist/runtime/app/composables/useImport.js +0 -37
package/dist/runtime/server/api/admin/import.d.ts +0 -5
package/dist/runtime/server/api/admin/import.js +0 -86

package/dist/runtime/server/api/admin/import.js DELETED Viewed

@@ -1,86 +0,0 @@
-import { createError, defineEventHandler, readMultipartFormData } from "h3";
-import { useStorage } from "nitropack/runtime";
-import path from "node:path";
-import unzipper from "unzipper";
-function sanitizePathSegment(segment) {
-  return segment.replace(/[/:\\]/g, "_").replace(/\0/g, "");
-}
-function zipPathToColonKey(entryPath) {
-  const original = entryPath.replace(/\\/g, "/");
-  if (original.startsWith("/")) {
-    return "";
-  }
-  let p = original.replace(/^\.\//, "");
-  if (/^[a-z]:\//i.test(p)) {
-    return "";
-  }
-  if (!p || p.includes("\0")) {
-    return "";
-  }
-  p = path.posix.normalize(p);
-  if (p === "." || p === ".." || p.startsWith("../") || p.includes("/../")) {
-    return "";
-  }
-  const parts = p.split("/").filter(Boolean);
-  if (parts.some((part) => part === "." || part === "..")) {
-    return "";
-  }
-  const sanitizedParts = parts.map(sanitizePathSegment);
-  return sanitizedParts.join(":");
-}
-export default defineEventHandler(async (event) => {
-  const form = await readMultipartFormData(event);
-  if (!form) {
-    throw createError({
-      statusCode: 400,
-      statusMessage: "No form data received"
-    });
-  }
-  const file = form.find((item) => item.name === "file");
-  if (!file) {
-    throw createError({
-      statusCode: 400,
-      statusMessage: "Missing file"
-    });
-  }
-  if (!file.filename || !file.data) {
-    throw createError({
-      statusCode: 400,
-      statusMessage: "Invalid file upload"
-    });
-  }
-  const allowedExtensions = [".zip"];
-  const fileExtension = file.filename.toLowerCase().slice(file.filename.lastIndexOf("."));
-  if (!allowedExtensions.includes(fileExtension)) {
-    throw createError({
-      statusCode: 400,
-      statusMessage: "Invalid file type. Only ZIP files are allowed for import."
-    });
-  }
-  const zipBuffer = Buffer.isBuffer(file.data) ? file.data : Buffer.from(file.data);
-  let zip;
-  try {
-    zip = await unzipper.Open.buffer(zipBuffer);
-  } catch {
-    throw createError({ statusCode: 400, statusMessage: "Invalid ZIP file" });
-  }
-  const storage = useStorage("content");
-  const written = /* @__PURE__ */ new Set();
-  for (const entry of zip.files) {
-    if (!entry.path) {
-      continue;
-    }
-    if (entry.type === "Directory") continue;
-    const fileColonKey = zipPathToColonKey(entry.path);
-    if (!fileColonKey) {
-      throw createError({
-        statusCode: 400,
-        statusMessage: `Invalid ZIP entry path: ${entry.path}`
-      });
-    }
-    const data = await entry.buffer();
-    await storage.setItemRaw(fileColonKey, data);
-    written.add(fileColonKey);
-  }
-  return { success: true, count: written.size };
-});