npm - nca-ai-cms-astro-plugin - Versions diffs - 1.0.16 → 1.0.18 - Mend

nca-ai-cms-astro-plugin 1.0.16 → 1.0.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/package.json +1 -1
package/src/api/db/download.ts +35 -0
package/src/api/db/upload.test.ts +173 -0
package/src/api/db/upload.ts +87 -0
package/src/components/editor/SettingsTab.tsx +44 -0
package/src/index.ts +12 -0
package/update.md +29 -0

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "nca-ai-cms-astro-plugin",
-  "version": "1.0.16",
+  "version": "1.0.18",
   "type": "module",
   "exports": {
     ".": "./src/index.ts",

package/src/api/db/download.ts ADDED Viewed

@@ -0,0 +1,35 @@
+import type { APIRoute } from 'astro';
+import * as fs from 'fs/promises';
+import * as path from 'path';
+import { jsonError } from '../_utils';
+function getDbPath(): string {
+  const envPath = process.env.ASTRO_DATABASE_FILE;
+  if (envPath) {
+    const resolved = path.resolve(process.cwd(), envPath);
+    if (!resolved.startsWith(process.cwd())) {
+      throw new Error('Invalid database path');
+    }
+    return resolved;
+  }
+  return path.join(process.cwd(), '.astro', 'content.db');
+}
+export const GET: APIRoute = async () => {
+  try {
+    const dbPath = getDbPath();
+    const dbBuffer = await fs.readFile(dbPath);
+    const timestamp = new Date().toISOString().replace(/[:.]/g, '-').slice(0, 19);
+    return new Response(dbBuffer, {
+      status: 200,
+      headers: {
+        'Content-Type': 'application/x-sqlite3',
+        'Content-Disposition': `attachment; filename="content-${timestamp}.db"`,
+        'Content-Length': String(dbBuffer.length),
+      },
+    });
+  } catch {
+    return jsonError('Database file not found', 404);
+  }
+};

package/src/api/db/upload.test.ts ADDED Viewed

@@ -0,0 +1,173 @@
+import { describe, it, expect, vi, beforeEach } from 'vitest';
+import * as fs from 'fs/promises';
+const mockClose = vi.fn();
+const mockReconnect = vi.fn();
+vi.mock('astro:db', () => ({
+  db: {
+    $client: {
+      close: mockClose,
+      reconnect: mockReconnect,
+    },
+  },
+}));
+vi.mock('fs/promises', () => ({
+  writeFile: vi.fn().mockResolvedValue(undefined),
+  copyFile: vi.fn().mockResolvedValue(undefined),
+}));
+// SQLite file header
+const SQLITE_HEADER = Buffer.from('SQLite format 3\0');
+function createSqliteBuffer(size = 4096): Buffer {
+  const buf = Buffer.alloc(size);
+  SQLITE_HEADER.copy(buf);
+  return buf;
+}
+function createFormDataRequest(file: Buffer, fieldName = 'database'): Request {
+  const formData = new FormData();
+  formData.append(fieldName, new Blob([file]), 'test.db');
+  return new Request('http://localhost/api/db/upload', {
+    method: 'POST',
+    body: formData,
+  });
+}
+function createOctetStreamRequest(file: Buffer): Request {
+  return new Request('http://localhost/api/db/upload', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/octet-stream' },
+    body: file,
+  });
+}
+describe('DB Upload API', () => {
+  beforeEach(() => {
+    vi.clearAllMocks();
+    process.env.ASTRO_DATABASE_FILE = '.astro/content.db';
+  });
+  it('accepts a valid SQLite file via multipart/form-data', async () => {
+    const { POST } = await import('./upload.js');
+    const request = createFormDataRequest(createSqliteBuffer());
+    const response = await POST({ request } as any);
+    const data = await response.json();
+    expect(response.status).toBe(200);
+    expect(data.success).toBe(true);
+    expect(data.size).toBeGreaterThan(0);
+  });
+  it('accepts a valid SQLite file via application/octet-stream', async () => {
+    const { POST } = await import('./upload.js');
+    const request = createOctetStreamRequest(createSqliteBuffer());
+    const response = await POST({ request } as any);
+    const data = await response.json();
+    expect(response.status).toBe(200);
+    expect(data.success).toBe(true);
+  });
+  it('rejects non-SQLite files', async () => {
+    const { POST } = await import('./upload.js');
+    const badFile = Buffer.from('not a sqlite file');
+    const request = createFormDataRequest(badFile);
+    const response = await POST({ request } as any);
+    const data = await response.json();
+    expect(response.status).toBe(400);
+    expect(data.error).toContain('not a SQLite database');
+  });
+  it('rejects missing database field', async () => {
+    const { POST } = await import('./upload.js');
+    const formData = new FormData();
+    formData.append('wrongfield', new Blob([createSqliteBuffer()]), 'test.db');
+    const request = new Request('http://localhost/api/db/upload', {
+      method: 'POST',
+      body: formData,
+    });
+    const response = await POST({ request } as any);
+    const data = await response.json();
+    expect(response.status).toBe(400);
+    expect(data.error).toContain('No database file');
+  });
+  it('rejects invalid content type', async () => {
+    const { POST } = await import('./upload.js');
+    const request = new Request('http://localhost/api/db/upload', {
+      method: 'POST',
+      headers: { 'Content-Type': 'text/plain' },
+      body: 'hello',
+    });
+    const response = await POST({ request } as any);
+    const data = await response.json();
+    expect(response.status).toBe(400);
+    expect(data.error).toContain('Invalid content type');
+  });
+  it('creates a backup before writing', async () => {
+    const { POST } = await import('./upload.js');
+    const request = createFormDataRequest(createSqliteBuffer());
+    await POST({ request } as any);
+    expect(fs.copyFile).toHaveBeenCalled();
+  });
+  it('reconnects the DB client after successful upload', async () => {
+    const { POST } = await import('./upload.js');
+    const request = createFormDataRequest(createSqliteBuffer());
+    await POST({ request } as any);
+    expect(mockClose).toHaveBeenCalledOnce();
+    expect(mockReconnect).toHaveBeenCalledOnce();
+  });
+  it('rejects oversized file via multipart/form-data', async () => {
+    const { POST } = await import('./upload.js');
+    const oversized = createSqliteBuffer(50 * 1024 * 1024 + 1);
+    const request = createFormDataRequest(oversized);
+    const response = await POST({ request } as any);
+    const data = await response.json();
+    expect(response.status).toBe(413);
+    expect(data.error).toContain('too large');
+  });
+  it('rejects oversized file via application/octet-stream', async () => {
+    const { POST } = await import('./upload.js');
+    const oversized = createSqliteBuffer(50 * 1024 * 1024 + 1);
+    const request = createOctetStreamRequest(oversized);
+    const response = await POST({ request } as any);
+    const data = await response.json();
+    expect(response.status).toBe(413);
+    expect(data.error).toContain('too large');
+  });
+  it('still succeeds if reconnect is not available', async () => {
+    const { POST } = await import('./upload.js');
+    mockClose.mockImplementation(() => { throw new Error('not available'); });
+    const request = createFormDataRequest(createSqliteBuffer());
+    const response = await POST({ request } as any);
+    const data = await response.json();
+    expect(response.status).toBe(200);
+    expect(data.success).toBe(true);
+  });
+});

package/src/api/db/upload.ts ADDED Viewed

@@ -0,0 +1,87 @@
+import type { APIRoute } from 'astro';
+import * as fs from 'fs/promises';
+import * as path from 'path';
+import { jsonResponse, jsonError } from '../_utils';
+// @ts-ignore - resolved by Astro build pipeline
+import { db } from 'astro:db';
+const MAX_DB_SIZE = 50 * 1024 * 1024; // 50 MB
+function getDbPath(): string {
+  const envPath = process.env.ASTRO_DATABASE_FILE;
+  if (envPath) {
+    const resolved = path.resolve(process.cwd(), envPath);
+    if (!resolved.startsWith(process.cwd())) {
+      throw new Error('Invalid database path');
+    }
+    return resolved;
+  }
+  return path.join(process.cwd(), '.astro', 'content.db');
+}
+export const POST: APIRoute = async ({ request }) => {
+  try {
+    const dbPath = getDbPath();
+    const contentType = request.headers.get('content-type') || '';
+    let dbBuffer: Buffer;
+    if (contentType.includes('multipart/form-data')) {
+      const formData = await request.formData();
+      const file = formData.get('database') as File | null;
+      if (!file) {
+        return jsonError('No database file provided. Use field name "database".', 400);
+      }
+      if (file.size > MAX_DB_SIZE) {
+        return jsonError('File too large. Maximum 50 MB.', 413);
+      }
+      const arrayBuffer = await file.arrayBuffer();
+      dbBuffer = Buffer.from(arrayBuffer);
+    } else if (contentType.includes('application/octet-stream')) {
+      const arrayBuffer = await request.arrayBuffer();
+      dbBuffer = Buffer.from(arrayBuffer);
+      if (dbBuffer.length > MAX_DB_SIZE) {
+        return jsonError('File too large. Maximum 50 MB.', 413);
+      }
+    } else {
+      return jsonError('Invalid content type. Use multipart/form-data or application/octet-stream.', 400);
+    }
+    // SQLite validation
+    const header = dbBuffer.subarray(0, 16).toString('utf8');
+    if (!header.startsWith('SQLite format 3')) {
+      return jsonError('Invalid file: not a SQLite database.', 400);
+    }
+    // Backup current DB before overwriting
+    try {
+      await fs.copyFile(dbPath, `${dbPath}.backup`);
+    } catch {
+      // No existing DB to backup
+    }
+    await fs.writeFile(dbPath, dbBuffer);
+    // Reconnect DB client to pick up the new file
+    try {
+      const client = (db as any).$client;
+      if (client?.close && client?.reconnect) {
+        await client.close();
+        await client.reconnect();
+      }
+    } catch {
+      // Reconnect not available — manual restart needed
+    }
+    return jsonResponse({
+      success: true,
+      size: dbBuffer.length,
+    });
+  } catch {
+    return jsonError('Database upload failed', 500);
+  }
+};

package/src/components/editor/SettingsTab.tsx CHANGED Viewed

@@ -289,6 +289,50 @@ export function SettingsTab() {
         ))}
       </div>
+      {/* Database Management — only on Website tab */}
+      {activeSubTab === 'website' && (
+        <div style={{ ...styles.plannerForm, flexDirection: 'row', alignItems: 'center' }}>
+          <span style={{ ...styles.label, marginRight: 'auto' }}>Datenbank-Verwaltung</span>
+          <a
+            href="/api/db/download"
+            style={{ ...styles.editButton, textDecoration: 'none', display: 'inline-flex', alignItems: 'center', gap: '0.4rem' }}
+          >
+            ↓ DB herunterladen
+          </a>
+          <label style={{ ...styles.editButton, cursor: 'pointer', display: 'inline-flex', alignItems: 'center', gap: '0.4rem', margin: 0 }}>
+            ↑ DB hochladen
+            <input
+              type="file"
+              accept=".db,.sqlite,.sqlite3"
+              style={styles.srOnly}
+              onChange={async (e) => {
+                const file = e.target.files?.[0];
+                if (!file) return;
+                if (!confirm(`Datenbank "${file.name}" hochladen? Die aktuelle DB wird ueberschrieben.`)) {
+                  e.target.value = '';
+                  return;
+                }
+                const formData = new FormData();
+                formData.append('database', file);
+                try {
+                  const res = await fetch('/api/db/upload', { method: 'POST', body: formData });
+                  const data = await res.json();
+                  if (res.ok) {
+                    alert('Datenbank hochgeladen. Seite wird neu geladen.');
+                    window.location.reload();
+                  } else {
+                    alert('Fehler: ' + (data.error || 'Upload fehlgeschlagen'));
+                  }
+                } catch {
+                  alert('Upload fehlgeschlagen');
+                }
+                e.target.value = '';
+              }}
+            />
+          </label>
+        </div>
+      )}
       {loading && (
         <div style={styles.loadingBox}>Einstellungen werden geladen...</div>
       )}

package/src/index.ts CHANGED Viewed

@@ -181,6 +181,18 @@ export default function ncaAiCms(
           prerender: false,
         });
+        // Inject DB management routes (auth-protected via middleware)
+        injectRoute({
+          pattern: '/api/db/download',
+          entrypoint: 'nca-ai-cms-astro-plugin/api/db/download.ts',
+          prerender: false,
+        });
+        injectRoute({
+          pattern: '/api/db/upload',
+          entrypoint: 'nca-ai-cms-astro-plugin/api/db/upload.ts',
+          prerender: false,
+        });
         // Inject auth routes
         injectRoute({
           pattern: '/api/auth/login',

package/update.md CHANGED Viewed

@@ -1,3 +1,32 @@
+# v1.0.18
+## Fix: DB upload reconnects client after file replacement
+- After writing the new SQLite file, the libsql client is closed and reconnected via `db.$client.close()` / `db.$client.reconnect()`
+- Close and reconnect calls are now properly awaited to prevent race conditions with async DB operations
+- Changes from uploaded database are immediately visible without node restart
+- Graceful fallback: if reconnect is not available, upload still succeeds (manual restart needed)
+## Tests: DB upload endpoint coverage
+- 10 tests covering upload endpoint — validation, backup, reconnect behavior, size limits
+- Added size limit rejection tests for both `multipart/form-data` and `application/octet-stream` content types
+- Tests verify 50 MB max file size is enforced with proper 413 status response
+---
+# v1.0.17
+## Feature: Database download/upload via Editor UI
+- New GET `/api/db/download` endpoint — exports SQLite database as file download with timestamp
+- New POST `/api/db/upload` endpoint — imports SQLite database with validation and backup
+- Download/Upload buttons in Editor → Einstellungen → Website tab
+- Path traversal protection: database path validated against project root
+- File size limit: 50 MB max upload
+- SQLite header validation on upload (rejects non-SQLite files)
+- Automatic backup of current DB before overwrite (`content.db.backup`)
+- Both routes auth-protected via existing middleware
+---
 # v1.0.16
 ## Feature: Pages content type with flat URL structure