nextjs-cms 0.9.21 → 0.9.23

package/dist/api/trpc/routers/admins.js

@@ -0,0 +1,331 @@
+import { router, privateProcedure } from '../trpc.js';
+import * as z from 'zod';
+import { getAdminsList, getAllPrivileges, isAccessAllowed } from '../../actions/privileges.js';
+import { db } from '../../../db/client.js';
+import { AccessTokensTable, AdminPrivilegesTable, AdminsTable } from '../../../db/schema.js';
+import { eq } from 'drizzle-orm';
+import { TRPCError } from '@trpc/server';
+import bcrypt from 'bcrypt';
+import { customAlphabet } from 'nanoid';
+import getString from '../../../translations/index.js';
+import path from 'path';
+import fs from 'fs';
+import { getCMSConfig } from '../../../core/config/index.js';
+import { getRequestMetadataFromHeaders, recordLog } from '../../../logging/index.js';
+export const adminsRouter = router({
+    list: privateProcedure.query(async ({ ctx }) => {
+        const accessAllowed = await isAccessAllowed({
+            sectionName: 'admins',
+            userId: ctx.session.user.id,
+        });
+        if (!accessAllowed) {
+            return {
+                error: {
+                    message: getString('sectionNotFound', ctx.session.user.language),
+                },
+            };
+        }
+        const data = await Promise.all([getAdminsList(), getAllPrivileges(ctx.session)]);
+        const adminList = data[0];
+        const privileges = data[1];
+        return {
+            admins: adminList,
+            privileges: privileges,
+        };
+    }),
+    get: privateProcedure.input(z.string()).query(async (opts) => {
+        const accessAllowed = await isAccessAllowed({
+            sectionName: 'admins',
+            userId: opts.ctx.session.user.id,
+        });
+        if (!accessAllowed) {
+            throw new TRPCError({
+                code: 'NOT_FOUND',
+                message: getString('sectionNotFound', opts.ctx.session.user.language),
+            });
+        }
+        const data = await Promise.all([
+            db
+                .select({
+                id: AdminsTable.id,
+                user: AdminsTable.user,
+            })
+                .from(AdminsTable)
+                .where(eq(AdminsTable.id, opts.input)),
+            db
+                .select({
+                sectionName: AdminPrivilegesTable.sectionName,
+                operations: AdminPrivilegesTable.operations,
+                publisher: AdminPrivilegesTable.publisher,
+            })
+                .from(AdminPrivilegesTable)
+                .where(eq(AdminPrivilegesTable.adminId, opts.input)),
+            getAllPrivileges(opts.ctx.session),
+        ]);
+        const adminRows = data[0];
+        const adminRoles = data[1];
+        const allRoles = data[2];
+        const adminData = adminRows[0];
+        if (!adminData) {
+            throw new TRPCError({
+                code: 'BAD_REQUEST',
+                message: 'Admin not found',
+            });
+        }
+        return {
+            admin: adminData,
+            adminRoles: adminRoles,
+            allRoles: allRoles,
+        };
+    }),
+    create: privateProcedure
+        .input(z.object({
+        username: z.string(),
+        password: z.string(),
+        privileges: z.array(z.object({
+            sectionName: z.string(),
+            publisher: z.boolean().nullable(),
+            operations: z.string(),
+        })),
+    }))
+        .mutation(async ({ ctx, input }) => {
+        const requestMetadata = getRequestMetadataFromHeaders(ctx.headers);
+        const accessAllowed = await isAccessAllowed({
+            sectionName: 'admins',
+            userId: ctx.session.user.id,
+        });
+        if (!accessAllowed) {
+            throw new TRPCError({
+                code: 'NOT_FOUND',
+                message: getString('sectionNotFound', ctx.session.user.language),
+            });
+        }
+        /**
+         * First, let's check if the username already exists
+         */
+        const usernameExists = await db.select().from(AdminsTable).where(eq(AdminsTable.user, input.username));
+        /**
+         * If the username already exists, throw an error
+         */
+        if (usernameExists.length > 0) {
+            throw new TRPCError({
+                code: 'BAD_REQUEST',
+                message: getString('adminAlreadyExists', ctx.session.user.language),
+            });
+        }
+        /**
+         * Let's filter the privileges to remove the ones that has operations set to 'none'
+         */
+        const filteredPrivileges = input.privileges.filter((privilege) => privilege.operations !== 'none');
+        /**
+         * If the filtered privileges are empty, throw an error
+         */
+        if (filteredPrivileges.length === 0) {
+            throw new TRPCError({
+                code: 'BAD_REQUEST',
+                message: getString('selectAtLeastOnePrivilege', ctx.session.user.language),
+            });
+        }
+        /**
+         * Hash password with bcrypt
+         */
+        const hashedPassword = await bcrypt.hash(input.password, 10);
+        const id = customAlphabet('1234567890', 25)();
+        /**
+         * Now, let's prepare the rows to be inserted into the admin_privileges table
+         */
+        const rows = filteredPrivileges.map((privilege) => ({
+            adminId: id,
+            sectionName: privilege.sectionName,
+            operations: privilege.operations,
+            publisher: privilege.publisher,
+        }));
+        /**
+         * Insert admin and privileges atomically
+         */
+        await db.transaction(async (tx) => {
+            await tx.insert(AdminsTable).values({
+                id: id,
+                pass: hashedPassword,
+                user: input.username,
+            });
+            await tx.insert(AdminPrivilegesTable).values(rows);
+        });
+        await recordLog({
+            eventType: 'admin.section.create',
+            actorId: ctx.session.user.id,
+            actorUsername: ctx.session.user.name ?? null,
+            entityType: 'admin',
+            entityId: id,
+            entityLabel: input.username,
+            sectionName: 'admins',
+            metadata: {
+                privileges: rows.map((privilege) => ({
+                    sectionName: privilege.sectionName,
+                    operations: privilege.operations,
+                    publisher: privilege.publisher,
+                })),
+            },
+            requestMetadata,
+        });
+        return {
+            status: 'success',
+            id,
+        };
+    }),
+    update: privateProcedure
+        .input(z.object({
+        id: z.string(),
+        privileges: z.array(z.object({
+            sectionName: z.string(),
+            publisher: z.boolean().nullable(),
+            operations: z.string(),
+        })),
+    }))
+        .mutation(async ({ ctx, input }) => {
+        const requestMetadata = getRequestMetadataFromHeaders(ctx.headers);
+        const accessAllowed = await isAccessAllowed({
+            sectionName: 'admins',
+            userId: ctx.session.user.id,
+        });
+        if (!accessAllowed) {
+            throw new TRPCError({
+                code: 'NOT_FOUND',
+                message: getString('sectionNotFound', ctx.session.user.language),
+            });
+        }
+        /**
+         * First, let's check if the admin exists
+         */
+        const adminRows = await db.select().from(AdminsTable).where(eq(AdminsTable.id, input.id));
+        const admin = adminRows[0];
+        /**
+         * If the admin doens't exist, throw an error
+         */
+        if (!admin) {
+            throw new TRPCError({
+                code: 'BAD_REQUEST',
+                message: getString('adminDoesNotExist', ctx.session.user.language),
+            });
+        }
+        /**
+         * Let's filter the privileges to remove the ones that has operations set to 'none'
+         */
+        const filteredPrivileges = input.privileges.filter((privilege) => privilege.operations !== 'none');
+        /**
+         * If the filtered privileges are empty, throw an error
+         */
+        if (filteredPrivileges.length === 0) {
+            throw new TRPCError({
+                code: 'BAD_REQUEST',
+                message: getString('selectAtLeastOnePrivilege', ctx.session.user.language),
+            });
+        }
+        /**
+         * Now, let's prepare the rows to be inserted into the admin_privileges table
+         */
+        const rows = filteredPrivileges.map((privilege) => ({
+            adminId: input.id,
+            sectionName: privilege.sectionName,
+            operations: privilege.operations,
+            publisher: privilege.publisher,
+        }));
+        /**
+         * Delete and then insert the privileges into the admin_privileges table atomically
+         */
+        await db.transaction(async (tx) => {
+            await tx.delete(AdminPrivilegesTable).where(eq(AdminPrivilegesTable.adminId, input.id));
+            await tx.insert(AdminPrivilegesTable).values(rows);
+        });
+        await recordLog({
+            eventType: 'admin.section.update',
+            actorId: ctx.session.user.id,
+            actorUsername: ctx.session.user.name ?? null,
+            entityType: 'admin',
+            entityId: input.id,
+            entityLabel: admin.user ?? null,
+            sectionName: 'admins',
+            metadata: {
+                privileges: rows.map((privilege) => ({
+                    sectionName: privilege.sectionName,
+                    operations: privilege.operations,
+                    publisher: privilege.publisher,
+                })),
+            },
+            requestMetadata,
+        });
+        return {
+            status: 'success',
+        };
+    }),
+    remove: privateProcedure
+        .input(z.object({
+        id: z.string(),
+    }))
+        .mutation(async ({ ctx, input }) => {
+        const requestMetadata = getRequestMetadataFromHeaders(ctx.headers);
+        const accessAllowed = await isAccessAllowed({
+            sectionName: 'admins',
+            userId: ctx.session.user.id,
+        });
+        if (!accessAllowed) {
+            throw new TRPCError({
+                code: 'NOT_FOUND',
+                message: getString('sectionNotFound', ctx.session.user.language),
+            });
+        }
+        const uploadsFolder = (await getCMSConfig()).media.upload.path;
+        /**
+         * Check if the admin is not the master admin
+         */
+        if (input.id === '1') {
+            throw new TRPCError({
+                code: 'BAD_REQUEST',
+                message: getString('masterAdminCannotBeDeleted', ctx.session.user.language),
+            });
+        }
+        /**
+         * Check if the admin exists
+         */
+        const adminResult = await db.select().from(AdminsTable).where(eq(AdminsTable.id, input.id));
+        const admin = adminResult[0];
+        if (!admin) {
+            throw new TRPCError({
+                code: 'BAD_REQUEST',
+                message: getString('adminNotFound', ctx.session.user.language),
+            });
+        }
+        /**
+         * Delete privileges, access tokens, and admin row atomically.
+         * Access tokens must be deleted before the admin row due to FK constraint.
+         */
+        await db.transaction(async (tx) => {
+            await tx.delete(AdminPrivilegesTable).where(eq(AdminPrivilegesTable.adminId, input.id));
+            await tx.delete(AccessTokensTable).where(eq(AccessTokensTable.adminId, input.id));
+            await tx.delete(AdminsTable).where(eq(AdminsTable.id, input.id));
+        });
+        /**
+         * Remove the admin avatar. Failure here must not undo the DB deletion above,
+         * so swallow filesystem errors (file may already be missing).
+         */
+        if (admin.coverphoto) {
+            await fs.promises
+                .rm(path.join(uploadsFolder, '.thumbs', 'admins', admin.coverphoto), { force: true })
+                .catch(() => { });
+        }
+        await recordLog({
+            eventType: 'admin.section.delete',
+            actorId: ctx.session.user.id,
+            actorUsername: ctx.session.user.name ?? null,
+            entityType: 'admin',
+            entityId: input.id,
+            entityLabel: admin.user ?? null,
+            sectionName: 'admins',
+            metadata: {
+                hadAvatar: Boolean(admin.coverphoto),
+            },
+            requestMetadata,
+        });
+        return true;
+    }),
+});

package/dist/api/trpc/routers/auth.d.ts

@@ -0,0 +1,54 @@
+import * as z from 'zod';
+export declare const authRouter: import("@trpc/server").TRPCBuiltRouter<{
+    ctx: {
+        headers: Headers;
+        db: import("drizzle-orm/mysql2").MySql2Database<typeof import("../../../db/schema.js")> & {
+            $client: import("mysql2/promise").Pool;
+        };
+        session: import("../../../index.js").Session | null;
+    };
+    meta: object;
+    errorShape: {
+        data: {
+            zodError: z.core.$ZodFlattenedError<unknown, string> | null;
+            code: import("@trpc/server").TRPC_ERROR_CODE_KEY;
+            httpStatus: number;
+            path?: string;
+            stack?: string;
+        };
+        message: string;
+        code: import("@trpc/server").TRPC_ERROR_CODE_NUMBER;
+    };
+    transformer: true;
+}, import("@trpc/server").TRPCDecorateCreateRouterOptions<{
+    login: import("@trpc/server").TRPCMutationProcedure<{
+        input: {
+            username: string;
+            password: string;
+        };
+        output: {
+            status: number;
+            session: {
+                user: {
+                    id: string;
+                    name: string;
+                    language: string;
+                };
+            };
+            user: {
+                id: string;
+                username: string;
+                lang: string;
+                avatar: string | null;
+            };
+            accessToken: string;
+        };
+        meta: object;
+    }>;
+    logout: import("@trpc/server").TRPCMutationProcedure<{
+        input: void;
+        output: boolean;
+        meta: object;
+    }>;
+}>>;
+//# sourceMappingURL=auth.d.ts.map

package/dist/api/trpc/routers/auth.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"auth.d.ts","sourceRoot":"","sources":["../../../../src/api/trpc/routers/auth.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAA;AAKxB,eAAO,MAAM,UAAU;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAkDrB,CAAA"}

package/dist/api/trpc/routers/auth.js

@@ -0,0 +1,50 @@
+import { privateProcedure, publicProcedure, router } from '../trpc.js';
+import * as z from 'zod';
+import { TRPCError } from '@trpc/server';
+import { deleteSession, login } from '../../../auth/lib/index.js';
+import { getRequestMetadataFromHeaders, recordLog } from '../../../logging/index.js';
+export const authRouter = router({
+    login: publicProcedure
+        .input(z.object({
+        username: z.string(),
+        password: z.string(),
+    }))
+        .mutation(async (opts) => {
+        try {
+            const requestMetadata = getRequestMetadataFromHeaders(opts.ctx.headers);
+            const result = await login(opts.input);
+            await recordLog({
+                eventType: 'auth.login',
+                actorId: result.user?.id ?? null,
+                actorUsername: result.user?.username ?? null,
+                entityType: 'admin',
+                entityId: result.user?.id ?? null,
+                entityLabel: result.user?.username ?? null,
+                sectionName: 'auth',
+                requestMetadata,
+            });
+            return result;
+        }
+        catch (error) {
+            throw new TRPCError({
+                code: 'BAD_REQUEST',
+                message: error.message,
+            });
+        }
+    }),
+    logout: privateProcedure.mutation(async (opts) => {
+        const requestMetadata = getRequestMetadataFromHeaders(opts.ctx.headers);
+        const result = await deleteSession(opts.ctx.session);
+        await recordLog({
+            eventType: 'auth.logout',
+            actorId: opts.ctx.session.user.id,
+            actorUsername: opts.ctx.session.user.name ?? null,
+            entityType: 'admin',
+            entityId: opts.ctx.session.user.id,
+            entityLabel: opts.ctx.session.user.name ?? null,
+            sectionName: 'auth',
+            requestMetadata,
+        });
+        return result;
+    }),
+});

package/dist/api/trpc/routers/categorySection.d.ts

@@ -0,0 +1,105 @@
+import * as z from 'zod';
+export declare const categorySectionRouter: import("@trpc/server").TRPCBuiltRouter<{
+    ctx: {
+        headers: Headers;
+        db: import("drizzle-orm/mysql2").MySql2Database<typeof import("../../../db/schema.js")> & {
+            $client: import("mysql2/promise").Pool;
+        };
+        session: import("../../../index.js").Session | null;
+    };
+    meta: object;
+    errorShape: {
+        data: {
+            zodError: z.core.$ZodFlattenedError<unknown, string> | null;
+            code: import("@trpc/server").TRPC_ERROR_CODE_KEY;
+            httpStatus: number;
+            path?: string;
+            stack?: string;
+        };
+        message: string;
+        code: import("@trpc/server").TRPC_ERROR_CODE_NUMBER;
+    };
+    transformer: true;
+}, import("@trpc/server").TRPCDecorateCreateRouterOptions<{
+    get: import("@trpc/server").TRPCQueryProcedure<{
+        input: {
+            sectionName: string;
+        };
+        output: {
+            error: {
+                message: string;
+            };
+            section?: undefined;
+            data?: undefined;
+        } | {
+            section: {
+                tableName: string;
+                sectionName: string;
+                title: {
+                    section: string;
+                    singular: string;
+                    plural: string;
+                };
+            };
+            data: {
+                options: {
+                    value: string | number;
+                    label: string;
+                }[] | undefined;
+                required: boolean;
+                name: string;
+                label: string;
+                value: {
+                    value: string | number;
+                    label: string;
+                }[] | undefined;
+                parentId: string | number | undefined;
+                level: number;
+                depth: number | undefined;
+                sectionName: string;
+                allowRecursiveDelete: boolean | undefined;
+            };
+            error?: undefined;
+        };
+        meta: object;
+    }>;
+    getChildren: import("@trpc/server").TRPCMutationProcedure<{
+        input: {
+            sectionName: string;
+            parentId: string | number | undefined;
+            level: number;
+        };
+        output: {
+            error: {
+                message: string;
+            };
+            options?: undefined;
+            parentId?: undefined;
+            level?: undefined;
+        } | {
+            options: null;
+            parentId: string | number;
+            level: number;
+            error?: undefined;
+        } | {
+            options: {
+                value: any;
+                label: any;
+            }[];
+            parentId: string | number;
+            level: number;
+            error?: undefined;
+        } | undefined;
+        meta: object;
+    }>;
+    deleteItem: import("@trpc/server").TRPCMutationProcedure<{
+        input: {
+            sectionName: string;
+            sectionItemId: string | number;
+            deleteChildren?: boolean | undefined;
+        };
+        output: boolean;
+        meta: object;
+    }>;
+}>>;
+//# sourceMappingURL=categorySection.d.ts.map

package/dist/api/trpc/routers/categorySection.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"categorySection.d.ts","sourceRoot":"","sources":["../../../../src/api/trpc/routers/categorySection.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,CAAC,MAAM,KAAK,CAAA;AAKxB,eAAO,MAAM,qBAAqB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4DhC,CAAA"}

package/dist/api/trpc/routers/categorySection.js

@@ -0,0 +1,49 @@
+import { privateProcedure, router } from '../trpc.js';
+import * as z from 'zod';
+import { deleteSectionItem, getCategorySection, getCategorySectionChildren } from '../../actions/pages.js';
+import { getRequestMetadataFromHeaders } from '../../../logging/index.js';
+import { TRPCError } from '@trpc/server';
+export const categorySectionRouter = router({
+    get: privateProcedure
+        .input(z.object({
+        sectionName: z.string(),
+    }))
+        .query(async ({ ctx, input }) => {
+        return await getCategorySection(ctx.session, input.sectionName);
+    }),
+    getChildren: privateProcedure
+        .input(z.object({
+        sectionName: z.string(),
+        parentId: z.number().or(z.string()).or(z.undefined()),
+        level: z.number(),
+    }))
+        .mutation(async ({ ctx, input }) => {
+        if (input.parentId === undefined) {
+            return undefined;
+        }
+        return await getCategorySectionChildren({
+            session: ctx.session,
+            sectionName: input.sectionName,
+            id: input.parentId,
+            level: input.level,
+        });
+    }),
+    deleteItem: privateProcedure
+        .input(z.object({
+        sectionName: z.string(),
+        sectionItemId: z.number().or(z.string()),
+        deleteChildren: z.boolean().optional(),
+    }))
+        .mutation(async ({ ctx, input }) => {
+        const requestMetadata = getRequestMetadataFromHeaders(ctx.headers);
+        const result = await deleteSectionItem(ctx.session, input.sectionName, input.sectionItemId, input.deleteChildren, requestMetadata);
+        if (result && typeof result === 'object' && 'error' in result) {
+            const message = result.error?.message ?? 'Failed to delete section item';
+            throw new TRPCError({
+                code: 'BAD_REQUEST',
+                message,
+            });
+        }
+        return result;
+    }),
+});

package/dist/api/trpc/routers/config.d.ts

@@ -0,0 +1,48 @@
+/**
+ * Config router. Exposes non-sensitive config (e.g. i18n) to authenticated clients.
+ */
+export declare const configRouter: import("@trpc/server").TRPCBuiltRouter<{
+    ctx: {
+        headers: Headers;
+        db: import("drizzle-orm/mysql2").MySql2Database<typeof import("../../../db/schema.js")> & {
+            $client: import("mysql2/promise").Pool;
+        };
+        session: import("../../../index.js").Session | null;
+    };
+    meta: object;
+    errorShape: {
+        data: {
+            zodError: import("zod").ZodFlattenedError<unknown, string> | null;
+            code: import("@trpc/server").TRPC_ERROR_CODE_KEY;
+            httpStatus: number;
+            path?: string;
+            stack?: string;
+        };
+        message: string;
+        code: import("@trpc/server").TRPC_ERROR_CODE_NUMBER;
+    };
+    transformer: true;
+}, import("@trpc/server").TRPCDecorateCreateRouterOptions<{
+    getI18n: import("@trpc/server").TRPCQueryProcedure<{
+        input: void;
+        output: {
+            supportedLanguages: readonly string[];
+            fallbackLanguage: string;
+        };
+        meta: object;
+    }>;
+    getLocalization: import("@trpc/server").TRPCQueryProcedure<{
+        input: void;
+        output: {
+            enabled: boolean;
+            locales: {
+                code: string;
+                label: string;
+                rtl?: boolean;
+            }[];
+            defaultLocale: string;
+        } | null;
+        meta: object;
+    }>;
+}>>;
+//# sourceMappingURL=config.d.ts.map

package/dist/api/trpc/routers/config.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"config.d.ts","sourceRoot":"","sources":["../../../../src/api/trpc/routers/config.ts"],"names":[],"mappings":"AAGA;;GAEG;AACH,eAAO,MAAM,YAAY;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;mBAa61c,CAAC;;;;;;GADr3c,CAAA"}

package/dist/api/trpc/routers/config.js

@@ -0,0 +1,18 @@
+import { privateProcedure, router } from '../trpc.js';
+import { getCMSConfig } from '../../../core/config/index.js';
+/**
+ * Config router. Exposes non-sensitive config (e.g. i18n) to authenticated clients.
+ */
+export const configRouter = router({
+    getI18n: privateProcedure.query(async () => {
+        const config = await getCMSConfig();
+        return {
+            supportedLanguages: config.i18n.supportedLanguages,
+            fallbackLanguage: config.i18n.fallbackLanguage,
+        };
+    }),
+    getLocalization: privateProcedure.query(async () => {
+        const config = await getCMSConfig();
+        return config.localization;
+    }),
+});