nextjs-cms 0.9.22 → 0.9.23

package/README.md

@@ -175,18 +175,70 @@ export default categorySection({
 })
 ```
 
-## API Reference
-
-### Core Modules
-
-#### API (`nextjs-cms/api`)
-- **appRouter**: Main tRPC router with all CMS endpoints
-- **createCaller**: Server-side API caller factory
-- **createTRPCContext**: Context factory for tRPC requests
-
-#### Authentication (`nextjs-cms/auth`)
-- **JWT Management**: Token creation, verification, and refresh
-- **React Hooks**: `useAxiosPrivate`, `useRefreshToken`
+## API Reference
+
+### Extending tRPC
+
+Create an app-owned tRPC server entrypoint so custom routers are included in the final `AppRouter` type:
+
+```typescript
+// app/_trpc/server.ts
+import 'server-only'
+
+import { createTRPCRouter } from 'nextjs-cms/api/server'
+import { dashboardRouter } from './routers/dashboard'
+
+export const trpc = createTRPCRouter({
+  routers: {
+    dashboard: dashboardRouter,
+  },
+})
+
+export type AppRouter = typeof trpc.appRouter
+export const { api, HydrateClient } = trpc
+```
+
+Create the matching client entrypoint:
+
+```typescript
+// app/_trpc/client.tsx
+'use client'
+
+import { createNextjsCmsClient } from 'nextjs-cms/api/client'
+import type { AppRouter } from './server'
+
+export const { trpc, NextjsCmsProvider } = createNextjsCmsClient<AppRouter>()
+```
+
+Export final app router inference helpers from the app:
+
+```typescript
+// app/_trpc/types.ts
+import type { inferRouterInputs, inferRouterOutputs } from '@trpc/server'
+import type { AppRouter } from './server'
+
+export type RouterInputs = inferRouterInputs<AppRouter>
+export type RouterOutputs = inferRouterOutputs<AppRouter>
+```
+
+Mount the handler from the app-owned router:
+
+```typescript
+// app/api/trpc/[trpc]/route.ts
+import { trpc } from '@/app/_trpc/server'
+
+export const { GET, POST } = trpc.handler
+```
+
+### Core Modules
+
+#### API
+- **Server runtime**: `createTRPCRouter`, procedures, and `createTRPCContext` from `nextjs-cms/api/server`
+- **Client runtime**: `createNextjsCmsClient` and `useAxiosPrivate` from `nextjs-cms/api/client`
+
+#### Authentication (`nextjs-cms/auth`)
+- **JWT Management**: Token creation, verification, and refresh
+- **React Hooks**: `useSession`, `useRefreshToken`
 - **Server Actions**: Authentication utilities for server components
 
 #### Core (`nextjs-cms/core`)
@@ -288,4 +340,4 @@ Contributions are welcome! Please read our contributing guidelines and submit pu
 
 ## License
 
-MIT License - see LICENSE file for details.
+MIT License - see LICENSE file for details.

package/dist/api/actions/files.d.ts

@@ -0,0 +1,30 @@
+import 'server-only';
+import type { Session } from '../../auth/index.js';
+export declare const getDocument: (session: Session, input: {
+    name: string;
+    sectionName: string;
+    fieldName: string;
+}) => Promise<{
+    base64: string;
+    mimeType: string;
+}>;
+export declare const getPhoto: (input: {
+    name: string;
+    folder: string;
+    isThumb?: boolean;
+}) => Promise<string>;
+export declare function streamPhoto(input: {
+    name: string;
+    folder: string;
+    isThumb?: boolean;
+}): Promise<ReadableStream<Uint8Array<ArrayBufferLike>>>;
+export declare const getVideo: (session: Session, input: {
+    name: string;
+    sectionName: string;
+    fieldName: string;
+}) => Promise<never>;
+export declare const streamFile: (path: string, options?: {
+    start?: number;
+    end?: number;
+}) => Promise<ReadableStream<Uint8Array>>;
+//# sourceMappingURL=files.d.ts.map

package/dist/api/actions/files.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"files.d.ts","sourceRoot":"","sources":["../../../src/api/actions/files.ts"],"names":[],"mappings":"AAAA,OAAO,aAAa,CAAA;AAWpB,OAAO,KAAK,EAAE,OAAO,EAAE,MAAM,qBAAqB,CAAA;AAOlD,eAAO,MAAM,WAAW,GACpB,SAAS,OAAO,EAChB,OAAO;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE;;;EA4GlE,CAAA;AA2DD,eAAO,MAAM,QAAQ,GAAU,OAAO;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,oBAgDxF,CAAA;AAGD,wBAAsB,WAAW,CAAC,KAAK,EAAE;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,MAAM,EAAE,MAAM,CAAC;IAAC,OAAO,CAAC,EAAE,OAAO,CAAA;CAAE,wDAyB3F;AAGD,eAAO,MAAM,QAAQ,GAAU,SAAS,OAAO,EAAE,OAAO;IAAE,IAAI,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,MAAM,CAAC;IAAC,SAAS,EAAE,MAAM,CAAA;CAAE,mBAE/G,CAAA;AAGD,eAAO,MAAM,UAAU,GACnB,MAAM,MAAM,EACZ,UAAU;IACN,KAAK,CAAC,EAAE,MAAM,CAAA;IACd,GAAG,CAAC,EAAE,MAAM,CAAA;CACf,KACF,OAAO,CAAC,cAAc,CAAC,UAAU,CAAC,CAGpC,CAAA"}

package/dist/api/actions/files.js

@@ -0,0 +1,234 @@
+import 'server-only';
+import fs from 'fs';
+import path from 'path';
+import { Readable } from 'stream';
+import { TRPCError } from '@trpc/server';
+import { fileTypeFromBuffer } from 'file-type';
+import { readChunk } from 'read-chunk';
+import sharp from 'sharp';
+import through2 from 'through2';
+import { getCMSConfig } from '../../core/config/index.js';
+import { SectionFactory } from '../../core/factories/index.js';
+import getString from '../../translations/index.js';
+import { sanitizeFileName, sanitizeFolderOrFileName } from '../../utils/index.js';
+export const getDocument = async (session, input) => {
+    const { name, sectionName, fieldName } = input;
+    // Sanitize the inputs
+    const sanitizedFolder = sanitizeFolderOrFileName(sectionName);
+    const sanitizedName = sanitizeFileName(name);
+    /**
+     * Check the section and the field name, and get the allowed extensions,
+     *  while also checking if the user has access to the section
+     */
+    const section = await SectionFactory.getSectionForAdmin({
+        name: sanitizedFolder,
+        admin: { id: session.user.id },
+    });
+    /**
+     * If the check fails, throw an error
+     */
+    if (!section?.name) {
+        throw new TRPCError({
+            code: 'BAD_REQUEST',
+            message: getString('invalidFilePath', session.user.language),
+        });
+    }
+    const fieldConfig = section.fields.find((field) => field.name === fieldName);
+    if (!fieldConfig || typeof fieldConfig.build !== 'function') {
+        throw new TRPCError({
+            code: 'BAD_REQUEST',
+            message: getString('invalidRequest', session.user.language),
+        });
+    }
+    const field = fieldConfig.build();
+    /**
+     * If field is not found, throw an error
+     */
+    if (!field || !field.name || !field.extensions || field.extensions.length === 0) {
+        throw new TRPCError({
+            code: 'BAD_REQUEST',
+            message: getString('invalidRequest', session.user.language),
+        });
+    }
+    /**
+     * Split the allowed extensions into an array
+     */
+    const uploadsFolder = (await getCMSConfig()).media.upload.path;
+    const documentAllowedExtensions = field.extensions;
+    const dir = '.documents';
+    const pathToFile = path.join(uploadsFolder, dir, sanitizedFolder, sanitizedName);
+    /**
+     * First, check if the file exists
+     */
+    if (!fs.existsSync(pathToFile)) {
+        throw new TRPCError({
+            code: 'BAD_REQUEST',
+            message: getString('fileNotFound', session.user.language),
+        });
+    }
+    /**
+     * Read the first 4100 bytes of the file
+     */
+    const chunkBuffer = await readChunk(pathToFile, { length: 4100 });
+    /**
+     * Get the file type from the buffer
+     */
+    const fileType = await fileTypeFromBuffer(chunkBuffer);
+    /**
+     * If the file type is invalid, return an error
+     */
+    if (!fileType) {
+        throw new TRPCError({
+            code: 'BAD_REQUEST',
+            message: getString('invalidFileType', session.user.language),
+        });
+    }
+    /**
+     * Check if the file type is allowed
+     */
+    if (!documentAllowedExtensions.includes(fileType.ext)) {
+        throw new TRPCError({
+            code: 'BAD_REQUEST',
+            message: getString('invalidFileType', session.user.language),
+        });
+    }
+    /**
+     * Convert the image to webp format and return a buffer
+     */
+    const buffer = fs.readFileSync(pathToFile);
+    /**
+     * Create a base64 string from the buffer
+     */
+    const base64 = buffer.toString('base64');
+    /**
+     * Return the base64 string with the mime type
+     */
+    return {
+        base64: `data:${fileType.mime};base64,${base64}`,
+        mimeType: fileType.mime,
+    };
+};
+/**
+ * Helper function with proper cleanup for converting Node.js stream to Web ReadableStream
+ * Uses pull()-based reading for proper backpressure support.
+ * @param nodeStream
+ * @param sharpInstance
+ */
+function nodeStreamToWebStream(nodeStream, sharpInstance) {
+    return new ReadableStream({
+        start() {
+            // Start paused — let pull() drive reading
+            if ('pause' in nodeStream && typeof nodeStream.pause === 'function') {
+                nodeStream.pause();
+            }
+        },
+        pull(controller) {
+            return new Promise((resolve, reject) => {
+                const onData = (chunk) => {
+                    controller.enqueue(new Uint8Array(chunk));
+                    if ('pause' in nodeStream && typeof nodeStream.pause === 'function') {
+                        nodeStream.pause();
+                    }
+                    nodeStream.removeListener('data', onData);
+                    nodeStream.removeListener('error', onError);
+                    resolve();
+                };
+                const onError = (err) => {
+                    controller.error(err);
+                    nodeStream.removeListener('data', onData);
+                    reject(err);
+                };
+                nodeStream.on('data', onData);
+                nodeStream.on('error', onError);
+                nodeStream.once('end', () => {
+                    controller.close();
+                    resolve();
+                });
+                if ('resume' in nodeStream && typeof nodeStream.resume === 'function') {
+                    nodeStream.resume();
+                }
+            });
+        },
+        cancel() {
+            // Proper cleanup sequence
+            sharpInstance.destroy();
+            nodeStream.removeAllListeners();
+            if ('destroy' in nodeStream && typeof nodeStream.destroy === 'function') {
+                nodeStream.destroy();
+            }
+        },
+    });
+}
+export const getPhoto = async (input) => {
+    const { name, folder, isThumb } = input;
+    // Sanitize the inputs
+    const sanitizedFolder = sanitizeFolderOrFileName(folder);
+    const sanitizedName = sanitizeFileName(name);
+    /**
+     * Check the folder name matches a section name in the database
+     * Notice: Maybe we don't need this check because making an sql call for each image is maybe expensive
+     */
+    /*const sectionQuery = await db
+        .select()
+        .from(SectionsTable)
+        .where(eq(SectionsTable.sectionName, sanitizedFolder))
+        .limit(1)
+
+    if (sectionQuery.length === 0) {
+        throw new Error('Invalid folder name')
+    }*/
+    const uploadsFolder = (await getCMSConfig()).media.upload.path;
+    const dir = isThumb ? '.thumbs' : '.photos';
+    const pathToFile = path.join(uploadsFolder, dir, sanitizedFolder, sanitizedName);
+    /**
+     * Disable caching for the image to avoid unlink issues when removing the image
+     */
+    sharp.cache({ files: 0 });
+    sharp.cache(false);
+    /**
+     * Convert the image to webp format and return a buffer
+     */
+    const sharpInstance = sharp(pathToFile);
+    let webpBuffer = await sharpInstance // Load the image
+        .toFormat('webp') // Re-encode the image to webp
+        .withExif({}) // Strip the exif data
+        .toBuffer(); // Return a buffer
+    /**
+     * Destroy the sharp instance to free it from memory
+     */
+    const base64String = webpBuffer.toString('base64');
+    sharpInstance.destroy();
+    /**
+     * Return the base64 string with the mime type
+     */
+    return `data:image/webp;base64,${base64String}`;
+};
+export async function streamPhoto(input) {
+    const { name, folder, isThumb } = input;
+    // Sanitize the inputs
+    const sanitizedFolder = sanitizeFolderOrFileName(folder);
+    const sanitizedName = sanitizeFileName(name);
+    const dir = isThumb ? '.thumbs' : '.photos';
+    const uploadsFolder = (await getCMSConfig()).media.upload.path;
+    const pathToFile = path.join(uploadsFolder, dir, sanitizedFolder, sanitizedName);
+    /**
+     * Disable caching for the image to avoid unlink issues when removing the image
+     */
+    sharp.cache({ files: 0 });
+    sharp.cache(false);
+    // Process all images through Sharp
+    const processedImage = sharp(pathToFile).toFormat('webp').withExif({});
+    /**
+     * Convert Node.js stream to Web ReadableStream
+     * Also, add through2 for proper streaming
+     */
+    const nodeStream = processedImage.pipe(through2());
+    return nodeStreamToWebStream(nodeStream, processedImage);
+}
+export const getVideo = async (session, input) => {
+    throw new Error(getString('useVideoApiRoute', session.user.language));
+};
+export const streamFile = async (path, options) => {
+    const stream = fs.createReadStream(path, options);
+    return Readable.toWeb(stream);
+};

package/dist/api/actions/index.d.ts

@@ -0,0 +1,4 @@
+import 'server-only';
+export { streamFile, getPhoto } from './files.js';
+export { getAdminPrivileges } from './privileges.js';
+//# sourceMappingURL=index.d.ts.map

package/dist/api/actions/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/api/actions/index.ts"],"names":[],"mappings":"AAAA,OAAO,aAAa,CAAA;AAEpB,OAAO,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,YAAY,CAAA;AACjD,OAAO,EAAE,kBAAkB,EAAE,MAAM,iBAAiB,CAAA"}

package/dist/api/actions/index.js

@@ -0,0 +1,3 @@
+import 'server-only';
+export { streamFile, getPhoto } from './files.js';
+export { getAdminPrivileges } from './privileges.js';