nextly 0.0.1 → 0.0.2-alpha.0

package/dist/actions/index.d.ts

@@ -0,0 +1,239 @@
+import { M as Media } from '../_dts-chunks/media.d-DjDOZo4B.d.ts';
+import { O as OnErrorHook } from '../_dts-chunks/on-error.d-CHIKWNxd.d.ts';
+import { PublicData } from '../errors/index.d.ts';
+import 'zod';
+
+/**
+ * Media Upload Server Action
+ *
+ * Next.js 16 Server Action for uploading media files.
+ * Provides a simpler alternative to API routes for small files (<5MB).
+ *
+ * ## Features
+ *
+ * - Server-side file upload (no client-side FormData serialization)
+ * - Automatic cache revalidation (revalidatePath)
+ * - Type-safe with Zod validation
+ * - Authentication support (when configured)
+ * - Error handling with user-friendly messages
+ *
+ * ## Usage
+ *
+ * ### In Consumer's Next.js App
+ *
+ * ```typescript
+ * // app/actions/media.ts
+ * 'use server';
+ *
+ * import { uploadMediaAction } from 'nextly/actions/upload-media';
+ * import { getUserId } from './auth'; // Your auth implementation
+ *
+ * export async function uploadMedia(formData: FormData) {
+ *   const userId = await getUserId();
+ *   return uploadMediaAction(formData, { uploadedBy: userId });
+ * }
+ * ```
+ *
+ * ### In Client Component
+ *
+ * ```tsx
+ * 'use client';
+ *
+ * import { uploadMedia } from './actions/media';
+ *
+ * function UploadForm() {
+ *   async function handleSubmit(formData: FormData) {
+ *     const result = await uploadMedia(formData);
+ *     if (result.success) {
+ *       toast.success('Uploaded!');
+ *     } else {
+ *       toast.error(result.error);
+ *     }
+ *   }
+ *
+ *   return <form action={handleSubmit}>...</form>;
+ * }
+ * ```
+ *
+ * ## Authentication
+ *
+ * This action is **auth-agnostic** by design. The `uploadedBy` parameter
+ * must be provided by the consumer's authentication implementation.
+ *
+ * Examples:
+ * - Nextly: `const result = await getSession(request, secret); uploadedBy: result.user?.id`
+ * - Clerk: `const { userId } = auth(); uploadedBy: userId`
+ * - Custom: `const user = await getUser(); uploadedBy: user.id`
+ *
+ * ## Limitations
+ *
+ * - **No upload progress**: Server Actions don't support progress events
+ * - **Recommended for small files only** (<5MB)
+ * - **For large files**: Use API route with XMLHttpRequest
+ *
+ * @see packages/db/src/api/media.ts - API route with progress support
+ * @see MEDIA-MANAGEMENT-EXTENDED-PLAN.md - Phase 6 implementation details
+ */
+
+/**
+ * Server Action options
+ */
+interface UploadMediaActionOptions {
+    /**
+     * User ID who is uploading the file (required)
+     * Must be obtained from your auth system
+     */
+    uploadedBy: string;
+    /**
+     * Path to revalidate after successful upload
+     * @default '/admin/media'
+     */
+    revalidatePath?: string;
+}
+/**
+ * Server Action result
+ */
+interface UploadMediaActionResult {
+    success: boolean;
+    data?: Media;
+    error?: string;
+    statusCode?: number;
+}
+/**
+ * Upload media file via Server Action
+ *
+ * Uploads a file to storage and creates a database record.
+ * Automatically generates thumbnails for images.
+ *
+ * @param formData - FormData containing the file
+ * @param options - Upload options (uploadedBy, revalidatePath)
+ * @returns Upload result with media data or error
+ *
+ * @example Basic usage
+ * ```typescript
+ * 'use server';
+ *
+ * export async function uploadFile(formData: FormData) {
+ *   const userId = await getUserId(); // Your auth function
+ *   return uploadMediaAction(formData, { uploadedBy: userId });
+ * }
+ * ```
+ *
+ * @example With custom revalidation path
+ * ```typescript
+ * return uploadMediaAction(formData, {
+ *   uploadedBy: userId,
+ *   revalidatePath: '/dashboard/gallery',
+ * });
+ * ```
+ */
+declare function uploadMediaAction(formData: FormData, options: UploadMediaActionOptions): Promise<UploadMediaActionResult>;
+/**
+ * Delete media file via Server Action
+ *
+ * Deletes a file from storage and removes the database record.
+ *
+ * @param mediaId - ID of media to delete
+ * @param options - Options (revalidatePath)
+ * @returns Deletion result
+ *
+ * @example
+ * ```typescript
+ * 'use server';
+ *
+ * export async function deleteFile(mediaId: string) {
+ *   return deleteMediaAction(mediaId);
+ * }
+ * ```
+ */
+declare function deleteMediaAction(mediaId: string, options?: {
+    revalidatePath?: string;
+}): Promise<{
+    success: boolean;
+    error?: string;
+    statusCode?: number;
+}>;
+/**
+ * Update media metadata via Server Action
+ *
+ * Updates altText, caption, tags, or other metadata fields.
+ *
+ * @param mediaId - ID of media to update
+ * @param updates - Metadata updates
+ * @param options - Options (revalidatePath)
+ * @returns Update result
+ *
+ * @example
+ * ```typescript
+ * 'use server';
+ *
+ * export async function updateFile(
+ *   mediaId: string,
+ *   updates: { altText?: string; caption?: string; tags?: string[] }
+ * ) {
+ *   return updateMediaAction(mediaId, updates);
+ * }
+ * ```
+ */
+declare function updateMediaAction(mediaId: string, updates: {
+    filename?: string;
+    altText?: string;
+    caption?: string;
+    tags?: string[];
+}, options?: {
+    revalidatePath?: string;
+}): Promise<{
+    success: boolean;
+    data?: Media;
+    error?: string;
+    statusCode?: number;
+}>;
+
+/**
+ * Wire shape returned by Server Actions wrapped with `withAction`.
+ *
+ * The `error` block matches the canonical HTTP wire-format error block
+ * (modulo the discriminator), so developers learn one shape regardless of
+ * whether they consume a Route Handler or a Server Action.
+ */
+type ActionError = {
+    code: string;
+    message: string;
+    messageKey?: string;
+    data?: PublicData;
+    requestId: string;
+};
+/**
+ * Result of a Server Action: either `{ ok: true, data }` on success or
+ * `{ ok: false, error }` on failure. The `ok` discriminator narrows
+ * cleanly via `if (result.ok)` so consumers get type-safe access to either
+ * branch.
+ */
+type ActionResult<T> = {
+    ok: true;
+    data: T;
+} | {
+    ok: false;
+    error: ActionError;
+};
+
+type WithActionOptions = {
+    /** Per-call observability hook. Fired before the global hook. */
+    onError?: OnErrorHook;
+};
+/**
+ * Server Action boundary wrapper. Mirrors `withErrorHandler` but returns a
+ * typed `ActionResult<T>` instead of a `Response`, working around Next.js's
+ * production error-digesting (which strips thrown error messages).
+ *
+ * Generic over `TArgs` so it transparently supports both direct-call
+ * actions (`(id: string)`) and form-binding actions
+ * (`(prevState, formData)`) consumed by `useActionState`.
+ *
+ * Sentinel errors (`redirect`, `notFound`, dynamic-API bailouts) are passed
+ * through `unstable_rethrow` first so navigation works as expected.
+ */
+declare function withAction<TArgs extends unknown[], TResult>(fn: (...args: TArgs) => Promise<TResult>, options?: WithActionOptions): (...args: TArgs) => Promise<ActionResult<TResult>>;
+
+export { deleteMediaAction, updateMediaAction, uploadMediaAction, withAction };
+export type { ActionError, ActionResult, UploadMediaActionOptions, UploadMediaActionResult };

package/dist/actions/index.mjs

@@ -0,0 +1,281 @@
+import {
+  generateRequestId
+} from "../chunk-67GXH6PR.mjs";
+import {
+  getGlobalOnError
+} from "../chunk-2TFX4ND3.mjs";
+import {
+  getNextlyLogger
+} from "../chunk-W4MGXIRR.mjs";
+import {
+  ServiceContainer,
+  UploadMediaInputSchema
+} from "../chunk-NSEFNNU4.mjs";
+import "../chunk-3FA7FKAV.mjs";
+import "../chunk-AGJ6F2T3.mjs";
+import "../chunk-KIMNCZGV.mjs";
+import "../chunk-AK6Z23OX.mjs";
+import "../chunk-INV7QKLG.mjs";
+import "../chunk-GZ6DCQKC.mjs";
+import "../chunk-SBACDPNX.mjs";
+import "../chunk-RJLLGGPG.mjs";
+import "../chunk-V4EQTOA4.mjs";
+import "../chunk-I4JMR3UR.mjs";
+import "../chunk-XZKLBMN6.mjs";
+import "../chunk-IZWPRDC3.mjs";
+import "../chunk-DNNG377Z.mjs";
+import "../chunk-5HMZ644B.mjs";
+import "../chunk-W5KKPZT5.mjs";
+import "../chunk-56WO4WX7.mjs";
+import "../chunk-2W3DVD7S.mjs";
+import "../chunk-TS7GHTG2.mjs";
+import "../chunk-H26B4FYG.mjs";
+import "../chunk-DP3G27G5.mjs";
+import "../chunk-DV6WVX2Q.mjs";
+import "../chunk-UJ2IMJ4W.mjs";
+import "../chunk-EGXBZCGC.mjs";
+import "../chunk-G2AA4QLC.mjs";
+import "../chunk-4MJLT6PZ.mjs";
+import "../chunk-IUDOC7N7.mjs";
+import "../chunk-LAZXX4HR.mjs";
+import {
+  container
+} from "../chunk-D5HQBNUB.mjs";
+import {
+  NextlyError,
+  isDbError
+} from "../chunk-NRUWQ5Z7.mjs";
+import "../chunk-VTJADRO3.mjs";
+import "../chunk-5APFUGAD.mjs";
+import "../chunk-7P6ASYW6.mjs";
+
+// src/actions/upload-media.ts
+import { createRequire } from "module";
+var cachedRevalidatePath = null;
+function getRevalidatePath() {
+  if (cachedRevalidatePath) return cachedRevalidatePath;
+  const require2 = createRequire(import.meta.url);
+  const mod = require2("next/cache");
+  cachedRevalidatePath = mod.revalidatePath;
+  return cachedRevalidatePath;
+}
+function getServices() {
+  const adapter = container.get("adapter");
+  return new ServiceContainer(adapter);
+}
+async function uploadMediaAction(formData, options) {
+  try {
+    const file = formData.get("file");
+    if (!file) {
+      return {
+        success: false,
+        error: "No file provided",
+        statusCode: 400
+      };
+    }
+    if (!(file instanceof File)) {
+      return {
+        success: false,
+        error: "Invalid file",
+        statusCode: 400
+      };
+    }
+    const arrayBuffer = await file.arrayBuffer();
+    const buffer = Buffer.from(arrayBuffer);
+    const parseResult = UploadMediaInputSchema.safeParse({
+      file: buffer,
+      filename: file.name,
+      mimeType: file.type,
+      size: file.size,
+      uploadedBy: options.uploadedBy
+    });
+    if (!parseResult.success) {
+      const errors = parseResult.error.issues;
+      const firstError = errors[0];
+      return {
+        success: false,
+        error: firstError?.message || "Invalid file data",
+        statusCode: 400
+      };
+    }
+    const services = getServices();
+    const result = await services.media.uploadMedia(parseResult.data);
+    if (result.success && result.data) {
+      const pathToRevalidate = options.revalidatePath || "/admin/media";
+      getRevalidatePath()(pathToRevalidate);
+      return {
+        success: true,
+        data: result.data,
+        statusCode: result.statusCode
+      };
+    }
+    return {
+      success: false,
+      error: result.message || "Upload failed",
+      statusCode: result.statusCode
+    };
+  } catch (error) {
+    console.error("[uploadMediaAction] Unexpected error:", error);
+    return {
+      success: false,
+      error: error instanceof Error ? error.message : "An unexpected error occurred",
+      statusCode: 500
+    };
+  }
+}
+async function deleteMediaAction(mediaId, options) {
+  try {
+    if (!mediaId || typeof mediaId !== "string") {
+      return {
+        success: false,
+        error: "Invalid media ID",
+        statusCode: 400
+      };
+    }
+    const services = getServices();
+    const result = await services.media.deleteMedia(mediaId);
+    if (result.success) {
+      const pathToRevalidate = options?.revalidatePath || "/admin/media";
+      getRevalidatePath()(pathToRevalidate);
+      return {
+        success: true,
+        statusCode: result.statusCode
+      };
+    }
+    return {
+      success: false,
+      error: result.message || "Delete failed",
+      statusCode: result.statusCode
+    };
+  } catch (error) {
+    console.error("[deleteMediaAction] Unexpected error:", error);
+    return {
+      success: false,
+      error: error instanceof Error ? error.message : "An unexpected error occurred",
+      statusCode: 500
+    };
+  }
+}
+async function updateMediaAction(mediaId, updates, options) {
+  try {
+    if (!mediaId || typeof mediaId !== "string") {
+      return {
+        success: false,
+        error: "Invalid media ID",
+        statusCode: 400
+      };
+    }
+    const services = getServices();
+    const result = await services.media.updateMedia(mediaId, updates);
+    if (result.success && result.data) {
+      const pathToRevalidate = options?.revalidatePath || "/admin/media";
+      getRevalidatePath()(pathToRevalidate);
+      return {
+        success: true,
+        data: result.data,
+        statusCode: result.statusCode
+      };
+    }
+    return {
+      success: false,
+      error: result.message || "Update failed",
+      statusCode: result.statusCode
+    };
+  } catch (error) {
+    console.error("[updateMediaAction] Unexpected error:", error);
+    return {
+      success: false,
+      error: error instanceof Error ? error.message : "An unexpected error occurred",
+      statusCode: 500
+    };
+  }
+}
+
+// src/actions/with-action.ts
+import { createRequire as createRequire2 } from "module";
+var cachedHeaders = null;
+var cachedUnstableRethrow = null;
+function getHeaders() {
+  if (cachedHeaders) return cachedHeaders;
+  const require2 = createRequire2(import.meta.url);
+  const mod = require2("next/headers");
+  cachedHeaders = mod.headers;
+  return cachedHeaders;
+}
+function getUnstableRethrow() {
+  if (cachedUnstableRethrow) return cachedUnstableRethrow;
+  const require2 = createRequire2(import.meta.url);
+  const mod = require2("next/navigation");
+  cachedUnstableRethrow = mod.unstable_rethrow;
+  return cachedUnstableRethrow;
+}
+async function readOrGenerateRequestIdFromHeaders() {
+  try {
+    const headers = getHeaders();
+    const h = await headers();
+    return h.get("x-request-id") ?? h.get("x-vercel-id") ?? h.get("cf-ray") ?? generateRequestId();
+  } catch {
+    return generateRequestId();
+  }
+}
+function withAction(fn, options) {
+  return async (...args) => {
+    const requestId = await readOrGenerateRequestIdFromHeaders();
+    try {
+      const data = await fn(...args);
+      return { ok: true, data };
+    } catch (err) {
+      getUnstableRethrow()(err);
+      let nextlyErr;
+      if (NextlyError.is(err)) {
+        nextlyErr = err;
+      } else if (isDbError(err)) {
+        getNextlyLogger().warn({
+          kind: "stray-db-error-converted",
+          requestId,
+          dbKind: err.kind
+        });
+        nextlyErr = NextlyError.fromDatabaseError(err);
+      } else {
+        nextlyErr = NextlyError.internal({ cause: err });
+      }
+      getNextlyLogger().error({
+        kind: "server-action-error",
+        ...nextlyErr.toLogJSON(requestId)
+      });
+      const ctx = { kind: "server-action", requestId };
+      if (options?.onError) {
+        try {
+          await options.onError(nextlyErr, ctx);
+        } catch (hookErr) {
+          getNextlyLogger().warn({
+            kind: "onError-hook-failed",
+            layer: "per-call",
+            requestId,
+            err: String(hookErr)
+          });
+        }
+      }
+      const globalHook = getGlobalOnError();
+      if (globalHook) {
+        try {
+          await globalHook(nextlyErr, ctx);
+        } catch (hookErr) {
+          getNextlyLogger().warn({
+            kind: "onError-hook-failed",
+            layer: "global",
+            requestId,
+            err: String(hookErr)
+          });
+        }
+      }
+      return { ok: false, error: nextlyErr.toResponseJSON(requestId) };
+    }
+  };
+}
+export {
+  deleteMediaAction,
+  updateMediaAction,
+  uploadMediaAction,
+  withAction
+};

package/dist/api/auth-state.d.ts

@@ -0,0 +1,5 @@
+import { NextRequest } from 'next/server';
+
+declare const GET: (request: NextRequest) => Promise<Response>;
+
+export { GET };

package/dist/api/auth-state.mjs

@@ -0,0 +1,131 @@
+import {
+  readAccessTokenCookie,
+  verifyAccessToken
+} from "../chunk-2ZFKXPQM.mjs";
+import {
+  withErrorHandler
+} from "../chunk-TO5AFLVQ.mjs";
+import {
+  getCachedNextly
+} from "../chunk-P7NH2OSC.mjs";
+import "../chunk-2OALJTK6.mjs";
+import "../chunk-VJ66NCL4.mjs";
+import "../chunk-R6JJQHFC.mjs";
+import "../chunk-X23WKS3Z.mjs";
+import "../chunk-X7TXCYYN.mjs";
+import "../chunk-YZNBLFIW.mjs";
+import "../chunk-FQULBZ53.mjs";
+import "../chunk-67GXH6PR.mjs";
+import "../chunk-2TFX4ND3.mjs";
+import "../chunk-W4MGXIRR.mjs";
+import "../chunk-NSEFNNU4.mjs";
+import "../chunk-3FA7FKAV.mjs";
+import "../chunk-AGJ6F2T3.mjs";
+import "../chunk-KIMNCZGV.mjs";
+import "../chunk-AK6Z23OX.mjs";
+import "../chunk-INV7QKLG.mjs";
+import "../chunk-GZ6DCQKC.mjs";
+import "../chunk-SBACDPNX.mjs";
+import "../chunk-RJLLGGPG.mjs";
+import "../chunk-V4EQTOA4.mjs";
+import "../chunk-I4JMR3UR.mjs";
+import "../chunk-XZKLBMN6.mjs";
+import "../chunk-IZWPRDC3.mjs";
+import "../chunk-DNNG377Z.mjs";
+import "../chunk-5HMZ644B.mjs";
+import "../chunk-W5KKPZT5.mjs";
+import "../chunk-56WO4WX7.mjs";
+import "../chunk-2W3DVD7S.mjs";
+import {
+  getDialectTables
+} from "../chunk-TS7GHTG2.mjs";
+import "../chunk-H26B4FYG.mjs";
+import "../chunk-DP3G27G5.mjs";
+import "../chunk-DV6WVX2Q.mjs";
+import {
+  env
+} from "../chunk-UJ2IMJ4W.mjs";
+import "../chunk-EGXBZCGC.mjs";
+import "../chunk-G2AA4QLC.mjs";
+import "../chunk-4MJLT6PZ.mjs";
+import {
+  respondData
+} from "../chunk-IUDOC7N7.mjs";
+import "../chunk-LAZXX4HR.mjs";
+import "../chunk-D5HQBNUB.mjs";
+import {
+  NextlyError
+} from "../chunk-NRUWQ5Z7.mjs";
+import "../chunk-VTJADRO3.mjs";
+import "../chunk-5APFUGAD.mjs";
+import "../chunk-7P6ASYW6.mjs";
+
+// src/api/auth-state.ts
+import { eq } from "drizzle-orm";
+var GET = withErrorHandler(async (request) => {
+  const secret = env.NEXTLY_SECRET ?? "";
+  if (!secret) {
+    throw NextlyError.authRequired({
+      logContext: { reason: "no-secret-configured" }
+    });
+  }
+  const token = readAccessTokenCookie(request);
+  if (!token) {
+    throw NextlyError.authRequired({ logContext: { reason: "no_token" } });
+  }
+  const verifyResult = await verifyAccessToken(token, secret);
+  if (!verifyResult.valid) {
+    throw NextlyError.authRequired({
+      logContext: { reason: verifyResult.reason }
+    });
+  }
+  const claims = verifyResult.payload;
+  const userId = claims.sub;
+  const issuedAt = typeof claims.iat === "number" ? new Date(claims.iat * 1e3) : /* @__PURE__ */ new Date(0);
+  const expiresAt = typeof claims.exp === "number" ? new Date(claims.exp * 1e3) : /* @__PURE__ */ new Date(0);
+  if (!userId) {
+    throw NextlyError.authRequired({
+      logContext: { reason: "claims-missing-sub" }
+    });
+  }
+  const nextly = await getCachedNextly();
+  const db = nextly.adapter.getDrizzle();
+  const tables = getDialectTables();
+  const rows = await db.select({
+    id: tables.users.id,
+    email: tables.users.email,
+    name: tables.users.name,
+    emailVerified: tables.users.emailVerified,
+    isActive: tables.users.isActive,
+    lockedUntil: tables.users.lockedUntil
+  }).from(tables.users).where(eq(tables.users.id, userId)).limit(1);
+  const user = rows[0];
+  if (!user) {
+    throw NextlyError.authRequired({
+      logContext: { reason: "session-user-missing", userId }
+    });
+  }
+  const now = /* @__PURE__ */ new Date();
+  const account = {
+    verified: Boolean(user.emailVerified),
+    locked: Boolean(user.lockedUntil && user.lockedUntil > now),
+    disabled: !user.isActive,
+    // The schema does not yet track these as first-class fields; expose
+    // safe defaults until they land. (Spec §19 follow-up.)
+    passwordResetRequired: false,
+    mustChangePasswordReason: null
+  };
+  const payload = {
+    authenticated: true,
+    user: { id: user.id, email: user.email, name: user.name },
+    account,
+    session: {
+      issuedAt: issuedAt.toISOString(),
+      expiresAt: expiresAt.toISOString()
+    }
+  };
+  return respondData(payload);
+});
+export {
+  GET
+};

package/dist/api/collections-schema-detail.d.ts

@@ -0,0 +1,56 @@
+/**
+ * Collection Schema Detail API Route Handlers for Next.js
+ *
+ * These route handlers can be re-exported in your Next.js application to provide
+ * individual collection management endpoints at /api/collections/schema/[slug].
+ *
+ * Services are auto-initialized on first request using environment variables:
+ * - DB_DIALECT: Database dialect ("postgresql" | "mysql" | "sqlite")
+ * - DATABASE_URL: Database connection string
+ *
+ * Locked code-first collections surface as canonical FORBIDDEN: the registry
+ * throws `NextlyError.forbidden` with the `collection-locked` reason in
+ * `logContext`.
+ *
+ * @example
+ * ```typescript
+ * // In your Next.js app: app/api/collections/schema/[slug]/route.ts
+ * export { GET, PATCH, DELETE } from 'nextly/api/collections-schema-detail';
+ * ```
+ *
+ * @module api/collections-schema-detail
+ */
+/**
+ * Context object for dynamic route handlers.
+ * Next.js 15+ requires params to be a Promise.
+ */
+interface RouteContext {
+    params: Promise<{
+        slug: string;
+    }>;
+}
+/**
+ * GET handler for retrieving a single collection by slug.
+ *
+ * Requires authentication and read permission for the collection. The
+ * registry throws `NOT_FOUND` if no collection matches the slug.
+ */
+declare const GET: (request: Request, context: RouteContext) => Promise<Response>;
+/**
+ * PATCH handler for updating a collection.
+ *
+ * Requires `manage-settings` (or super-admin). The registry throws
+ * `NextlyError.forbidden` with `reason: "collection-locked"` if the
+ * collection is locked (code-first collections cannot be modified via API).
+ */
+declare const PATCH: (request: Request, context: RouteContext) => Promise<Response>;
+/**
+ * DELETE handler for removing a collection.
+ *
+ * Requires `manage-settings` (or super-admin). The registry throws
+ * `NextlyError.forbidden` with `reason: "collection-locked-delete"` if the
+ * collection is locked (code-first collections cannot be deleted via API).
+ */
+declare const DELETE: (request: Request, context: RouteContext) => Promise<Response>;
+
+export { DELETE, GET, PATCH };