nextworks 0.1.0-alpha.13 → 0.1.0-alpha.14

package/dist/kits/data/app/api/posts/route.ts

@@ -1,138 +1,136 @@
-import { NextResponse } from "next/server";
-import { ZodError, z } from "zod";
-import { prisma } from "@/lib/prisma";
-import { postSchema } from "@/lib/validation/forms";
-import { getServerSession } from "next-auth";
-import { authOptions } from "@/lib/auth";
-import { jsonOk, jsonFail, jsonFromZod } from "@/lib/server/result";
-
-// Ensure Prisma runs in Node.js (not Edge)
-export const runtime = "nodejs";
-
-export async function GET(req: Request) {
-  try {
-    const url = new URL(req.url);
-    const page = Math.max(1, Number(url.searchParams.get("page") ?? "1"));
-    const perPage = Math.min(
-      200,
-      Math.max(1, Number(url.searchParams.get("perPage") ?? "8")),
-    );
-    const q = url.searchParams.get("q") ?? undefined;
-    const sort = url.searchParams.get("sort") ?? "createdAt_desc";
-    const sortField = url.searchParams.get("sortField") ?? "createdAt";
-    const sortDir =
-      (url.searchParams.get("sortDir") as "asc" | "desc") ?? "desc";
-
-    const skip = (page - 1) * perPage;
-
-    const where: any = {};
-    if (q) {
-      where.title = { contains: q, mode: "insensitive" };
-    }
-
-    // Filter by published state if requested: published=published|draft
-    const publishedParam = url.searchParams.get("published");
-    if (publishedParam === "published") {
-      where.published = true;
-    } else if (publishedParam === "draft") {
-      where.published = false;
-    }
-
-    const orderBy: any = {};
-    // Allow server to order by title or createdAt for now. Defaults to createdAt
-    if (sortField === "title") {
-      orderBy.title = sortDir === "asc" ? "asc" : "desc";
-    } else {
-      orderBy.createdAt = sortDir === "asc" ? "asc" : "desc";
-    }
-
-    const [total, items] = await Promise.all([
-      prisma.post.count({ where }),
-      prisma.post.findMany({
-        where,
-        orderBy,
-        skip,
-        take: perPage,
-        include: { author: { select: { name: true, email: true } } },
-      }),
-    ]);
-
-    return jsonOk({ items, total, page, perPage });
-  } catch (error: unknown) {
-    console.error("GET /api/posts error:", error);
-    return jsonFail("Failed to fetch posts", { status: 500 });
-  }
-}
-
-/**
- * Create a new post.
- * DX: authorId is optional. If omitted, we default to the currently signed-in user.
- * - If authorId is provided in the payload, it is used as-is.
- * - Otherwise we read the NextAuth session and use session.user.id.
- * - If neither is available (no session and no authorId), we return 400 to preserve data integrity.
- */
-export async function POST(req: Request) {
-  try {
-    // Allow authenticated users to create posts. Admins may create on behalf of others.
-    const session = await getServerSession(authOptions);
-    if (!session?.user) {
-      return jsonFail("Not authenticated", { status: 401 });
-    }
-
-    // 1) Parse and validate the request body. Server-side we allow authorId to be blank/omitted
-    //    because we can infer it from the authenticated session.
-    const body = await req.json();
-    const serverPostSchema = postSchema.extend({
-      // Make authorId optional for this API (UI may still require it via postSchema)
-      authorId: postSchema.shape.authorId.optional().or(z.literal("")),
-    });
-    const data = serverPostSchema.parse(body);
-
-    // 2) Resolve the authorId: prefer explicit authorId (only if admin or same as session user), else default to current session user
-    const providedAuthorId =
-      data.authorId && data.authorId.length > 0 ? data.authorId : undefined;
-
-    const sessionUserId = (session.user as { id?: string } | undefined)?.id;
-    const sessionIsAdmin =
-      (session.user as { role?: string } | undefined)?.role === "admin";
-
-    if (providedAuthorId) {
-      // If a non-admin tries to set someone else as the author, reject for safety.
-      if (!sessionIsAdmin && providedAuthorId !== sessionUserId) {
-        return jsonFail("Forbidden: cannot set authorId to another user", {
-          status: 403,
-        });
-      }
-    }
-
-    const resolvedAuthorId = providedAuthorId ?? sessionUserId;
-
-    if (!resolvedAuthorId) {
-      return jsonFail(
-        "authorId is required. Provide an authorId or sign in so we can default to your user id.",
-        {
-          status: 400,
-          errors: {
-            authorId: "Author ID is required or sign in to use your user ID",
-          },
-          code: "MISSING_AUTHOR",
-        },
-      );
-    }
-
-    const created = await prisma.post.create({
-      data: {
-        title: data.title,
-        content: data.content || null,
-        authorId: resolvedAuthorId,
-        published: data.published ?? false,
-      },
-    });
-    return jsonOk(created, { status: 201, message: "Post created" });
-  } catch (error: unknown) {
-    if (error instanceof ZodError) {
-      return jsonFromZod(error, { status: 400, message: "Validation failed" });
-    }
-    return jsonFail("Failed to create post", { status: 500 });
-  }
-}
+import { ZodError, z } from "zod";
+import { prisma } from "@/lib/prisma";
+import { postSchema } from "@/lib/validation/forms";
+import { getServerSession } from "next-auth";
+import { authOptions } from "@/lib/auth";
+import { jsonOk, jsonFail, jsonFromZod } from "@/lib/server/result";
+
+// Ensure Prisma runs in Node.js (not Edge)
+export const runtime = "nodejs";
+
+export async function GET(req: Request) {
+  try {
+    const url = new URL(req.url);
+    const page = Math.max(1, Number(url.searchParams.get("page") ?? "1"));
+    const perPage = Math.min(
+      200,
+      Math.max(1, Number(url.searchParams.get("perPage") ?? "8")),
+    );
+    const q = url.searchParams.get("q") ?? undefined;
+    const sortField = url.searchParams.get("sortField") ?? "createdAt";
+    const sortDir =
+      (url.searchParams.get("sortDir") as "asc" | "desc") ?? "desc";
+
+    const skip = (page - 1) * perPage;
+
+    const where: NonNullable<Parameters<typeof prisma.post.count>[0]>["where"] = {};
+    if (q) {
+      where.title = { contains: q, mode: "insensitive" };
+    }
+
+    // Filter by published state if requested: published=published|draft
+    const publishedParam = url.searchParams.get("published");
+    if (publishedParam === "published") {
+      where.published = true;
+    } else if (publishedParam === "draft") {
+      where.published = false;
+    }
+
+    const orderBy: NonNullable<Parameters<typeof prisma.post.findMany>[0]>["orderBy"] = {};
+    // Allow server to order by title or createdAt for now. Defaults to createdAt
+    if (sortField === "title") {
+      orderBy.title = sortDir === "asc" ? "asc" : "desc";
+    } else {
+      orderBy.createdAt = sortDir === "asc" ? "asc" : "desc";
+    }
+
+    const [total, items] = await Promise.all([
+      prisma.post.count({ where }),
+      prisma.post.findMany({
+        where,
+        orderBy,
+        skip,
+        take: perPage,
+        include: { author: { select: { name: true, email: true } } },
+      }),
+    ]);
+
+    return jsonOk({ items, total, page, perPage });
+  } catch (error: unknown) {
+    console.error("GET /api/posts error:", error);
+    return jsonFail("Failed to fetch posts", { status: 500 });
+  }
+}
+
+/**
+ * Create a new post.
+ * DX: authorId is optional. If omitted, we default to the currently signed-in user.
+ * - If authorId is provided in the payload, it is used as-is.
+ * - Otherwise we read the NextAuth session and use session.user.id.
+ * - If neither is available (no session and no authorId), we return 400 to preserve data integrity.
+ */
+export async function POST(req: Request) {
+  try {
+    // Allow authenticated users to create posts. Admins may create on behalf of others.
+    const session = await getServerSession(authOptions);
+    if (!session?.user) {
+      return jsonFail("Not authenticated", { status: 401 });
+    }
+
+    // 1) Parse and validate the request body. Server-side we allow authorId to be blank/omitted
+    //    because we can infer it from the authenticated session.
+    const body = await req.json();
+    const serverPostSchema = postSchema.extend({
+      // Make authorId optional for this API (UI may still require it via postSchema)
+      authorId: postSchema.shape.authorId.optional().or(z.literal("")),
+    });
+    const data = serverPostSchema.parse(body);
+
+    // 2) Resolve the authorId: prefer explicit authorId (only if admin or same as session user), else default to current session user
+    const providedAuthorId =
+      data.authorId && data.authorId.length > 0 ? data.authorId : undefined;
+
+    const sessionUserId = (session.user as { id?: string } | undefined)?.id;
+    const sessionIsAdmin =
+      (session.user as { role?: string } | undefined)?.role === "admin";
+
+    if (providedAuthorId) {
+      // If a non-admin tries to set someone else as the author, reject for safety.
+      if (!sessionIsAdmin && providedAuthorId !== sessionUserId) {
+        return jsonFail("Forbidden: cannot set authorId to another user", {
+          status: 403,
+        });
+      }
+    }
+
+    const resolvedAuthorId = providedAuthorId ?? sessionUserId;
+
+    if (!resolvedAuthorId) {
+      return jsonFail(
+        "authorId is required. Provide an authorId or sign in so we can default to your user id.",
+        {
+          status: 400,
+          errors: {
+            authorId: "Author ID is required or sign in to use your user ID",
+          },
+          code: "MISSING_AUTHOR",
+        },
+      );
+    }
+
+    const created = await prisma.post.create({
+      data: {
+        title: data.title,
+        content: data.content || null,
+        authorId: resolvedAuthorId,
+        published: data.published ?? false,
+      },
+    });
+    return jsonOk(created, { status: 201, message: "Post created" });
+  } catch (error: unknown) {
+    if (error instanceof ZodError) {
+      return jsonFromZod(error, { status: 400, message: "Validation failed" });
+    }
+    return jsonFail("Failed to create post", { status: 500 });
+  }
+}

package/dist/kits/data/app/api/seed-demo/route.ts

@@ -1,4 +1,3 @@
-import { NextRequest } from "next/server";
 import { prisma } from "@/lib/prisma";
 import { jsonOk, jsonFail } from "@/lib/server/result";
 import { getServerSession } from "next-auth";
@@ -6,7 +5,7 @@ import { authOptions } from "@/lib/auth";
 
 export const runtime = "nodejs";
 
-export async function POST(req: NextRequest) {
+export async function POST() {
   try {
     const session = await getServerSession(authOptions);
     if (!session?.user?.id) {

package/dist/kits/data/app/api/users/[id]/route.ts

@@ -1,6 +1,5 @@
 import { NextRequest } from "next/server";
 import { prisma } from "@/lib/prisma";
-import type { Prisma } from "@prisma/client";
 import { jsonOk, jsonFail } from "@/lib/server/result";
 import { getServerSession } from "next-auth";
 import { authOptions } from "@/lib/auth";
@@ -59,20 +58,28 @@ export async function PUT(req: NextRequest, { params }: RouteContext) {
     try {
       const parsed = userUpdateSchema.parse(body);
 
-      // Build Prisma-compatible update object
-      const data: Prisma.UserUpdateInput = {};
-      if (parsed.name !== undefined)
-        data.name = parsed.name === "" ? null : parsed.name;
-      if (parsed.email !== undefined) data.email = parsed.email;
-      if (parsed.image !== undefined)
-        data.image = parsed.image === "" ? null : parsed.image;
-      if (parsed.password !== undefined) {
-        // Hash password before saving
-        const { hashPassword } = await import("@/lib/hash");
-        data.password = await hashPassword(parsed.password as string);
-      }
-      if (parsed.emailVerified !== undefined)
-        data.emailVerified = parsed.emailVerified as any;
+      // Build Prisma-compatible update object (avoid mutating `{}` with `satisfies`)
+      const data = {
+        ...(parsed.name !== undefined
+          ? { name: parsed.name === "" ? null : parsed.name }
+          : {}),
+        ...(parsed.email !== undefined ? { email: parsed.email } : {}),
+        ...(parsed.image !== undefined
+          ? { image: parsed.image === "" ? null : parsed.image }
+          : {}),
+        ...(parsed.password !== undefined
+          ? {
+              password: await (async () => {
+                const { hashPassword } = await import("@/lib/hash");
+                // `password` is present in this branch; help TS narrow from `string | undefined`.
+                return hashPassword(parsed.password!);
+              })(),
+            }
+          : {}),
+        ...(parsed.emailVerified !== undefined
+          ? { emailVerified: parsed.emailVerified }
+          : {}),
+      } satisfies Parameters<typeof prisma.user.update>[0]["data"];
 
       const updated = await prisma.user.update({
         where: { id },
@@ -82,9 +89,14 @@ export async function PUT(req: NextRequest, { params }: RouteContext) {
       return jsonOk(updated, { status: 200, message: "User updated" });
     } catch (err) {
       // Zod errors
-      if (err && typeof err === "object" && "issues" in (err as any)) {
+      if (
+        err &&
+        typeof err === "object" &&
+        "issues" in err &&
+        Array.isArray((err as { issues?: unknown }).issues)
+      ) {
         const { jsonFromZod } = await import("@/lib/server/result");
-        return jsonFromZod(err as any, {
+        return jsonFromZod(err as never, {
           status: 400,
           message: "Validation failed",
         });

package/dist/kits/data/app/api/users/check-email/route.ts

@@ -12,7 +12,7 @@ export async function POST(req: NextRequest) {
 
     const user = await prisma.user.findUnique({ where: { email } });
     return jsonOk({ exists: !!user });
-  } catch (e) {
+  } catch {
     return jsonFail("Failed to check email", { status: 500 });
   }
 }

package/dist/kits/data/app/api/users/check-unique/route.ts

@@ -1,27 +1,30 @@
-import { NextRequest } from "next/server";
-import { prisma } from "@/lib/prisma";
-import { jsonOk, jsonFail } from "@/lib/server/result";
-
-export const runtime = "nodejs";
-
-export async function POST(req: NextRequest) {
-  try {
-    const body = await req.json().catch(() => null);
-    const field = body?.field;
-    const value = body?.value;
-    if (!field || !value) return jsonFail("Missing field or value", { status: 400 });
-
-    // Only allow specific fields for security
-    if (!["email", "username"].includes(field)) {
-      return jsonFail("Unsupported field", { status: 400 });
-    }
-
-    let where: any = {};
-    where[field] = value;
-
-    const user = await prisma.user.findUnique({ where });
-    return jsonOk({ unique: !user });
-  } catch (e) {
-    return jsonFail("Failed to check uniqueness", { status: 500 });
-  }
-}
+import { NextRequest } from "next/server";
+import { prisma } from "@/lib/prisma";
+import { jsonOk, jsonFail } from "@/lib/server/result";
+
+export const runtime = "nodejs";
+
+export async function POST(req: NextRequest) {
+  try {
+    const body = await req.json().catch(() => null);
+    const field = body?.field;
+    const value = body?.value;
+    if (!field || !value) return jsonFail("Missing field or value", { status: 400 });
+
+        // Only allow specific fields for security
+    // Note: Prisma `findUnique` requires a UNIQUE field; by default this kit only supports `email`.
+    if (field !== "email") {
+      return jsonFail("Unsupported field", { status: 400 });
+    }
+
+    const where = {
+      email: value,
+    } satisfies Parameters<typeof prisma.user.findUnique>[0]["where"];
+
+    const user = await prisma.user.findUnique({ where });
+
+    return jsonOk({ unique: !user });
+  } catch {
+    return jsonFail("Failed to check uniqueness", { status: 500 });
+  }
+}

package/dist/kits/data/app/api/users/route.ts

@@ -1,8 +1,6 @@
 import { ZodError } from "zod";
 import { prisma } from "@/lib/prisma";
 import { userSchema } from "@/lib/validation/forms";
-import { getServerSession } from "next-auth";
-import { authOptions } from "@/lib/auth";
 import {
   jsonOk,
   jsonFail,