opacacms 0.1.0 → 0.1.2

package/dist/{chunk-6dhs73zq.js → chunk-2yz1nsxs.js}

@@ -17,7 +17,7 @@ async function migrateCreateCommand(opaca, migrationName = "migration", outDir)
     fs.mkdirSync(fullMigrationDir, { recursive: true });
   }
   const timestamp = new Date().toISOString().replace(/[-:T]/g, "").split(".")[0];
-  const { generateMigrationCode, generateSQLCode } = await import("./chunk-kwp83w8b.js");
+  const { generateMigrationCode, generateSQLCode } = await import("./chunk-m09hahe2.js");
   const { getSystemCollections } = await import("./chunk-v521d72w.js");
   let dialect = "sqlite";
   if (db.name === "postgres")

package/dist/chunk-fa5mg0hr.js

@@ -0,0 +1,96 @@
+import {
+  __require
+} from "./chunk-8sqjbsgt.js";
+
+// src/admin/router.ts
+import { createRouter } from "@nanostores/router";
+var $router = createRouter({
+  dashboard: "/admin",
+  collections: "/admin/collections/:slug",
+  document: "/admin/collections/:slug/:id",
+  globals: "/admin/globals/:slug",
+  settings: "/admin/settings"
+});
+
+// src/admin/stores/config.ts
+import { atom } from "nanostores";
+var $config = atom(null);
+var $needsInit = atom(false);
+var $isFetchingConfig = atom(false);
+var $hasMetadataError = atom(false);
+function setConfig(config) {
+  $config.set(config);
+}
+function setNeedsInit(needs) {
+  $needsInit.set(needs);
+}
+
+// src/admin/stores/query.ts
+import { nanoquery } from "@nanostores/query";
+
+// src/admin/api-client.ts
+import ky from "ky";
+var client = null;
+var currentBaseURL = null;
+var configureAPI = (serverUrl) => {
+  if (!serverUrl || !serverUrl.startsWith("http"))
+    return;
+  const url = serverUrl;
+  const baseURL = url.replace(/\/$/, "");
+  if (client && currentBaseURL === baseURL)
+    return;
+  currentBaseURL = baseURL;
+  client = ky.create({
+    prefixUrl: baseURL,
+    credentials: "include",
+    retry: 0,
+    hooks: {
+      afterResponse: [
+        async (_request, _options, response) => {
+          if (response.status === 401 || response.status === 403) {
+            try {
+              const { $session } = await import("./chunk-xa7rjsn2.js");
+              const { notify } = await import("./chunk-jwjk85ze.js");
+              $session.set(null);
+              notify("Session expired. Please log in again.", "error");
+            } catch (e) {}
+          }
+        }
+      ]
+    }
+  });
+};
+var getCurrentBaseURL = () => {
+  if (!currentBaseURL) {
+    throw new Error("API client not configured. Did you provide a valid serverUrl?");
+  }
+  return currentBaseURL;
+};
+var api = new Proxy({}, {
+  get(_, prop) {
+    if (!client) {
+      throw new Error("API client not configured. Did you provide a valid serverUrl?");
+    }
+    if (!client)
+      throw new Error("API client not configured");
+    const c = client;
+    if (c) {
+      return c[prop];
+    }
+    return;
+  }
+});
+
+// src/admin/stores/query.ts
+var [
+  createFetcherStore,
+  createMutatorStore,
+  { invalidateKeys, revalidateKeys, mutateCache }
+] = nanoquery({
+  fetcher: (...keys) => {
+    const url = keys.join("");
+    return api.get(url).json();
+  }
+});
+
+export { $router, $config, $needsInit, $isFetchingConfig, $hasMetadataError, setConfig, setNeedsInit, configureAPI, getCurrentBaseURL, api, createFetcherStore, createMutatorStore, invalidateKeys, revalidateKeys, mutateCache };

package/dist/{chunk-kwp83w8b.js → chunk-m09hahe2.js}

@@ -50,9 +50,9 @@ function generateMigrationCode(collections, globals = [], dialect) {
       const config = typeof collection.timestamps === "object" ? collection.timestamps : {};
       const createdField = toSnakeCase(config.createdAt || "createdAt");
       const updatedField = toSnakeCase(config.updatedAt || "updatedAt");
-      upCode += `    .addColumn('${createdField}', '${tsType}', (col) => col.defaultTo(sql\`CURRENT_TIMESTAMP\`))
+      upCode += `    .addColumn('${createdField}', '${tsType}', (col) => col.defaultTo('CURRENT_TIMESTAMP'))
 `;
-      upCode += `    .addColumn('${updatedField}', '${tsType}', (col) => col.defaultTo(sql\`CURRENT_TIMESTAMP\`))
+      upCode += `    .addColumn('${updatedField}', '${tsType}', (col) => col.defaultTo('CURRENT_TIMESTAMP'))
 `;
     }
     upCode += `    .execute();
@@ -119,9 +119,9 @@ function generateMigrationCode(collections, globals = [], dialect) {
             upCode += `    .addColumn('${bColName}', '${bColType}', (col) => col${bConstraintChain})
 `;
           }
-          upCode += `    .addColumn('created_at', '${tsType}', (col) => col.defaultTo(sql\`CURRENT_TIMESTAMP\`))
+          upCode += `    .addColumn('created_at', '${tsType}', (col) => col.defaultTo('CURRENT_TIMESTAMP'))
 `;
-          upCode += `    .addColumn('updated_at', '${tsType}', (col) => col.defaultTo(sql\`CURRENT_TIMESTAMP\`))
+          upCode += `    .addColumn('updated_at', '${tsType}', (col) => col.defaultTo('CURRENT_TIMESTAMP'))
 `;
           upCode += `    .execute();
 
@@ -132,12 +132,12 @@ function generateMigrationCode(collections, globals = [], dialect) {
       }
     }
   }
-  return `import { Kysely, sql } from 'kysely';
+  return `import type { OpacaMigrationDb } from 'opacacms/db';
 
-export async function up(db: Kysely<any>): Promise<void> {
+export async function up(db: OpacaMigrationDb): Promise<void> {
 ${upCode}}
 
-export async function down(db: Kysely<any>): Promise<void> {
+export async function down(db: OpacaMigrationDb): Promise<void> {
 ${downCode}}
 `;
 }

package/dist/{chunk-hmhcense.js → chunk-ry15hke8.js}

@@ -1,7 +1,3 @@
-import {
-  createAuth,
-  sanitizeConfig
-} from "./chunk-dy5t83hr.js";
 import {
   logger
 } from "./chunk-62ev8gnc.js";
@@ -14,9 +10,87 @@ import {
   init_system_schema
 } from "./chunk-ybbbqj63.js";
 import {
+  __require,
   __toCommonJS
 } from "./chunk-8sqjbsgt.js";
 
+// src/config-utils.ts
+init_system_schema();
+function sanitizeConfig(config) {
+  const collections = [...config.collections];
+  const supportsAuth = config.db.name === "sqlite" || config.db.name === "postgres" || config.db.name === "d1";
+  const systemCollections = getSystemCollections();
+  for (const systemCol of systemCollections) {
+    const isAsset = systemCol.slug === "_opaca_assets";
+    const isAuth = ["_users", "_sessions", "_accounts", "_verifications", "_api_keys"].includes(systemCol.slug);
+    if (isAsset && config.storages || isAuth && supportsAuth) {
+      if (!collections.find((col) => col.slug === systemCol.slug)) {
+        collections.push({
+          ...systemCol,
+          admin: true
+        });
+      }
+    }
+  }
+  const sanitizeField = (f) => ({
+    name: f.name,
+    type: f.type,
+    label: f.label,
+    required: f.required,
+    unique: f.unique,
+    defaultValue: f.defaultValue,
+    localized: f.localized,
+    admin: f.admin ? {
+      description: f.admin.description,
+      hidden: f.admin.hidden,
+      readOnly: f.admin.readOnly,
+      components: f.admin.components
+    } : undefined,
+    options: f.options,
+    fields: f.fields ? f.fields.map(sanitizeField) : undefined,
+    relationTo: f.relationTo,
+    displayField: f.displayField,
+    collection: f.collection,
+    on: f.on,
+    blocks: f.blocks ? f.blocks.map((b) => ({
+      slug: b.slug,
+      label: b.label,
+      fields: b.fields.map(sanitizeField)
+    })) : undefined,
+    tabs: f.tabs ? f.tabs.map((t) => ({
+      label: t.label,
+      fields: t.fields.map(sanitizeField)
+    })) : undefined
+  });
+  return {
+    appName: config.appName,
+    serverURL: config.serverURL,
+    collections: collections.map((col) => ({
+      slug: col.slug,
+      apiPath: col.apiPath,
+      label: col.label,
+      icon: col.icon,
+      admin: col.admin,
+      hidden: col.hidden,
+      fields: col.fields.map(sanitizeField),
+      timestamps: col.timestamps,
+      auth: col.auth,
+      versions: col.versions
+    })),
+    globals: config.globals?.map((g) => ({
+      slug: g.slug,
+      label: g.label,
+      icon: g.icon,
+      fields: g.fields.map(sanitizeField)
+    })),
+    storages: config.storages ? Object.keys(config.storages).reduce((acc, key) => {
+      acc[key] = {};
+      return acc;
+    }, {}) : {},
+    i18n: config.i18n
+  };
+}
+
 // src/server/admin.ts
 function createAdminHandlers(config, getAuth) {
   const getMetadata = (c) => {
@@ -891,6 +965,181 @@ function createCorsMiddleware(config) {
   });
 }
 
+// src/auth/index.ts
+import { apiKey } from "@better-auth/api-key";
+import { betterAuth } from "better-auth";
+import { admin } from "better-auth/plugins";
+import { CamelCasePlugin } from "kysely";
+
+// src/auth/premissions.ts
+import { createAccessControl } from "better-auth/plugins/access";
+function createPermissions(config) {
+  const resources = {
+    user: ["create", "read", "update", "delete", "ban", "impersonate"],
+    session: ["read", "revoke", "delete"]
+  };
+  for (const collection of config.collections) {
+    resources[collection.slug] = ["create", "read", "update", "delete"];
+  }
+  const ac = createAccessControl(resources);
+  const adminRole = ac.newRole({
+    user: ["create", "read", "update", "delete", "ban", "impersonate"],
+    session: ["read", "revoke", "delete"]
+  });
+  for (const collection of config.collections) {
+    adminRole[collection.slug] = ["create", "read", "update", "delete"];
+  }
+  const userRole = ac.newRole({});
+  const roles = {
+    admin: adminRole,
+    user: userRole
+  };
+  if (config.access?.roles) {
+    for (const [roleName, permissions] of Object.entries(config.access.roles)) {
+      roles[roleName] = ac.newRole(permissions);
+    }
+  }
+  return {
+    ac,
+    roles
+  };
+}
+
+// src/auth/index.ts
+async function createAuth(config) {
+  const userAuth = config.auth || {};
+  const trustedOrigins = config.trustedOrigins;
+  const { ac, roles } = createPermissions(config);
+  const rawDb = config.db.raw;
+  const env = typeof process !== "undefined" ? process.env : {};
+  const baseURL = String(config.serverURL || env.BETTER_AUTH_URL || "").replace(/\/$/, "");
+  if (!baseURL) {
+    throw new Error("[OpacaAuth] baseURL could not be determined. Please provide 'serverURL' in your config or 'BETTER_AUTH_URL' in your environment.");
+  }
+  const authURL = `${baseURL}/api/auth`;
+  const secret = env.OPACA_SECRET || env.BETTER_AUTH_SECRET || config.secret;
+  if (!secret) {
+    throw new Error("[OpacaAuth] No secret found for authentication. Please provide 'OPACA_SECRET' or 'BETTER_AUTH_SECRET'.");
+  }
+  if (typeof process !== "undefined" && !env.BETTER_AUTH_URL) {
+    process.env.BETTER_AUTH_URL = authURL;
+  }
+  let databaseConfig;
+  if (config.db.name === "postgres" && rawDb) {
+    const { PostgresJSDialect } = await import("kysely-postgres-js");
+    const { Kysely } = await import("kysely");
+    const kysely = new Kysely({
+      dialect: new PostgresJSDialect({ postgres: rawDb }),
+      plugins: [new CamelCasePlugin]
+    });
+    databaseConfig = {
+      db: kysely,
+      type: "pg"
+    };
+  } else if (config.db.name === "d1" && rawDb) {
+    const { D1Dialect } = await import("kysely-d1");
+    const { Kysely } = await import("kysely");
+    const kysely = new Kysely({
+      dialect: new D1Dialect({ database: rawDb }),
+      plugins: [new CamelCasePlugin]
+    });
+    databaseConfig = {
+      db: kysely,
+      type: "sqlite"
+    };
+  } else {
+    databaseConfig = {
+      db: rawDb,
+      type: "sqlite"
+    };
+  }
+  const isSecure = baseURL.startsWith("https");
+  const plugins = [
+    admin({
+      ac,
+      roles
+    }),
+    ...userAuth.features?.apiKeys?.enabled ? [
+      apiKey({
+        defaultPrefix: "opaca_",
+        schema: {
+          apikey: {
+            modelName: "_api_keys"
+          }
+        }
+      })
+    ] : []
+  ];
+  const socialProviders = {};
+  if (userAuth.socialProviders?.github) {
+    socialProviders.github = userAuth.socialProviders.github;
+  }
+  if (userAuth.socialProviders?.google) {
+    socialProviders.google = userAuth.socialProviders.google;
+  }
+  return betterAuth({
+    database: databaseConfig,
+    baseURL,
+    basePath: "/api/auth",
+    secret,
+    trustedOrigins,
+    emailAndPassword: {
+      enabled: userAuth.strategies?.emailPassword !== false
+    },
+    socialProviders,
+    user: {
+      modelName: "_users"
+    },
+    session: {
+      modelName: "_sessions",
+      expiresIn: (userAuth.session?.expiresInDays || 30) * 86400,
+      updateAge: userAuth.session?.updateAgeSeconds || 86400
+    },
+    account: {
+      modelName: "_accounts"
+    },
+    verification: {
+      modelName: "_verifications"
+    },
+    advanced: {
+      useSecureCookies: isSecure,
+      defaultCookieAttributes: {
+        sameSite: isSecure ? "none" : "lax",
+        secure: isSecure
+      }
+    },
+    databaseHooks: {
+      user: {
+        create: {
+          before: async (user) => {
+            try {
+              let userCount = 0;
+              try {
+                userCount = await config.db.count("_users");
+              } catch (e) {
+                const result = await config.db.unsafe("SELECT COUNT(*) as count FROM _users");
+                const rows = result?.results || result || [];
+                userCount = Number(rows[0]?.count || rows[0]?.["count(*)"] || 0);
+              }
+              if (userCount === 0) {
+                return {
+                  data: {
+                    ...user,
+                    role: "admin"
+                  }
+                };
+              }
+            } catch (e) {
+              console.error("[OpacaAuth] Failed to check user count in hook:", e);
+            }
+          }
+        }
+      }
+    },
+    plugins
+  });
+}
+
 // src/auth/migrations.ts
 init_system_schema();
 async function runAuthMigrations(db) {