payload-plugin-newsletter 0.1.0 → 0.3.0

package/ANNOUNCEMENT.md

@@ -0,0 +1,66 @@
+# 🎉 Payload Newsletter Plugin v0.1.0 Released!
+
+We're excited to announce the first release of the Payload Newsletter Plugin - a complete newsletter management solution for Payload CMS!
+
+## 📦 Installation
+
+The plugin is now available on npm:
+
+```bash
+npm install payload-plugin-newsletter
+# or
+bun add payload-plugin-newsletter
+# or
+yarn add payload-plugin-newsletter
+```
+
+## ✨ Key Features
+
+- **📧 Complete Subscriber Management** - Ready-to-use subscriber collection with all essential fields
+- **🔐 Magic Link Authentication** - Passwordless authentication for subscribers (separate from Payload auth)
+- **📨 Email Service Integration** - Built-in support for Resend and Broadcast
+- **📅 Newsletter Scheduling** - Schedule newsletters from your articles collection
+- **⚛️ React Components** - Pre-built signup forms and preference management UI
+- **🌍 Internationalization** - Multi-language support built-in
+- **📊 Analytics Ready** - UTM tracking and signup metadata collection
+
+## 🚀 Quick Start
+
+```typescript
+import { buildConfig } from 'payload/config'
+import { newsletterPlugin } from 'payload-plugin-newsletter'
+
+export default buildConfig({
+  plugins: [
+    newsletterPlugin({
+      providers: {
+        default: 'resend',
+        resend: {
+          apiKey: process.env.RESEND_API_KEY,
+          fromAddress: 'hello@yoursite.com',
+          fromName: 'Your Newsletter',
+        },
+      },
+    }),
+  ],
+})
+```
+
+## 📚 Resources
+
+- **npm**: https://www.npmjs.com/package/payload-plugin-newsletter
+- **GitHub**: https://github.com/aniketpanjwani/payload-plugin-email-newsletter
+- **Documentation**: [README.md](https://github.com/aniketpanjwani/payload-plugin-email-newsletter#readme)
+- **Issues**: https://github.com/aniketpanjwani/payload-plugin-email-newsletter/issues
+
+## 🤝 Contributing
+
+We welcome contributions! Check out our [FEEDBACK.md](https://github.com/aniketpanjwani/payload-plugin-email-newsletter/blob/main/FEEDBACK.md) for areas where we'd love community input.
+
+## 🙏 Acknowledgments
+
+Special thanks to the Payload CMS team for creating such an extensible platform!
+
+---
+
+Made with ❤️ by [Aniket Panjwani](https://github.com/aniketpanjwani)

package/CHANGELOG.md

@@ -5,6 +5,47 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [0.3.0] - 2025-06-15
+
+### Added
+- Comprehensive security improvements to respect Payload access control
+- Synthetic user pattern for subscriber self-service operations
+- Admin verification for newsletter settings modifications
+- Security documentation in README
+
+### Changed
+- All API endpoints now properly implement `overrideAccess` and `user` parameters
+- Preferences endpoint now ensures subscribers can only access their own data
+- Unsubscribe endpoint validates ownership through tokens
+- Magic link verification uses synthetic users for updates
+- Newsletter settings modifications now require admin authentication
+
+### Security
+- Implemented proper access control for all Payload Local API operations
+- Added user context validation for authenticated endpoints
+- Restricted settings access to admin users only
+- Enhanced protection against unauthorized data access
+
+## [0.2.0] - 2025-06-15
+
+### Changed
+- **BREAKING**: Changed newsletter settings from a global to a collection
+  - Allows multiple configurations (e.g., dev/staging/prod)
+  - Only one configuration can be active at a time
+  - Migrate existing settings by creating a new configuration in the collection
+- Updated README to clarify the settings collection usage
+
+### Added
+- Support for multiple email configurations
+- Automatic deactivation of other configs when activating one
+- Configuration name field for better organization
+
+## [0.1.1] - 2025-06-15
+
+### Fixed
+- Updated README to reflect npm availability
+- Fixed package.json warnings for npm publishing
+
 ## [0.1.0] - 2025-06-15
 
 ### Added
@@ -32,4 +73,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Domain restriction options
 - Input validation and sanitization
 
-[0.1.0]: https://github.com/aniketpanjwani/payload-plugin-email-newsletter/releases/tag/v0.1.0
+[0.3.0]: https://github.com/aniketpanjwani/payload-plugin-email-newsletter/releases/tag/v0.3.0
+[0.2.0]: https://github.com/aniketpanjwani/payload-plugin-email-newsletter/releases/tag/v0.2.0
+[0.1.1]: https://github.com/aniketpanjwani/payload-plugin-email-newsletter/releases/tag/v0.1.1
+[0.1.0]: https://github.com/aniketpanjwani/payload-plugin-email-newsletter/releases/tag/v0.1.0
+
+---
+
+**npm**: https://www.npmjs.com/package/payload-plugin-newsletter

package/README.md

@@ -1,5 +1,8 @@
 # Payload Newsletter Plugin
 
+[![npm version](https://badge.fury.io/js/payload-plugin-newsletter.svg)](https://www.npmjs.com/package/payload-plugin-newsletter)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
 A complete newsletter management plugin for Payload CMS that provides subscriber management, magic link authentication, and email service integration out of the box.
 
 ## Features
@@ -17,23 +20,14 @@ A complete newsletter management plugin for Payload CMS that provides subscriber
 
 ### 1. Install the plugin
 
-**Note: This plugin is not yet published to npm. Install directly from GitHub:**
-
-```bash
-bun add github:aniketpanjwani/payload-plugin-email-newsletter
-# or
-npm install github:aniketpanjwani/payload-plugin-email-newsletter
-# or
-yarn add github:aniketpanjwani/payload-plugin-email-newsletter
-# or
-pnpm add github:aniketpanjwani/payload-plugin-email-newsletter
-```
-
-Once published to npm, you'll be able to install with:
 ```bash
 bun add payload-plugin-newsletter
 # or
 npm install payload-plugin-newsletter
+# or
+yarn add payload-plugin-newsletter
+# or
+pnpm add payload-plugin-newsletter
 ```
 
 ### 2. Add to your Payload config
@@ -70,7 +64,7 @@ export default buildConfig({
 
 The plugin automatically adds:
 - A `subscribers` collection to manage your subscribers
-- A `newsletter-settings` global for email configuration
+- A `newsletter-settings` collection for email configurations (supports multiple environments)
 - API endpoints for subscription and authentication
 - Newsletter scheduling fields to your articles (optional)
 
@@ -117,12 +111,32 @@ Subscribers can be managed through the Payload admin panel at `/admin/collection
 
 ### Email Settings
 
-After setup, configure email settings at `/admin/globals/newsletter-settings` in your admin panel. You can:
+After setup, configure email settings at `/admin/collections/newsletter-settings` in your admin panel. You can:
+- Create multiple configurations (e.g., for different environments or purposes)
+- Set one configuration as active at a time
 - Switch between email providers
 - Update API keys and settings
 - Customize email templates
 - Set subscription preferences
 
+**Note**: Only one configuration can be active at a time. The plugin will use the active configuration for sending emails.
+
+## Initial Setup
+
+After installing the plugin, you'll need to:
+
+1. **Create an email configuration**:
+   - Go to `/admin/collections/newsletter-settings`
+   - Click "Create New"
+   - Give it a name (e.g., "Production" or "Development")
+   - Configure your email provider settings
+   - Set it as "Active"
+   - Save
+
+2. **Start collecting subscribers**:
+   - Subscribers will appear in `/admin/collections/subscribers`
+   - Use the provided React components or API endpoints
+
 ## Configuration Options
 
 ### Minimal Configuration
@@ -400,6 +414,23 @@ newsletterPlugin({
 - Check the email provider's dashboard for errors
 - Ensure from address is verified with your provider
 
+## Security
+
+### Access Control
+
+Starting from v0.3.0, the plugin implements proper access control for all operations:
+
+- **Subscriber data**: Users can only access and modify their own data via magic link authentication
+- **Newsletter settings**: Only admin users can modify email provider settings and configurations
+- **API endpoints**: All endpoints respect Payload's access control rules
+
+### Best Practices
+
+- Always use environment variables for sensitive data (API keys, JWT secrets)
+- Enable double opt-in for GDPR compliance
+- Configure allowed domains to prevent spam subscriptions
+- Set reasonable rate limits for subscriptions per IP
+
 ## Migration Guide
 
 Coming from another newsletter system? The plugin stores subscribers in a standard Payload collection, making it easy to import existing data: