npm - payload-plugin-newsletter - Versions diffs - 0.1.1 → 0.3.0 - Mend

payload-plugin-newsletter 0.1.1 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (39) hide show

package/CHANGELOG.md +38 -0
package/README.md +39 -2
package/dist/.tsbuildinfo +1 -1
package/dist/collections/NewsletterSettings.d.ts +4 -0
package/dist/collections/NewsletterSettings.d.ts.map +1 -0
package/dist/collections/Subscribers.d.ts.map +1 -1
package/dist/endpoints/preferences.d.ts.map +1 -1
package/dist/endpoints/subscribe.d.ts.map +1 -1
package/dist/endpoints/unsubscribe.d.ts.map +1 -1
package/dist/endpoints/verify-magic-link.d.ts.map +1 -1
package/dist/index.d.ts.map +1 -1
package/dist/src/collections/NewsletterSettings.js +389 -0
package/dist/src/collections/NewsletterSettings.js.map +1 -0
package/dist/src/collections/Subscribers.js.map +1 -1
package/dist/src/components/MagicLinkVerify.js +1 -1
package/dist/src/components/MagicLinkVerify.js.map +1 -1
package/dist/src/endpoints/preferences.js +16 -4
package/dist/src/endpoints/preferences.js.map +1 -1
package/dist/src/endpoints/subscribe.js +14 -3
package/dist/src/endpoints/subscribe.js.map +1 -1
package/dist/src/endpoints/unsubscribe.js +10 -2
package/dist/src/endpoints/unsubscribe.js.map +1 -1
package/dist/src/endpoints/verify-magic-link.js +13 -3
package/dist/src/endpoints/verify-magic-link.js.map +1 -1
package/dist/src/index.js +18 -12
package/dist/src/index.js.map +1 -1
package/dist/src/templates/NewsletterTemplate.js.map +1 -1
package/dist/src/templates/WelcomeTemplate.js.map +1 -1
package/dist/src/types/index.js.map +1 -1
package/dist/templates/NewsletterTemplate.d.ts.map +1 -1
package/dist/templates/WelcomeTemplate.d.ts.map +1 -1
package/dist/types/index.d.ts +5 -0
package/dist/types/index.d.ts.map +1 -1
package/package.json +7 -3
package/CLAUDE.md +0 -110
package/dist/globals/EmailSettings.d.ts +0 -4
package/dist/globals/EmailSettings.d.ts.map +0 -1
package/dist/src/globals/EmailSettings.js +0 -252
package/dist/src/globals/EmailSettings.js.map +0 -1

package/CHANGELOG.md CHANGED Viewed

@@ -5,6 +5,41 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [0.3.0] - 2025-06-15
+### Added
+- Comprehensive security improvements to respect Payload access control
+- Synthetic user pattern for subscriber self-service operations
+- Admin verification for newsletter settings modifications
+- Security documentation in README
+### Changed
+- All API endpoints now properly implement `overrideAccess` and `user` parameters
+- Preferences endpoint now ensures subscribers can only access their own data
+- Unsubscribe endpoint validates ownership through tokens
+- Magic link verification uses synthetic users for updates
+- Newsletter settings modifications now require admin authentication
+### Security
+- Implemented proper access control for all Payload Local API operations
+- Added user context validation for authenticated endpoints
+- Restricted settings access to admin users only
+- Enhanced protection against unauthorized data access
+## [0.2.0] - 2025-06-15
+### Changed
+- **BREAKING**: Changed newsletter settings from a global to a collection
+  - Allows multiple configurations (e.g., dev/staging/prod)
+  - Only one configuration can be active at a time
+  - Migrate existing settings by creating a new configuration in the collection
+- Updated README to clarify the settings collection usage
+### Added
+- Support for multiple email configurations
+- Automatic deactivation of other configs when activating one
+- Configuration name field for better organization
 ## [0.1.1] - 2025-06-15
 ### Fixed
@@ -38,6 +73,9 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Domain restriction options
 - Input validation and sanitization
+[0.3.0]: https://github.com/aniketpanjwani/payload-plugin-email-newsletter/releases/tag/v0.3.0
+[0.2.0]: https://github.com/aniketpanjwani/payload-plugin-email-newsletter/releases/tag/v0.2.0
+[0.1.1]: https://github.com/aniketpanjwani/payload-plugin-email-newsletter/releases/tag/v0.1.1
 [0.1.0]: https://github.com/aniketpanjwani/payload-plugin-email-newsletter/releases/tag/v0.1.0
 ---

package/README.md CHANGED Viewed

@@ -64,7 +64,7 @@ export default buildConfig({
 The plugin automatically adds:
 - A `subscribers` collection to manage your subscribers
-- A `newsletter-settings` global for email configuration
+- A `newsletter-settings` collection for email configurations (supports multiple environments)
 - API endpoints for subscription and authentication
 - Newsletter scheduling fields to your articles (optional)
@@ -111,12 +111,32 @@ Subscribers can be managed through the Payload admin panel at `/admin/collection
 ### Email Settings
-After setup, configure email settings at `/admin/globals/newsletter-settings` in your admin panel. You can:
+After setup, configure email settings at `/admin/collections/newsletter-settings` in your admin panel. You can:
+- Create multiple configurations (e.g., for different environments or purposes)
+- Set one configuration as active at a time
 - Switch between email providers
 - Update API keys and settings
 - Customize email templates
 - Set subscription preferences
+**Note**: Only one configuration can be active at a time. The plugin will use the active configuration for sending emails.
+## Initial Setup
+After installing the plugin, you'll need to:
+1. **Create an email configuration**:
+   - Go to `/admin/collections/newsletter-settings`
+   - Click "Create New"
+   - Give it a name (e.g., "Production" or "Development")
+   - Configure your email provider settings
+   - Set it as "Active"
+   - Save
+2. **Start collecting subscribers**:
+   - Subscribers will appear in `/admin/collections/subscribers`
+   - Use the provided React components or API endpoints
 ## Configuration Options
 ### Minimal Configuration
@@ -394,6 +414,23 @@ newsletterPlugin({
 - Check the email provider's dashboard for errors
 - Ensure from address is verified with your provider
+## Security
+### Access Control
+Starting from v0.3.0, the plugin implements proper access control for all operations:
+- **Subscriber data**: Users can only access and modify their own data via magic link authentication
+- **Newsletter settings**: Only admin users can modify email provider settings and configurations
+- **API endpoints**: All endpoints respect Payload's access control rules
+### Best Practices
+- Always use environment variables for sensitive data (API keys, JWT secrets)
+- Enable double opt-in for GDPR compliance
+- Configure allowed domains to prevent spam subscriptions
+- Set reasonable rate limits for subscriptions per IP
 ## Migration Guide
 Coming from another newsletter system? The plugin stores subscribers in a standard Payload collection, making it easy to import existing data: