payload 3.80.0-internal.cee0ccf → 3.80.0

package/dist/utilities/configToJSONSchema.spec.js

@@ -471,7 +471,9 @@ describe('configToJSONSchema', ()=>{
                     ],
                     items: {
                         oneOf: [
-                            expectedBlockSchema
+                            {
+                                $ref: '#/definitions/SharedBlock'
+                            }
                         ]
                     }
                 }
@@ -512,6 +514,78 @@ describe('configToJSONSchema', ()=>{
         // @ts-expect-error
         expect(schema.definitions.test.properties.title.required).toStrictEqual(false);
     });
+    it('should propagate forceInlineBlocks to nested fields (array, group, tab)', async ()=>{
+        const namedBlock = {
+            slug: 'myBlock',
+            interfaceName: 'MyBlock',
+            fields: [
+                {
+                    name: 'text',
+                    type: 'text'
+                }
+            ]
+        };
+        // @ts-expect-error
+        const config = {
+            collections: [
+                {
+                    slug: 'test',
+                    fields: [
+                        {
+                            name: 'arr',
+                            type: 'array',
+                            fields: [
+                                {
+                                    name: 'blocks',
+                                    type: 'blocks',
+                                    blocks: [
+                                        namedBlock
+                                    ]
+                                }
+                            ]
+                        },
+                        {
+                            name: 'grp',
+                            type: 'group',
+                            fields: [
+                                {
+                                    name: 'blocks',
+                                    type: 'blocks',
+                                    blocks: [
+                                        namedBlock
+                                    ]
+                                }
+                            ]
+                        }
+                    ],
+                    timestamps: false
+                }
+            ]
+        };
+        const sanitizedConfig = await sanitizeConfig(config);
+        // Without forceInlineBlocks: blocks field uses $ref
+        const schemaDefault = configToJSONSchema(sanitizedConfig, 'text');
+        const arrItemsDefault = schemaDefault.definitions.test.properties.arr.items;
+        const arrBlocksDefault = arrItemsDefault.properties.blocks.items.oneOf[0];
+        expect(arrBlocksDefault).toStrictEqual({
+            $ref: '#/definitions/MyBlock'
+        });
+        // With forceInlineBlocks: blocks field is inlined, no $ref
+        const schemaInline = configToJSONSchema(sanitizedConfig, 'text', undefined, {
+            forceInlineBlocks: true
+        });
+        const arrItemsInline = schemaInline.definitions.test.properties.arr.items;
+        const arrBlocksInline = arrItemsInline.properties.blocks.items.oneOf[0];
+        expect(arrBlocksInline).not.toHaveProperty('$ref');
+        expect(arrBlocksInline.properties?.blockType).toStrictEqual({
+            const: 'myBlock'
+        });
+        const grpBlocksInline = schemaInline.definitions.test.properties.grp.properties.blocks.items.oneOf[0];
+        expect(grpBlocksInline).not.toHaveProperty('$ref');
+        expect(grpBlocksInline.properties?.blockType).toStrictEqual({
+            const: 'myBlock'
+        });
+    });
 });
 
 //# sourceMappingURL=configToJSONSchema.spec.js.map

package/dist/utilities/configToJSONSchema.spec.js.map

@@ -1 +1 @@
-{"version":3,"sources":["../../src/utilities/configToJSONSchema.spec.ts"],"sourcesContent":["import type { JSONSchema4 } from 'json-schema'\nimport { describe, it, expect } from 'vitest'\n\nimport type { Config } from '../config/types.js'\n\nimport { sanitizeConfig } from '../config/sanitize.js'\nimport { configToJSONSchema } from './configToJSONSchema.js'\nimport type { Block, BlocksField, RichTextField } from '../fields/config/types.js'\n\ndescribe('configToJSONSchema', () => {\n  it('should handle optional arrays with required fields', async () => {\n    // @ts-expect-error\n    const config: Config = {\n      collections: [\n        {\n          slug: 'test',\n          fields: [\n            {\n              name: 'someRequiredField',\n              type: 'array',\n              fields: [\n                {\n                  name: 'someRequiredField',\n                  type: 'text',\n                  required: true,\n                },\n              ],\n            },\n          ],\n          timestamps: false,\n        },\n      ],\n    }\n\n    const sanitizedConfig = await sanitizeConfig(config)\n    const schema = configToJSONSchema(sanitizedConfig, 'text')\n\n    expect(schema?.definitions?.test).toStrictEqual({\n      type: 'object',\n      additionalProperties: false,\n      properties: {\n        id: {\n          type: 'string',\n        },\n        someRequiredField: {\n          type: ['array', 'null'],\n          items: {\n            type: 'object',\n            additionalProperties: false,\n            properties: {\n              id: {\n                type: ['string', 'null'],\n              },\n              someRequiredField: {\n                type: 'string',\n              },\n            },\n            required: ['someRequiredField'],\n          },\n        },\n      },\n      required: ['id'],\n      title: 'Test',\n    })\n  })\n\n  it('should handle block fields with no blocks', async () => {\n    // @ts-expect-error\n    const config: Config = {\n      collections: [\n        {\n          slug: 'test',\n          fields: [\n            {\n              name: 'blockField',\n              type: 'blocks',\n              blocks: [],\n            },\n            {\n              name: 'blockFieldRequired',\n              type: 'blocks',\n              blocks: [],\n              required: true,\n            },\n            {\n              name: 'blockFieldWithFields',\n              type: 'blocks',\n              blocks: [\n                {\n                  slug: 'test',\n                  fields: [\n                    {\n                      name: 'field',\n                      type: 'text',\n                    },\n                  ],\n                },\n              ],\n            },\n            {\n              name: 'blockFieldWithFieldsRequired',\n              type: 'blocks',\n              blocks: [\n                {\n                  slug: 'test',\n                  fields: [\n                    {\n                      name: 'field',\n                      type: 'text',\n                      required: true,\n                    },\n                  ],\n                },\n              ],\n            },\n          ],\n          timestamps: false,\n        },\n      ],\n    }\n\n    const sanitizedConfig = await sanitizeConfig(config)\n    const schema = configToJSONSchema(sanitizedConfig, 'text')\n\n    expect(schema?.definitions?.test).toStrictEqual({\n      type: 'object',\n      additionalProperties: false,\n      properties: {\n        id: {\n          type: 'string',\n        },\n        blockField: {\n          type: ['array', 'null'],\n          items: {},\n        },\n        blockFieldRequired: {\n          type: 'array',\n          items: {},\n        },\n        blockFieldWithFields: {\n          type: ['array', 'null'],\n          items: {\n            oneOf: [\n              {\n                type: 'object',\n                additionalProperties: false,\n                properties: {\n                  id: {\n                    type: ['string', 'null'],\n                  },\n                  blockName: {\n                    type: ['string', 'null'],\n                  },\n                  blockType: {\n                    const: 'test',\n                  },\n                  field: {\n                    type: ['string', 'null'],\n                  },\n                },\n                required: ['blockType'],\n              },\n            ],\n          },\n        },\n        blockFieldWithFieldsRequired: {\n          type: ['array', 'null'],\n          items: {\n            oneOf: [\n              {\n                type: 'object',\n                additionalProperties: false,\n                properties: {\n                  id: {\n                    type: ['string', 'null'],\n                  },\n                  blockName: {\n                    type: ['string', 'null'],\n                  },\n                  blockType: {\n                    const: 'test',\n                  },\n                  field: {\n                    type: 'string',\n                  },\n                },\n                required: ['blockType', 'field'],\n              },\n            ],\n          },\n        },\n      },\n      required: ['id', 'blockFieldRequired'],\n      title: 'Test',\n    })\n  })\n\n  it('should handle tabs and named tabs with required fields', async () => {\n    // @ts-expect-error\n    const config: Config = {\n      collections: [\n        {\n          slug: 'test',\n          fields: [\n            {\n              type: 'tabs',\n              tabs: [\n                {\n                  fields: [\n                    {\n                      name: 'fieldInUnnamedTab',\n                      type: 'text',\n                    },\n                  ],\n                  label: 'unnamedTab',\n                },\n                {\n                  name: 'namedTab',\n                  fields: [\n                    {\n                      name: 'fieldInNamedTab',\n                      type: 'text',\n                    },\n                  ],\n                  label: 'namedTab',\n                },\n                {\n                  name: 'namedTabWithRequired',\n                  fields: [\n                    {\n                      name: 'fieldInNamedTab',\n                      type: 'text',\n                      required: true,\n                    },\n                  ],\n                  label: 'namedTabWithRequired',\n                },\n              ],\n            },\n          ],\n          timestamps: false,\n        },\n      ],\n    }\n\n    const sanitizedConfig = await sanitizeConfig(config)\n    const schema = configToJSONSchema(sanitizedConfig, 'text')\n\n    expect(schema?.definitions?.test).toStrictEqual({\n      type: 'object',\n      additionalProperties: false,\n      properties: {\n        id: {\n          type: 'string',\n        },\n        fieldInUnnamedTab: {\n          type: ['string', 'null'],\n        },\n        namedTab: {\n          type: 'object',\n          additionalProperties: false,\n          properties: {\n            fieldInNamedTab: {\n              type: ['string', 'null'],\n            },\n          },\n          required: [],\n        },\n        namedTabWithRequired: {\n          type: 'object',\n          additionalProperties: false,\n          properties: {\n            fieldInNamedTab: {\n              type: 'string',\n            },\n          },\n          required: ['fieldInNamedTab'],\n        },\n      },\n      required: ['id', 'namedTabWithRequired'],\n      title: 'Test',\n    })\n  })\n\n  it('should handle custom typescript schema and JSON field schema', async () => {\n    const customSchema: JSONSchema4 = {\n      type: 'object',\n      properties: {\n        id: {\n          type: 'number',\n        },\n        required: ['id'],\n      },\n    }\n\n    const config: Partial<Config> = {\n      collections: [\n        {\n          slug: 'test',\n          fields: [\n            {\n              name: 'withCustom',\n              type: 'text',\n              typescriptSchema: [() => customSchema],\n            },\n            {\n              name: 'jsonWithSchema',\n              type: 'json',\n              jsonSchema: {\n                fileMatch: ['a://b/foo.json'],\n                schema: customSchema,\n                uri: 'a://b/foo.json',\n              },\n            },\n          ],\n          timestamps: false,\n        },\n      ],\n    }\n\n    const sanitizedConfig = await sanitizeConfig(config as Config)\n    const schema = configToJSONSchema(sanitizedConfig, 'text')\n\n    expect(schema?.definitions?.test).toStrictEqual({\n      type: 'object',\n      additionalProperties: false,\n      properties: {\n        id: {\n          type: 'string',\n        },\n        jsonWithSchema: customSchema,\n        withCustom: customSchema,\n      },\n      required: ['id'],\n      title: 'Test',\n    })\n  })\n\n  it('should handle same block object being referenced in both collection and config.blocks', async () => {\n    const sharedBlock: Block = {\n      slug: 'sharedBlock',\n      interfaceName: 'SharedBlock',\n      fields: [\n        {\n          name: 'richText',\n          type: 'richText',\n          editor: () => {\n            // stub rich text editor\n            return {\n              CellComponent: '',\n              FieldComponent: '',\n              validate: () => true,\n            }\n          },\n        },\n      ],\n    }\n\n    // @ts-expect-error\n    const config: Config = {\n      blocks: [sharedBlock],\n      collections: [\n        {\n          slug: 'test',\n          fields: [\n            {\n              name: 'someBlockField',\n              type: 'blocks',\n              blocks: [sharedBlock],\n            },\n          ],\n          timestamps: false,\n        },\n      ],\n    }\n\n    // Ensure both rich text editor are sanitized\n    const sanitizedConfig = await sanitizeConfig(config)\n    expect(typeof (sanitizedConfig?.blocks?.[0]?.fields?.[0] as RichTextField)?.editor).toBe(\n      'object',\n    )\n    expect(\n      typeof (\n        (sanitizedConfig.collections[0].fields[0] as BlocksField)?.blocks?.[0]\n          ?.fields?.[0] as RichTextField\n      )?.editor,\n    ).toBe('object')\n\n    const schema = configToJSONSchema(sanitizedConfig, 'text')\n\n    const expectedBlockSchema = {\n      type: 'object',\n      additionalProperties: false,\n      properties: {\n        id: { type: ['string', 'null'] },\n        blockName: { type: ['string', 'null'] },\n        blockType: { const: 'sharedBlock' },\n        richText: { type: ['array', 'null'], items: { type: 'object' } },\n      },\n      required: ['blockType'],\n    }\n\n    expect(schema?.definitions?.test).toStrictEqual({\n      type: 'object',\n      additionalProperties: false,\n      title: 'Test',\n      properties: {\n        id: {\n          type: 'string',\n        },\n        someBlockField: {\n          type: ['array', 'null'],\n          items: {\n            oneOf: [expectedBlockSchema],\n          },\n        },\n      },\n      required: ['id'],\n    })\n\n    // The definition should still be registered for TypeScript type generation\n    expect(schema?.definitions?.SharedBlock).toStrictEqual(expectedBlockSchema)\n  })\n\n  it('should allow overriding required to false', async () => {\n    // @ts-expect-error\n    const config: Config = {\n      collections: [\n        {\n          slug: 'test',\n          fields: [\n            {\n              name: 'title',\n              type: 'text',\n              required: true,\n              defaultValue: 'test',\n              typescriptSchema: [\n                () => ({\n                  type: 'string',\n                  required: false,\n                }),\n              ],\n            },\n          ],\n          timestamps: false,\n        },\n      ],\n    }\n\n    const sanitizedConfig = await sanitizeConfig(config)\n    const schema = configToJSONSchema(sanitizedConfig, 'text')\n\n    // @ts-expect-error\n    expect(schema.definitions.test.properties.title.required).toStrictEqual(false)\n  })\n})\n"],"names":["describe","it","expect","sanitizeConfig","configToJSONSchema","config","collections","slug","fields","name","type","required","timestamps","sanitizedConfig","schema","definitions","test","toStrictEqual","additionalProperties","properties","id","someRequiredField","items","title","blocks","blockField","blockFieldRequired","blockFieldWithFields","oneOf","blockName","blockType","const","field","blockFieldWithFieldsRequired","tabs","label","fieldInUnnamedTab","namedTab","fieldInNamedTab","namedTabWithRequired","customSchema","typescriptSchema","jsonSchema","fileMatch","uri","jsonWithSchema","withCustom","sharedBlock","interfaceName","editor","CellComponent","FieldComponent","validate","toBe","expectedBlockSchema","richText","someBlockField","SharedBlock","defaultValue"],"mappings":"AACA,SAASA,QAAQ,EAAEC,EAAE,EAAEC,MAAM,QAAQ,SAAQ;AAI7C,SAASC,cAAc,QAAQ,wBAAuB;AACtD,SAASC,kBAAkB,QAAQ,0BAAyB;AAG5DJ,SAAS,sBAAsB;IAC7BC,GAAG,sDAAsD;QACvD,mBAAmB;QACnB,MAAMI,SAAiB;YACrBC,aAAa;gBACX;oBACEC,MAAM;oBACNC,QAAQ;wBACN;4BACEC,MAAM;4BACNC,MAAM;4BACNF,QAAQ;gCACN;oCACEC,MAAM;oCACNC,MAAM;oCACNC,UAAU;gCACZ;6BACD;wBACH;qBACD;oBACDC,YAAY;gBACd;aACD;QACH;QAEA,MAAMC,kBAAkB,MAAMV,eAAeE;QAC7C,MAAMS,SAASV,mBAAmBS,iBAAiB;QAEnDX,OAAOY,QAAQC,aAAaC,MAAMC,aAAa,CAAC;YAC9CP,MAAM;YACNQ,sBAAsB;YACtBC,YAAY;gBACVC,IAAI;oBACFV,MAAM;gBACR;gBACAW,mBAAmB;oBACjBX,MAAM;wBAAC;wBAAS;qBAAO;oBACvBY,OAAO;wBACLZ,MAAM;wBACNQ,sBAAsB;wBACtBC,YAAY;4BACVC,IAAI;gCACFV,MAAM;oCAAC;oCAAU;iCAAO;4BAC1B;4BACAW,mBAAmB;gCACjBX,MAAM;4BACR;wBACF;wBACAC,UAAU;4BAAC;yBAAoB;oBACjC;gBACF;YACF;YACAA,UAAU;gBAAC;aAAK;YAChBY,OAAO;QACT;IACF;IAEAtB,GAAG,6CAA6C;QAC9C,mBAAmB;QACnB,MAAMI,SAAiB;YACrBC,aAAa;gBACX;oBACEC,MAAM;oBACNC,QAAQ;wBACN;4BACEC,MAAM;4BACNC,MAAM;4BACNc,QAAQ,EAAE;wBACZ;wBACA;4BACEf,MAAM;4BACNC,MAAM;4BACNc,QAAQ,EAAE;4BACVb,UAAU;wBACZ;wBACA;4BACEF,MAAM;4BACNC,MAAM;4BACNc,QAAQ;gCACN;oCACEjB,MAAM;oCACNC,QAAQ;wCACN;4CACEC,MAAM;4CACNC,MAAM;wCACR;qCACD;gCACH;6BACD;wBACH;wBACA;4BACED,MAAM;4BACNC,MAAM;4BACNc,QAAQ;gCACN;oCACEjB,MAAM;oCACNC,QAAQ;wCACN;4CACEC,MAAM;4CACNC,MAAM;4CACNC,UAAU;wCACZ;qCACD;gCACH;6BACD;wBACH;qBACD;oBACDC,YAAY;gBACd;aACD;QACH;QAEA,MAAMC,kBAAkB,MAAMV,eAAeE;QAC7C,MAAMS,SAASV,mBAAmBS,iBAAiB;QAEnDX,OAAOY,QAAQC,aAAaC,MAAMC,aAAa,CAAC;YAC9CP,MAAM;YACNQ,sBAAsB;YACtBC,YAAY;gBACVC,IAAI;oBACFV,MAAM;gBACR;gBACAe,YAAY;oBACVf,MAAM;wBAAC;wBAAS;qBAAO;oBACvBY,OAAO,CAAC;gBACV;gBACAI,oBAAoB;oBAClBhB,MAAM;oBACNY,OAAO,CAAC;gBACV;gBACAK,sBAAsB;oBACpBjB,MAAM;wBAAC;wBAAS;qBAAO;oBACvBY,OAAO;wBACLM,OAAO;4BACL;gCACElB,MAAM;gCACNQ,sBAAsB;gCACtBC,YAAY;oCACVC,IAAI;wCACFV,MAAM;4CAAC;4CAAU;yCAAO;oCAC1B;oCACAmB,WAAW;wCACTnB,MAAM;4CAAC;4CAAU;yCAAO;oCAC1B;oCACAoB,WAAW;wCACTC,OAAO;oCACT;oCACAC,OAAO;wCACLtB,MAAM;4CAAC;4CAAU;yCAAO;oCAC1B;gCACF;gCACAC,UAAU;oCAAC;iCAAY;4BACzB;yBACD;oBACH;gBACF;gBACAsB,8BAA8B;oBAC5BvB,MAAM;wBAAC;wBAAS;qBAAO;oBACvBY,OAAO;wBACLM,OAAO;4BACL;gCACElB,MAAM;gCACNQ,sBAAsB;gCACtBC,YAAY;oCACVC,IAAI;wCACFV,MAAM;4CAAC;4CAAU;yCAAO;oCAC1B;oCACAmB,WAAW;wCACTnB,MAAM;4CAAC;4CAAU;yCAAO;oCAC1B;oCACAoB,WAAW;wCACTC,OAAO;oCACT;oCACAC,OAAO;wCACLtB,MAAM;oCACR;gCACF;gCACAC,UAAU;oCAAC;oCAAa;iCAAQ;4BAClC;yBACD;oBACH;gBACF;YACF;YACAA,UAAU;gBAAC;gBAAM;aAAqB;YACtCY,OAAO;QACT;IACF;IAEAtB,GAAG,0DAA0D;QAC3D,mBAAmB;QACnB,MAAMI,SAAiB;YACrBC,aAAa;gBACX;oBACEC,MAAM;oBACNC,QAAQ;wBACN;4BACEE,MAAM;4BACNwB,MAAM;gCACJ;oCACE1B,QAAQ;wCACN;4CACEC,MAAM;4CACNC,MAAM;wCACR;qCACD;oCACDyB,OAAO;gCACT;gCACA;oCACE1B,MAAM;oCACND,QAAQ;wCACN;4CACEC,MAAM;4CACNC,MAAM;wCACR;qCACD;oCACDyB,OAAO;gCACT;gCACA;oCACE1B,MAAM;oCACND,QAAQ;wCACN;4CACEC,MAAM;4CACNC,MAAM;4CACNC,UAAU;wCACZ;qCACD;oCACDwB,OAAO;gCACT;6BACD;wBACH;qBACD;oBACDvB,YAAY;gBACd;aACD;QACH;QAEA,MAAMC,kBAAkB,MAAMV,eAAeE;QAC7C,MAAMS,SAASV,mBAAmBS,iBAAiB;QAEnDX,OAAOY,QAAQC,aAAaC,MAAMC,aAAa,CAAC;YAC9CP,MAAM;YACNQ,sBAAsB;YACtBC,YAAY;gBACVC,IAAI;oBACFV,MAAM;gBACR;gBACA0B,mBAAmB;oBACjB1B,MAAM;wBAAC;wBAAU;qBAAO;gBAC1B;gBACA2B,UAAU;oBACR3B,MAAM;oBACNQ,sBAAsB;oBACtBC,YAAY;wBACVmB,iBAAiB;4BACf5B,MAAM;gCAAC;gCAAU;6BAAO;wBAC1B;oBACF;oBACAC,UAAU,EAAE;gBACd;gBACA4B,sBAAsB;oBACpB7B,MAAM;oBACNQ,sBAAsB;oBACtBC,YAAY;wBACVmB,iBAAiB;4BACf5B,MAAM;wBACR;oBACF;oBACAC,UAAU;wBAAC;qBAAkB;gBAC/B;YACF;YACAA,UAAU;gBAAC;gBAAM;aAAuB;YACxCY,OAAO;QACT;IACF;IAEAtB,GAAG,gEAAgE;QACjE,MAAMuC,eAA4B;YAChC9B,MAAM;YACNS,YAAY;gBACVC,IAAI;oBACFV,MAAM;gBACR;gBACAC,UAAU;oBAAC;iBAAK;YAClB;QACF;QAEA,MAAMN,SAA0B;YAC9BC,aAAa;gBACX;oBACEC,MAAM;oBACNC,QAAQ;wBACN;4BACEC,MAAM;4BACNC,MAAM;4BACN+B,kBAAkB;gCAAC,IAAMD;6BAAa;wBACxC;wBACA;4BACE/B,MAAM;4BACNC,MAAM;4BACNgC,YAAY;gCACVC,WAAW;oCAAC;iCAAiB;gCAC7B7B,QAAQ0B;gCACRI,KAAK;4BACP;wBACF;qBACD;oBACDhC,YAAY;gBACd;aACD;QACH;QAEA,MAAMC,kBAAkB,MAAMV,eAAeE;QAC7C,MAAMS,SAASV,mBAAmBS,iBAAiB;QAEnDX,OAAOY,QAAQC,aAAaC,MAAMC,aAAa,CAAC;YAC9CP,MAAM;YACNQ,sBAAsB;YACtBC,YAAY;gBACVC,IAAI;oBACFV,MAAM;gBACR;gBACAmC,gBAAgBL;gBAChBM,YAAYN;YACd;YACA7B,UAAU;gBAAC;aAAK;YAChBY,OAAO;QACT;IACF;IAEAtB,GAAG,yFAAyF;QAC1F,MAAM8C,cAAqB;YACzBxC,MAAM;YACNyC,eAAe;YACfxC,QAAQ;gBACN;oBACEC,MAAM;oBACNC,MAAM;oBACNuC,QAAQ;wBACN,wBAAwB;wBACxB,OAAO;4BACLC,eAAe;4BACfC,gBAAgB;4BAChBC,UAAU,IAAM;wBAClB;oBACF;gBACF;aACD;QACH;QAEA,mBAAmB;QACnB,MAAM/C,SAAiB;YACrBmB,QAAQ;gBAACuB;aAAY;YACrBzC,aAAa;gBACX;oBACEC,MAAM;oBACNC,QAAQ;wBACN;4BACEC,MAAM;4BACNC,MAAM;4BACNc,QAAQ;gCAACuB;6BAAY;wBACvB;qBACD;oBACDnC,YAAY;gBACd;aACD;QACH;QAEA,6CAA6C;QAC7C,MAAMC,kBAAkB,MAAMV,eAAeE;QAC7CH,OAAO,OAAQW,iBAAiBW,QAAQ,CAAC,EAAE,EAAEhB,QAAQ,CAAC,EAAE,EAAoByC,QAAQI,IAAI,CACtF;QAEFnD,OACE,OACGW,gBAAgBP,WAAW,CAAC,EAAE,CAACE,MAAM,CAAC,EAAE,EAAkBgB,QAAQ,CAAC,EAAE,EAClEhB,QAAQ,CAAC,EAAE,EACdyC,QACHI,IAAI,CAAC;QAEP,MAAMvC,SAASV,mBAAmBS,iBAAiB;QAEnD,MAAMyC,sBAAsB;YAC1B5C,MAAM;YACNQ,sBAAsB;YACtBC,YAAY;gBACVC,IAAI;oBAAEV,MAAM;wBAAC;wBAAU;qBAAO;gBAAC;gBAC/BmB,WAAW;oBAAEnB,MAAM;wBAAC;wBAAU;qBAAO;gBAAC;gBACtCoB,WAAW;oBAAEC,OAAO;gBAAc;gBAClCwB,UAAU;oBAAE7C,MAAM;wBAAC;wBAAS;qBAAO;oBAAEY,OAAO;wBAAEZ,MAAM;oBAAS;gBAAE;YACjE;YACAC,UAAU;gBAAC;aAAY;QACzB;QAEAT,OAAOY,QAAQC,aAAaC,MAAMC,aAAa,CAAC;YAC9CP,MAAM;YACNQ,sBAAsB;YACtBK,OAAO;YACPJ,YAAY;gBACVC,IAAI;oBACFV,MAAM;gBACR;gBACA8C,gBAAgB;oBACd9C,MAAM;wBAAC;wBAAS;qBAAO;oBACvBY,OAAO;wBACLM,OAAO;4BAAC0B;yBAAoB;oBAC9B;gBACF;YACF;YACA3C,UAAU;gBAAC;aAAK;QAClB;QAEA,2EAA2E;QAC3ET,OAAOY,QAAQC,aAAa0C,aAAaxC,aAAa,CAACqC;IACzD;IAEArD,GAAG,6CAA6C;QAC9C,mBAAmB;QACnB,MAAMI,SAAiB;YACrBC,aAAa;gBACX;oBACEC,MAAM;oBACNC,QAAQ;wBACN;4BACEC,MAAM;4BACNC,MAAM;4BACNC,UAAU;4BACV+C,cAAc;4BACdjB,kBAAkB;gCAChB,IAAO,CAAA;wCACL/B,MAAM;wCACNC,UAAU;oCACZ,CAAA;6BACD;wBACH;qBACD;oBACDC,YAAY;gBACd;aACD;QACH;QAEA,MAAMC,kBAAkB,MAAMV,eAAeE;QAC7C,MAAMS,SAASV,mBAAmBS,iBAAiB;QAEnD,mBAAmB;QACnBX,OAAOY,OAAOC,WAAW,CAACC,IAAI,CAACG,UAAU,CAACI,KAAK,CAACZ,QAAQ,EAAEM,aAAa,CAAC;IAC1E;AACF"}
+{"version":3,"sources":["../../src/utilities/configToJSONSchema.spec.ts"],"sourcesContent":["import type { JSONSchema4 } from 'json-schema'\nimport { describe, it, expect } from 'vitest'\n\nimport type { Config } from '../config/types.js'\n\nimport { sanitizeConfig } from '../config/sanitize.js'\nimport { configToJSONSchema } from './configToJSONSchema.js'\nimport type { Block, BlocksField, RichTextField } from '../fields/config/types.js'\n\ndescribe('configToJSONSchema', () => {\n  it('should handle optional arrays with required fields', async () => {\n    // @ts-expect-error\n    const config: Config = {\n      collections: [\n        {\n          slug: 'test',\n          fields: [\n            {\n              name: 'someRequiredField',\n              type: 'array',\n              fields: [\n                {\n                  name: 'someRequiredField',\n                  type: 'text',\n                  required: true,\n                },\n              ],\n            },\n          ],\n          timestamps: false,\n        },\n      ],\n    }\n\n    const sanitizedConfig = await sanitizeConfig(config)\n    const schema = configToJSONSchema(sanitizedConfig, 'text')\n\n    expect(schema?.definitions?.test).toStrictEqual({\n      type: 'object',\n      additionalProperties: false,\n      properties: {\n        id: {\n          type: 'string',\n        },\n        someRequiredField: {\n          type: ['array', 'null'],\n          items: {\n            type: 'object',\n            additionalProperties: false,\n            properties: {\n              id: {\n                type: ['string', 'null'],\n              },\n              someRequiredField: {\n                type: 'string',\n              },\n            },\n            required: ['someRequiredField'],\n          },\n        },\n      },\n      required: ['id'],\n      title: 'Test',\n    })\n  })\n\n  it('should handle block fields with no blocks', async () => {\n    // @ts-expect-error\n    const config: Config = {\n      collections: [\n        {\n          slug: 'test',\n          fields: [\n            {\n              name: 'blockField',\n              type: 'blocks',\n              blocks: [],\n            },\n            {\n              name: 'blockFieldRequired',\n              type: 'blocks',\n              blocks: [],\n              required: true,\n            },\n            {\n              name: 'blockFieldWithFields',\n              type: 'blocks',\n              blocks: [\n                {\n                  slug: 'test',\n                  fields: [\n                    {\n                      name: 'field',\n                      type: 'text',\n                    },\n                  ],\n                },\n              ],\n            },\n            {\n              name: 'blockFieldWithFieldsRequired',\n              type: 'blocks',\n              blocks: [\n                {\n                  slug: 'test',\n                  fields: [\n                    {\n                      name: 'field',\n                      type: 'text',\n                      required: true,\n                    },\n                  ],\n                },\n              ],\n            },\n          ],\n          timestamps: false,\n        },\n      ],\n    }\n\n    const sanitizedConfig = await sanitizeConfig(config)\n    const schema = configToJSONSchema(sanitizedConfig, 'text')\n\n    expect(schema?.definitions?.test).toStrictEqual({\n      type: 'object',\n      additionalProperties: false,\n      properties: {\n        id: {\n          type: 'string',\n        },\n        blockField: {\n          type: ['array', 'null'],\n          items: {},\n        },\n        blockFieldRequired: {\n          type: 'array',\n          items: {},\n        },\n        blockFieldWithFields: {\n          type: ['array', 'null'],\n          items: {\n            oneOf: [\n              {\n                type: 'object',\n                additionalProperties: false,\n                properties: {\n                  id: {\n                    type: ['string', 'null'],\n                  },\n                  blockName: {\n                    type: ['string', 'null'],\n                  },\n                  blockType: {\n                    const: 'test',\n                  },\n                  field: {\n                    type: ['string', 'null'],\n                  },\n                },\n                required: ['blockType'],\n              },\n            ],\n          },\n        },\n        blockFieldWithFieldsRequired: {\n          type: ['array', 'null'],\n          items: {\n            oneOf: [\n              {\n                type: 'object',\n                additionalProperties: false,\n                properties: {\n                  id: {\n                    type: ['string', 'null'],\n                  },\n                  blockName: {\n                    type: ['string', 'null'],\n                  },\n                  blockType: {\n                    const: 'test',\n                  },\n                  field: {\n                    type: 'string',\n                  },\n                },\n                required: ['blockType', 'field'],\n              },\n            ],\n          },\n        },\n      },\n      required: ['id', 'blockFieldRequired'],\n      title: 'Test',\n    })\n  })\n\n  it('should handle tabs and named tabs with required fields', async () => {\n    // @ts-expect-error\n    const config: Config = {\n      collections: [\n        {\n          slug: 'test',\n          fields: [\n            {\n              type: 'tabs',\n              tabs: [\n                {\n                  fields: [\n                    {\n                      name: 'fieldInUnnamedTab',\n                      type: 'text',\n                    },\n                  ],\n                  label: 'unnamedTab',\n                },\n                {\n                  name: 'namedTab',\n                  fields: [\n                    {\n                      name: 'fieldInNamedTab',\n                      type: 'text',\n                    },\n                  ],\n                  label: 'namedTab',\n                },\n                {\n                  name: 'namedTabWithRequired',\n                  fields: [\n                    {\n                      name: 'fieldInNamedTab',\n                      type: 'text',\n                      required: true,\n                    },\n                  ],\n                  label: 'namedTabWithRequired',\n                },\n              ],\n            },\n          ],\n          timestamps: false,\n        },\n      ],\n    }\n\n    const sanitizedConfig = await sanitizeConfig(config)\n    const schema = configToJSONSchema(sanitizedConfig, 'text')\n\n    expect(schema?.definitions?.test).toStrictEqual({\n      type: 'object',\n      additionalProperties: false,\n      properties: {\n        id: {\n          type: 'string',\n        },\n        fieldInUnnamedTab: {\n          type: ['string', 'null'],\n        },\n        namedTab: {\n          type: 'object',\n          additionalProperties: false,\n          properties: {\n            fieldInNamedTab: {\n              type: ['string', 'null'],\n            },\n          },\n          required: [],\n        },\n        namedTabWithRequired: {\n          type: 'object',\n          additionalProperties: false,\n          properties: {\n            fieldInNamedTab: {\n              type: 'string',\n            },\n          },\n          required: ['fieldInNamedTab'],\n        },\n      },\n      required: ['id', 'namedTabWithRequired'],\n      title: 'Test',\n    })\n  })\n\n  it('should handle custom typescript schema and JSON field schema', async () => {\n    const customSchema: JSONSchema4 = {\n      type: 'object',\n      properties: {\n        id: {\n          type: 'number',\n        },\n        required: ['id'],\n      },\n    }\n\n    const config: Partial<Config> = {\n      collections: [\n        {\n          slug: 'test',\n          fields: [\n            {\n              name: 'withCustom',\n              type: 'text',\n              typescriptSchema: [() => customSchema],\n            },\n            {\n              name: 'jsonWithSchema',\n              type: 'json',\n              jsonSchema: {\n                fileMatch: ['a://b/foo.json'],\n                schema: customSchema,\n                uri: 'a://b/foo.json',\n              },\n            },\n          ],\n          timestamps: false,\n        },\n      ],\n    }\n\n    const sanitizedConfig = await sanitizeConfig(config as Config)\n    const schema = configToJSONSchema(sanitizedConfig, 'text')\n\n    expect(schema?.definitions?.test).toStrictEqual({\n      type: 'object',\n      additionalProperties: false,\n      properties: {\n        id: {\n          type: 'string',\n        },\n        jsonWithSchema: customSchema,\n        withCustom: customSchema,\n      },\n      required: ['id'],\n      title: 'Test',\n    })\n  })\n\n  it('should handle same block object being referenced in both collection and config.blocks', async () => {\n    const sharedBlock: Block = {\n      slug: 'sharedBlock',\n      interfaceName: 'SharedBlock',\n      fields: [\n        {\n          name: 'richText',\n          type: 'richText',\n          editor: () => {\n            // stub rich text editor\n            return {\n              CellComponent: '',\n              FieldComponent: '',\n              validate: () => true,\n            }\n          },\n        },\n      ],\n    }\n\n    // @ts-expect-error\n    const config: Config = {\n      blocks: [sharedBlock],\n      collections: [\n        {\n          slug: 'test',\n          fields: [\n            {\n              name: 'someBlockField',\n              type: 'blocks',\n              blocks: [sharedBlock],\n            },\n          ],\n          timestamps: false,\n        },\n      ],\n    }\n\n    // Ensure both rich text editor are sanitized\n    const sanitizedConfig = await sanitizeConfig(config)\n    expect(typeof (sanitizedConfig?.blocks?.[0]?.fields?.[0] as RichTextField)?.editor).toBe(\n      'object',\n    )\n    expect(\n      typeof (\n        (sanitizedConfig.collections[0].fields[0] as BlocksField)?.blocks?.[0]\n          ?.fields?.[0] as RichTextField\n      )?.editor,\n    ).toBe('object')\n\n    const schema = configToJSONSchema(sanitizedConfig, 'text')\n\n    const expectedBlockSchema = {\n      type: 'object',\n      additionalProperties: false,\n      properties: {\n        id: { type: ['string', 'null'] },\n        blockName: { type: ['string', 'null'] },\n        blockType: { const: 'sharedBlock' },\n        richText: { type: ['array', 'null'], items: { type: 'object' } },\n      },\n      required: ['blockType'],\n    }\n\n    expect(schema?.definitions?.test).toStrictEqual({\n      type: 'object',\n      additionalProperties: false,\n      title: 'Test',\n      properties: {\n        id: {\n          type: 'string',\n        },\n        someBlockField: {\n          type: ['array', 'null'],\n          items: {\n            oneOf: [\n              {\n                $ref: '#/definitions/SharedBlock',\n              },\n            ],\n          },\n        },\n      },\n      required: ['id'],\n    })\n\n    // The definition should still be registered for TypeScript type generation\n    expect(schema?.definitions?.SharedBlock).toStrictEqual(expectedBlockSchema)\n  })\n\n  it('should allow overriding required to false', async () => {\n    // @ts-expect-error\n    const config: Config = {\n      collections: [\n        {\n          slug: 'test',\n          fields: [\n            {\n              name: 'title',\n              type: 'text',\n              required: true,\n              defaultValue: 'test',\n              typescriptSchema: [\n                () => ({\n                  type: 'string',\n                  required: false,\n                }),\n              ],\n            },\n          ],\n          timestamps: false,\n        },\n      ],\n    }\n\n    const sanitizedConfig = await sanitizeConfig(config)\n    const schema = configToJSONSchema(sanitizedConfig, 'text')\n\n    // @ts-expect-error\n    expect(schema.definitions.test.properties.title.required).toStrictEqual(false)\n  })\n\n  it('should propagate forceInlineBlocks to nested fields (array, group, tab)', async () => {\n    const namedBlock: Block = {\n      slug: 'myBlock',\n      interfaceName: 'MyBlock',\n      fields: [{ name: 'text', type: 'text' }],\n    }\n\n    // @ts-expect-error\n    const config: Config = {\n      collections: [\n        {\n          slug: 'test',\n          fields: [\n            {\n              name: 'arr',\n              type: 'array',\n              fields: [{ name: 'blocks', type: 'blocks', blocks: [namedBlock] }],\n            },\n            {\n              name: 'grp',\n              type: 'group',\n              fields: [{ name: 'blocks', type: 'blocks', blocks: [namedBlock] }],\n            },\n          ],\n          timestamps: false,\n        },\n      ],\n    }\n\n    const sanitizedConfig = await sanitizeConfig(config)\n\n    // Without forceInlineBlocks: blocks field uses $ref\n    const schemaDefault = configToJSONSchema(sanitizedConfig, 'text')\n    const arrItemsDefault = schemaDefault.definitions!.test.properties!.arr.items as JSONSchema4\n    const arrBlocksDefault = (arrItemsDefault.properties!.blocks.items as JSONSchema4).oneOf![0]\n    expect(arrBlocksDefault).toStrictEqual({ $ref: '#/definitions/MyBlock' })\n\n    // With forceInlineBlocks: blocks field is inlined, no $ref\n    const schemaInline = configToJSONSchema(sanitizedConfig, 'text', undefined, {\n      forceInlineBlocks: true,\n    })\n    const arrItemsInline = schemaInline.definitions!.test.properties!.arr.items as JSONSchema4\n    const arrBlocksInline = (arrItemsInline.properties!.blocks.items as JSONSchema4).oneOf![0]\n    expect(arrBlocksInline).not.toHaveProperty('$ref')\n    expect(arrBlocksInline.properties?.blockType).toStrictEqual({ const: 'myBlock' })\n\n    const grpBlocksInline = (\n      schemaInline.definitions!.test.properties!.grp.properties!.blocks.items as JSONSchema4\n    ).oneOf![0]\n    expect(grpBlocksInline).not.toHaveProperty('$ref')\n    expect(grpBlocksInline.properties?.blockType).toStrictEqual({ const: 'myBlock' })\n  })\n})\n"],"names":["describe","it","expect","sanitizeConfig","configToJSONSchema","config","collections","slug","fields","name","type","required","timestamps","sanitizedConfig","schema","definitions","test","toStrictEqual","additionalProperties","properties","id","someRequiredField","items","title","blocks","blockField","blockFieldRequired","blockFieldWithFields","oneOf","blockName","blockType","const","field","blockFieldWithFieldsRequired","tabs","label","fieldInUnnamedTab","namedTab","fieldInNamedTab","namedTabWithRequired","customSchema","typescriptSchema","jsonSchema","fileMatch","uri","jsonWithSchema","withCustom","sharedBlock","interfaceName","editor","CellComponent","FieldComponent","validate","toBe","expectedBlockSchema","richText","someBlockField","$ref","SharedBlock","defaultValue","namedBlock","schemaDefault","arrItemsDefault","arr","arrBlocksDefault","schemaInline","undefined","forceInlineBlocks","arrItemsInline","arrBlocksInline","not","toHaveProperty","grpBlocksInline","grp"],"mappings":"AACA,SAASA,QAAQ,EAAEC,EAAE,EAAEC,MAAM,QAAQ,SAAQ;AAI7C,SAASC,cAAc,QAAQ,wBAAuB;AACtD,SAASC,kBAAkB,QAAQ,0BAAyB;AAG5DJ,SAAS,sBAAsB;IAC7BC,GAAG,sDAAsD;QACvD,mBAAmB;QACnB,MAAMI,SAAiB;YACrBC,aAAa;gBACX;oBACEC,MAAM;oBACNC,QAAQ;wBACN;4BACEC,MAAM;4BACNC,MAAM;4BACNF,QAAQ;gCACN;oCACEC,MAAM;oCACNC,MAAM;oCACNC,UAAU;gCACZ;6BACD;wBACH;qBACD;oBACDC,YAAY;gBACd;aACD;QACH;QAEA,MAAMC,kBAAkB,MAAMV,eAAeE;QAC7C,MAAMS,SAASV,mBAAmBS,iBAAiB;QAEnDX,OAAOY,QAAQC,aAAaC,MAAMC,aAAa,CAAC;YAC9CP,MAAM;YACNQ,sBAAsB;YACtBC,YAAY;gBACVC,IAAI;oBACFV,MAAM;gBACR;gBACAW,mBAAmB;oBACjBX,MAAM;wBAAC;wBAAS;qBAAO;oBACvBY,OAAO;wBACLZ,MAAM;wBACNQ,sBAAsB;wBACtBC,YAAY;4BACVC,IAAI;gCACFV,MAAM;oCAAC;oCAAU;iCAAO;4BAC1B;4BACAW,mBAAmB;gCACjBX,MAAM;4BACR;wBACF;wBACAC,UAAU;4BAAC;yBAAoB;oBACjC;gBACF;YACF;YACAA,UAAU;gBAAC;aAAK;YAChBY,OAAO;QACT;IACF;IAEAtB,GAAG,6CAA6C;QAC9C,mBAAmB;QACnB,MAAMI,SAAiB;YACrBC,aAAa;gBACX;oBACEC,MAAM;oBACNC,QAAQ;wBACN;4BACEC,MAAM;4BACNC,MAAM;4BACNc,QAAQ,EAAE;wBACZ;wBACA;4BACEf,MAAM;4BACNC,MAAM;4BACNc,QAAQ,EAAE;4BACVb,UAAU;wBACZ;wBACA;4BACEF,MAAM;4BACNC,MAAM;4BACNc,QAAQ;gCACN;oCACEjB,MAAM;oCACNC,QAAQ;wCACN;4CACEC,MAAM;4CACNC,MAAM;wCACR;qCACD;gCACH;6BACD;wBACH;wBACA;4BACED,MAAM;4BACNC,MAAM;4BACNc,QAAQ;gCACN;oCACEjB,MAAM;oCACNC,QAAQ;wCACN;4CACEC,MAAM;4CACNC,MAAM;4CACNC,UAAU;wCACZ;qCACD;gCACH;6BACD;wBACH;qBACD;oBACDC,YAAY;gBACd;aACD;QACH;QAEA,MAAMC,kBAAkB,MAAMV,eAAeE;QAC7C,MAAMS,SAASV,mBAAmBS,iBAAiB;QAEnDX,OAAOY,QAAQC,aAAaC,MAAMC,aAAa,CAAC;YAC9CP,MAAM;YACNQ,sBAAsB;YACtBC,YAAY;gBACVC,IAAI;oBACFV,MAAM;gBACR;gBACAe,YAAY;oBACVf,MAAM;wBAAC;wBAAS;qBAAO;oBACvBY,OAAO,CAAC;gBACV;gBACAI,oBAAoB;oBAClBhB,MAAM;oBACNY,OAAO,CAAC;gBACV;gBACAK,sBAAsB;oBACpBjB,MAAM;wBAAC;wBAAS;qBAAO;oBACvBY,OAAO;wBACLM,OAAO;4BACL;gCACElB,MAAM;gCACNQ,sBAAsB;gCACtBC,YAAY;oCACVC,IAAI;wCACFV,MAAM;4CAAC;4CAAU;yCAAO;oCAC1B;oCACAmB,WAAW;wCACTnB,MAAM;4CAAC;4CAAU;yCAAO;oCAC1B;oCACAoB,WAAW;wCACTC,OAAO;oCACT;oCACAC,OAAO;wCACLtB,MAAM;4CAAC;4CAAU;yCAAO;oCAC1B;gCACF;gCACAC,UAAU;oCAAC;iCAAY;4BACzB;yBACD;oBACH;gBACF;gBACAsB,8BAA8B;oBAC5BvB,MAAM;wBAAC;wBAAS;qBAAO;oBACvBY,OAAO;wBACLM,OAAO;4BACL;gCACElB,MAAM;gCACNQ,sBAAsB;gCACtBC,YAAY;oCACVC,IAAI;wCACFV,MAAM;4CAAC;4CAAU;yCAAO;oCAC1B;oCACAmB,WAAW;wCACTnB,MAAM;4CAAC;4CAAU;yCAAO;oCAC1B;oCACAoB,WAAW;wCACTC,OAAO;oCACT;oCACAC,OAAO;wCACLtB,MAAM;oCACR;gCACF;gCACAC,UAAU;oCAAC;oCAAa;iCAAQ;4BAClC;yBACD;oBACH;gBACF;YACF;YACAA,UAAU;gBAAC;gBAAM;aAAqB;YACtCY,OAAO;QACT;IACF;IAEAtB,GAAG,0DAA0D;QAC3D,mBAAmB;QACnB,MAAMI,SAAiB;YACrBC,aAAa;gBACX;oBACEC,MAAM;oBACNC,QAAQ;wBACN;4BACEE,MAAM;4BACNwB,MAAM;gCACJ;oCACE1B,QAAQ;wCACN;4CACEC,MAAM;4CACNC,MAAM;wCACR;qCACD;oCACDyB,OAAO;gCACT;gCACA;oCACE1B,MAAM;oCACND,QAAQ;wCACN;4CACEC,MAAM;4CACNC,MAAM;wCACR;qCACD;oCACDyB,OAAO;gCACT;gCACA;oCACE1B,MAAM;oCACND,QAAQ;wCACN;4CACEC,MAAM;4CACNC,MAAM;4CACNC,UAAU;wCACZ;qCACD;oCACDwB,OAAO;gCACT;6BACD;wBACH;qBACD;oBACDvB,YAAY;gBACd;aACD;QACH;QAEA,MAAMC,kBAAkB,MAAMV,eAAeE;QAC7C,MAAMS,SAASV,mBAAmBS,iBAAiB;QAEnDX,OAAOY,QAAQC,aAAaC,MAAMC,aAAa,CAAC;YAC9CP,MAAM;YACNQ,sBAAsB;YACtBC,YAAY;gBACVC,IAAI;oBACFV,MAAM;gBACR;gBACA0B,mBAAmB;oBACjB1B,MAAM;wBAAC;wBAAU;qBAAO;gBAC1B;gBACA2B,UAAU;oBACR3B,MAAM;oBACNQ,sBAAsB;oBACtBC,YAAY;wBACVmB,iBAAiB;4BACf5B,MAAM;gCAAC;gCAAU;6BAAO;wBAC1B;oBACF;oBACAC,UAAU,EAAE;gBACd;gBACA4B,sBAAsB;oBACpB7B,MAAM;oBACNQ,sBAAsB;oBACtBC,YAAY;wBACVmB,iBAAiB;4BACf5B,MAAM;wBACR;oBACF;oBACAC,UAAU;wBAAC;qBAAkB;gBAC/B;YACF;YACAA,UAAU;gBAAC;gBAAM;aAAuB;YACxCY,OAAO;QACT;IACF;IAEAtB,GAAG,gEAAgE;QACjE,MAAMuC,eAA4B;YAChC9B,MAAM;YACNS,YAAY;gBACVC,IAAI;oBACFV,MAAM;gBACR;gBACAC,UAAU;oBAAC;iBAAK;YAClB;QACF;QAEA,MAAMN,SAA0B;YAC9BC,aAAa;gBACX;oBACEC,MAAM;oBACNC,QAAQ;wBACN;4BACEC,MAAM;4BACNC,MAAM;4BACN+B,kBAAkB;gCAAC,IAAMD;6BAAa;wBACxC;wBACA;4BACE/B,MAAM;4BACNC,MAAM;4BACNgC,YAAY;gCACVC,WAAW;oCAAC;iCAAiB;gCAC7B7B,QAAQ0B;gCACRI,KAAK;4BACP;wBACF;qBACD;oBACDhC,YAAY;gBACd;aACD;QACH;QAEA,MAAMC,kBAAkB,MAAMV,eAAeE;QAC7C,MAAMS,SAASV,mBAAmBS,iBAAiB;QAEnDX,OAAOY,QAAQC,aAAaC,MAAMC,aAAa,CAAC;YAC9CP,MAAM;YACNQ,sBAAsB;YACtBC,YAAY;gBACVC,IAAI;oBACFV,MAAM;gBACR;gBACAmC,gBAAgBL;gBAChBM,YAAYN;YACd;YACA7B,UAAU;gBAAC;aAAK;YAChBY,OAAO;QACT;IACF;IAEAtB,GAAG,yFAAyF;QAC1F,MAAM8C,cAAqB;YACzBxC,MAAM;YACNyC,eAAe;YACfxC,QAAQ;gBACN;oBACEC,MAAM;oBACNC,MAAM;oBACNuC,QAAQ;wBACN,wBAAwB;wBACxB,OAAO;4BACLC,eAAe;4BACfC,gBAAgB;4BAChBC,UAAU,IAAM;wBAClB;oBACF;gBACF;aACD;QACH;QAEA,mBAAmB;QACnB,MAAM/C,SAAiB;YACrBmB,QAAQ;gBAACuB;aAAY;YACrBzC,aAAa;gBACX;oBACEC,MAAM;oBACNC,QAAQ;wBACN;4BACEC,MAAM;4BACNC,MAAM;4BACNc,QAAQ;gCAACuB;6BAAY;wBACvB;qBACD;oBACDnC,YAAY;gBACd;aACD;QACH;QAEA,6CAA6C;QAC7C,MAAMC,kBAAkB,MAAMV,eAAeE;QAC7CH,OAAO,OAAQW,iBAAiBW,QAAQ,CAAC,EAAE,EAAEhB,QAAQ,CAAC,EAAE,EAAoByC,QAAQI,IAAI,CACtF;QAEFnD,OACE,OACGW,gBAAgBP,WAAW,CAAC,EAAE,CAACE,MAAM,CAAC,EAAE,EAAkBgB,QAAQ,CAAC,EAAE,EAClEhB,QAAQ,CAAC,EAAE,EACdyC,QACHI,IAAI,CAAC;QAEP,MAAMvC,SAASV,mBAAmBS,iBAAiB;QAEnD,MAAMyC,sBAAsB;YAC1B5C,MAAM;YACNQ,sBAAsB;YACtBC,YAAY;gBACVC,IAAI;oBAAEV,MAAM;wBAAC;wBAAU;qBAAO;gBAAC;gBAC/BmB,WAAW;oBAAEnB,MAAM;wBAAC;wBAAU;qBAAO;gBAAC;gBACtCoB,WAAW;oBAAEC,OAAO;gBAAc;gBAClCwB,UAAU;oBAAE7C,MAAM;wBAAC;wBAAS;qBAAO;oBAAEY,OAAO;wBAAEZ,MAAM;oBAAS;gBAAE;YACjE;YACAC,UAAU;gBAAC;aAAY;QACzB;QAEAT,OAAOY,QAAQC,aAAaC,MAAMC,aAAa,CAAC;YAC9CP,MAAM;YACNQ,sBAAsB;YACtBK,OAAO;YACPJ,YAAY;gBACVC,IAAI;oBACFV,MAAM;gBACR;gBACA8C,gBAAgB;oBACd9C,MAAM;wBAAC;wBAAS;qBAAO;oBACvBY,OAAO;wBACLM,OAAO;4BACL;gCACE6B,MAAM;4BACR;yBACD;oBACH;gBACF;YACF;YACA9C,UAAU;gBAAC;aAAK;QAClB;QAEA,2EAA2E;QAC3ET,OAAOY,QAAQC,aAAa2C,aAAazC,aAAa,CAACqC;IACzD;IAEArD,GAAG,6CAA6C;QAC9C,mBAAmB;QACnB,MAAMI,SAAiB;YACrBC,aAAa;gBACX;oBACEC,MAAM;oBACNC,QAAQ;wBACN;4BACEC,MAAM;4BACNC,MAAM;4BACNC,UAAU;4BACVgD,cAAc;4BACdlB,kBAAkB;gCAChB,IAAO,CAAA;wCACL/B,MAAM;wCACNC,UAAU;oCACZ,CAAA;6BACD;wBACH;qBACD;oBACDC,YAAY;gBACd;aACD;QACH;QAEA,MAAMC,kBAAkB,MAAMV,eAAeE;QAC7C,MAAMS,SAASV,mBAAmBS,iBAAiB;QAEnD,mBAAmB;QACnBX,OAAOY,OAAOC,WAAW,CAACC,IAAI,CAACG,UAAU,CAACI,KAAK,CAACZ,QAAQ,EAAEM,aAAa,CAAC;IAC1E;IAEAhB,GAAG,2EAA2E;QAC5E,MAAM2D,aAAoB;YACxBrD,MAAM;YACNyC,eAAe;YACfxC,QAAQ;gBAAC;oBAAEC,MAAM;oBAAQC,MAAM;gBAAO;aAAE;QAC1C;QAEA,mBAAmB;QACnB,MAAML,SAAiB;YACrBC,aAAa;gBACX;oBACEC,MAAM;oBACNC,QAAQ;wBACN;4BACEC,MAAM;4BACNC,MAAM;4BACNF,QAAQ;gCAAC;oCAAEC,MAAM;oCAAUC,MAAM;oCAAUc,QAAQ;wCAACoC;qCAAW;gCAAC;6BAAE;wBACpE;wBACA;4BACEnD,MAAM;4BACNC,MAAM;4BACNF,QAAQ;gCAAC;oCAAEC,MAAM;oCAAUC,MAAM;oCAAUc,QAAQ;wCAACoC;qCAAW;gCAAC;6BAAE;wBACpE;qBACD;oBACDhD,YAAY;gBACd;aACD;QACH;QAEA,MAAMC,kBAAkB,MAAMV,eAAeE;QAE7C,oDAAoD;QACpD,MAAMwD,gBAAgBzD,mBAAmBS,iBAAiB;QAC1D,MAAMiD,kBAAkBD,cAAc9C,WAAW,CAAEC,IAAI,CAACG,UAAU,CAAE4C,GAAG,CAACzC,KAAK;QAC7E,MAAM0C,mBAAmB,AAACF,gBAAgB3C,UAAU,CAAEK,MAAM,CAACF,KAAK,CAAiBM,KAAK,AAAC,CAAC,EAAE;QAC5F1B,OAAO8D,kBAAkB/C,aAAa,CAAC;YAAEwC,MAAM;QAAwB;QAEvE,2DAA2D;QAC3D,MAAMQ,eAAe7D,mBAAmBS,iBAAiB,QAAQqD,WAAW;YAC1EC,mBAAmB;QACrB;QACA,MAAMC,iBAAiBH,aAAalD,WAAW,CAAEC,IAAI,CAACG,UAAU,CAAE4C,GAAG,CAACzC,KAAK;QAC3E,MAAM+C,kBAAkB,AAACD,eAAejD,UAAU,CAAEK,MAAM,CAACF,KAAK,CAAiBM,KAAK,AAAC,CAAC,EAAE;QAC1F1B,OAAOmE,iBAAiBC,GAAG,CAACC,cAAc,CAAC;QAC3CrE,OAAOmE,gBAAgBlD,UAAU,EAAEW,WAAWb,aAAa,CAAC;YAAEc,OAAO;QAAU;QAE/E,MAAMyC,kBAAkB,AACtBP,aAAalD,WAAW,CAAEC,IAAI,CAACG,UAAU,CAAEsD,GAAG,CAACtD,UAAU,CAAEK,MAAM,CAACF,KAAK,CACvEM,KAAK,AAAC,CAAC,EAAE;QACX1B,OAAOsE,iBAAiBF,GAAG,CAACC,cAAc,CAAC;QAC3CrE,OAAOsE,gBAAgBrD,UAAU,EAAEW,WAAWb,aAAa,CAAC;YAAEc,OAAO;QAAU;IACjF;AACF"}

package/dist/utilities/getRequestOrigin.d.ts

@@ -0,0 +1,10 @@
+import type { SanitizedConfig } from '../config/types.js';
+import type { PayloadRequest } from '../types/index.js';
+/**
+ * Returns a trusted request origin
+ */
+export declare const getRequestOrigin: ({ config, req, }: {
+    config: Pick<SanitizedConfig, "cors" | "csrf" | "serverURL">;
+    req: Pick<PayloadRequest, "headers" | "payload" | "url">;
+}) => string;
+//# sourceMappingURL=getRequestOrigin.d.ts.map

package/dist/utilities/getRequestOrigin.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"getRequestOrigin.d.ts","sourceRoot":"","sources":["../../src/utilities/getRequestOrigin.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAc,eAAe,EAAE,MAAM,oBAAoB,CAAA;AACrE,OAAO,KAAK,EAAE,cAAc,EAAE,MAAM,mBAAmB,CAAA;AA8BvD;;GAEG;AACH,eAAO,MAAM,gBAAgB,qBAG1B;IACD,MAAM,EAAE,IAAI,CAAC,eAAe,EAAE,MAAM,GAAG,MAAM,GAAG,WAAW,CAAC,CAAA;IAC5D,GAAG,EAAE,IAAI,CAAC,cAAc,EAAE,SAAS,GAAG,SAAS,GAAG,KAAK,CAAC,CAAA;CACzD,KAAG,MA4BH,CAAA"}

package/dist/utilities/getRequestOrigin.js

@@ -0,0 +1,50 @@
+const getTrustedOrigins = (config)=>{
+    const origins = new Set();
+    const { cors, csrf } = config;
+    if (cors === '*') {
+        return null;
+    }
+    if (Array.isArray(cors)) {
+        cors.forEach((o)=>origins.add(o));
+    } else if (cors && typeof cors === 'object') {
+        const corsOrigins = cors.origins;
+        if (corsOrigins === '*') {
+            return null;
+        }
+        if (Array.isArray(corsOrigins)) {
+            corsOrigins.forEach((o)=>origins.add(o));
+        }
+    }
+    if (Array.isArray(csrf)) {
+        csrf.forEach((o)=>origins.add(o));
+    }
+    return [
+        ...origins
+    ];
+};
+/**
+ * Returns a trusted request origin
+ */ export const getRequestOrigin = ({ config, req })=>{
+    if (config.serverURL !== null && config.serverURL !== '') {
+        return config.serverURL;
+    }
+    let origin = '';
+    try {
+        const protocol = new URL(req.url).protocol;
+        const host = req.headers?.get('host');
+        if (host) {
+            origin = `${protocol}//${host}`;
+        }
+    } catch  {
+    // req.url is malformed; origin stays empty
+    }
+    const trustedOrigins = getTrustedOrigins(config);
+    if (trustedOrigins !== null && origin && trustedOrigins.includes(origin)) {
+        // Host header value is explicitly listed in the CORS/CSRF allowlist — safe to use.
+        return origin;
+    }
+    req.payload.logger.warn(`Request origin "${origin}" is not in the CORS/CSRF allowlist. Falling back to empty string as request origin. It is recommended to explicitly set the serverURL in the config to avoid this warning and ensure correct request origin is used.`);
+    return '';
+};
+
+//# sourceMappingURL=getRequestOrigin.js.map

package/dist/utilities/getRequestOrigin.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/utilities/getRequestOrigin.ts"],"sourcesContent":["import type { CORSConfig, SanitizedConfig } from '../config/types.js'\nimport type { PayloadRequest } from '../types/index.js'\n\nconst getTrustedOrigins = (config: Pick<SanitizedConfig, 'cors' | 'csrf'>): null | string[] => {\n  const origins = new Set<string>()\n\n  const { cors, csrf } = config\n\n  if (cors === '*') {\n    return null\n  }\n\n  if (Array.isArray(cors)) {\n    cors.forEach((o) => origins.add(o))\n  } else if (cors && typeof cors === 'object') {\n    const corsOrigins = (cors as CORSConfig).origins\n    if (corsOrigins === '*') {\n      return null\n    }\n    if (Array.isArray(corsOrigins)) {\n      corsOrigins.forEach((o) => origins.add(o))\n    }\n  }\n\n  if (Array.isArray(csrf)) {\n    csrf.forEach((o) => origins.add(o))\n  }\n\n  return [...origins]\n}\n\n/**\n * Returns a trusted request origin\n */\nexport const getRequestOrigin = ({\n  config,\n  req,\n}: {\n  config: Pick<SanitizedConfig, 'cors' | 'csrf' | 'serverURL'>\n  req: Pick<PayloadRequest, 'headers' | 'payload' | 'url'>\n}): string => {\n  if (config.serverURL !== null && config.serverURL !== '') {\n    return config.serverURL\n  }\n\n  let origin = ''\n  try {\n    const protocol = new URL(req.url!).protocol\n    const host = req.headers?.get('host')\n    if (host) {\n      origin = `${protocol}//${host}`\n    }\n  } catch {\n    // req.url is malformed; origin stays empty\n  }\n\n  const trustedOrigins = getTrustedOrigins(config)\n\n  if (trustedOrigins !== null && origin && trustedOrigins.includes(origin)) {\n    // Host header value is explicitly listed in the CORS/CSRF allowlist — safe to use.\n    return origin\n  }\n\n  req.payload.logger.warn(\n    `Request origin \"${origin}\" is not in the CORS/CSRF allowlist. Falling back to empty string as request origin. It is recommended to explicitly set the serverURL in the config to avoid this warning and ensure correct request origin is used.`,\n  )\n\n  return ''\n}\n"],"names":["getTrustedOrigins","config","origins","Set","cors","csrf","Array","isArray","forEach","o","add","corsOrigins","getRequestOrigin","req","serverURL","origin","protocol","URL","url","host","headers","get","trustedOrigins","includes","payload","logger","warn"],"mappings":"AAGA,MAAMA,oBAAoB,CAACC;IACzB,MAAMC,UAAU,IAAIC;IAEpB,MAAM,EAAEC,IAAI,EAAEC,IAAI,EAAE,GAAGJ;IAEvB,IAAIG,SAAS,KAAK;QAChB,OAAO;IACT;IAEA,IAAIE,MAAMC,OAAO,CAACH,OAAO;QACvBA,KAAKI,OAAO,CAAC,CAACC,IAAMP,QAAQQ,GAAG,CAACD;IAClC,OAAO,IAAIL,QAAQ,OAAOA,SAAS,UAAU;QAC3C,MAAMO,cAAc,AAACP,KAAoBF,OAAO;QAChD,IAAIS,gBAAgB,KAAK;YACvB,OAAO;QACT;QACA,IAAIL,MAAMC,OAAO,CAACI,cAAc;YAC9BA,YAAYH,OAAO,CAAC,CAACC,IAAMP,QAAQQ,GAAG,CAACD;QACzC;IACF;IAEA,IAAIH,MAAMC,OAAO,CAACF,OAAO;QACvBA,KAAKG,OAAO,CAAC,CAACC,IAAMP,QAAQQ,GAAG,CAACD;IAClC;IAEA,OAAO;WAAIP;KAAQ;AACrB;AAEA;;CAEC,GACD,OAAO,MAAMU,mBAAmB,CAAC,EAC/BX,MAAM,EACNY,GAAG,EAIJ;IACC,IAAIZ,OAAOa,SAAS,KAAK,QAAQb,OAAOa,SAAS,KAAK,IAAI;QACxD,OAAOb,OAAOa,SAAS;IACzB;IAEA,IAAIC,SAAS;IACb,IAAI;QACF,MAAMC,WAAW,IAAIC,IAAIJ,IAAIK,GAAG,EAAGF,QAAQ;QAC3C,MAAMG,OAAON,IAAIO,OAAO,EAAEC,IAAI;QAC9B,IAAIF,MAAM;YACRJ,SAAS,GAAGC,SAAS,EAAE,EAAEG,MAAM;QACjC;IACF,EAAE,OAAM;IACN,2CAA2C;IAC7C;IAEA,MAAMG,iBAAiBtB,kBAAkBC;IAEzC,IAAIqB,mBAAmB,QAAQP,UAAUO,eAAeC,QAAQ,CAACR,SAAS;QACxE,mFAAmF;QACnF,OAAOA;IACT;IAEAF,IAAIW,OAAO,CAACC,MAAM,CAACC,IAAI,CACrB,CAAC,gBAAgB,EAAEX,OAAO,qNAAqN,CAAC;IAGlP,OAAO;AACT,EAAC"}

package/dist/utilities/getRequestOrigin.spec.js

@@ -0,0 +1,151 @@
+import { describe, expect, it } from 'vitest';
+import { getRequestOrigin } from './getRequestOrigin';
+const makeReq = (url, hostOverride)=>{
+    let host = hostOverride;
+    if (host === undefined) {
+        try {
+            host = new URL(url).host;
+        } catch  {
+            host = undefined;
+        }
+    }
+    return {
+        url,
+        headers: new Headers(host !== undefined ? {
+            host
+        } : {}),
+        payload: {
+            logger: {
+                warn: ()=>{}
+            }
+        }
+    };
+};
+describe('getRequestOrigin', ()=>{
+    describe('when config.serverURL is set', ()=>{
+        it('should return serverURL regardless of Host header', ()=>{
+            const req = makeReq('https://ignored.com/api/forgot-password', 'attacker.com');
+            const result = getRequestOrigin({
+                config: {
+                    serverURL: 'https://myapp.com',
+                    cors: '*',
+                    csrf: []
+                },
+                req
+            });
+            expect(result).toBe('https://myapp.com');
+        });
+    });
+    describe('when config.serverURL is not set', ()=>{
+        describe('CORS allowlist validation', ()=>{
+            it('should return origin when Host header matches a CORS string array entry', ()=>{
+                const req = makeReq('https://myapp.com/api/forgot-password');
+                const result = getRequestOrigin({
+                    config: {
+                        serverURL: '',
+                        cors: [
+                            'https://myapp.com',
+                            'https://other.com'
+                        ],
+                        csrf: []
+                    },
+                    req
+                });
+                expect(result).toBe('https://myapp.com');
+            });
+            it('should return origin when Host header matches a CORSConfig origins entry', ()=>{
+                const req = makeReq('https://myapp.com/api/verify');
+                const result = getRequestOrigin({
+                    config: {
+                        serverURL: '',
+                        cors: {
+                            headers: [],
+                            origins: [
+                                'https://myapp.com'
+                            ]
+                        },
+                        csrf: []
+                    },
+                    req
+                });
+                expect(result).toBe('https://myapp.com');
+            });
+            it('should return empty string when Host header is forged and not in CORS allowlist', ()=>{
+                const req = makeReq('https://myapp.com/api/forgot-password', 'attacker.com');
+                const result = getRequestOrigin({
+                    config: {
+                        serverURL: '',
+                        cors: [
+                            'https://myapp.com'
+                        ],
+                        csrf: []
+                    },
+                    req
+                });
+                expect(result).toBe('');
+            });
+        });
+        describe('CSRF allowlist validation', ()=>{
+            it('should return origin when Host header matches a CSRF entry', ()=>{
+                const req = makeReq('https://myapp.com/api/verify');
+                const result = getRequestOrigin({
+                    config: {
+                        serverURL: '',
+                        cors: [],
+                        csrf: [
+                            'https://myapp.com'
+                        ]
+                    },
+                    req
+                });
+                expect(result).toBe('https://myapp.com');
+            });
+            it('should return origin when Host header is in CSRF but not in CORS', ()=>{
+                const req = makeReq('https://myapp.com/api/verify');
+                const result = getRequestOrigin({
+                    config: {
+                        serverURL: '',
+                        cors: [
+                            'https://other.com'
+                        ],
+                        csrf: [
+                            'https://myapp.com'
+                        ]
+                    },
+                    req
+                });
+                expect(result).toBe('https://myapp.com');
+            });
+        });
+        describe('malformed or missing Host header', ()=>{
+            it('should return empty string when req.url is not a valid URL', ()=>{
+                const req = makeReq('not-a-url');
+                const result = getRequestOrigin({
+                    config: {
+                        serverURL: '',
+                        cors: [],
+                        csrf: []
+                    },
+                    req
+                });
+                expect(result).toBe('');
+            });
+            it('should return empty string when Host header is absent', ()=>{
+                const req = makeReq('https://myapp.com/api/forgot-password', '');
+                const result = getRequestOrigin({
+                    config: {
+                        serverURL: '',
+                        cors: [
+                            'https://myapp.com'
+                        ],
+                        csrf: []
+                    },
+                    req
+                });
+                expect(result).toBe('');
+            });
+        });
+    });
+});
+
+//# sourceMappingURL=getRequestOrigin.spec.js.map

package/dist/utilities/getRequestOrigin.spec.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/utilities/getRequestOrigin.spec.ts"],"sourcesContent":["import type { PayloadRequest } from '../types/index.js'\n\nimport { describe, expect, it } from 'vitest'\n\nimport { getRequestOrigin } from './getRequestOrigin'\n\ntype MinimalReq = Pick<PayloadRequest, 'headers' | 'payload' | 'url'>\n\nconst makeReq = (url: string, hostOverride?: string): MinimalReq => {\n  let host = hostOverride\n  if (host === undefined) {\n    try {\n      host = new URL(url).host\n    } catch {\n      host = undefined\n    }\n  }\n  return {\n    url,\n    headers: new Headers(host !== undefined ? { host } : {}),\n    payload: {\n      logger: {\n        warn: () => {},\n      },\n    },\n  } as unknown as MinimalReq\n}\n\ndescribe('getRequestOrigin', () => {\n  describe('when config.serverURL is set', () => {\n    it('should return serverURL regardless of Host header', () => {\n      const req = makeReq('https://ignored.com/api/forgot-password', 'attacker.com')\n      const result = getRequestOrigin({\n        config: { serverURL: 'https://myapp.com', cors: '*', csrf: [] },\n        req,\n      })\n      expect(result).toBe('https://myapp.com')\n    })\n  })\n\n  describe('when config.serverURL is not set', () => {\n    describe('CORS allowlist validation', () => {\n      it('should return origin when Host header matches a CORS string array entry', () => {\n        const req = makeReq('https://myapp.com/api/forgot-password')\n        const result = getRequestOrigin({\n          config: { serverURL: '', cors: ['https://myapp.com', 'https://other.com'], csrf: [] },\n          req,\n        })\n        expect(result).toBe('https://myapp.com')\n      })\n\n      it('should return origin when Host header matches a CORSConfig origins entry', () => {\n        const req = makeReq('https://myapp.com/api/verify')\n        const result = getRequestOrigin({\n          config: {\n            serverURL: '',\n            cors: { headers: [], origins: ['https://myapp.com'] },\n            csrf: [],\n          },\n          req,\n        })\n        expect(result).toBe('https://myapp.com')\n      })\n\n      it('should return empty string when Host header is forged and not in CORS allowlist', () => {\n        const req = makeReq('https://myapp.com/api/forgot-password', 'attacker.com')\n        const result = getRequestOrigin({\n          config: { serverURL: '', cors: ['https://myapp.com'], csrf: [] },\n          req,\n        })\n        expect(result).toBe('')\n      })\n    })\n\n    describe('CSRF allowlist validation', () => {\n      it('should return origin when Host header matches a CSRF entry', () => {\n        const req = makeReq('https://myapp.com/api/verify')\n        const result = getRequestOrigin({\n          config: { serverURL: '', cors: [], csrf: ['https://myapp.com'] },\n          req,\n        })\n        expect(result).toBe('https://myapp.com')\n      })\n\n      it('should return origin when Host header is in CSRF but not in CORS', () => {\n        const req = makeReq('https://myapp.com/api/verify')\n        const result = getRequestOrigin({\n          config: {\n            serverURL: '',\n            cors: ['https://other.com'],\n            csrf: ['https://myapp.com'],\n          },\n          req,\n        })\n        expect(result).toBe('https://myapp.com')\n      })\n    })\n\n    describe('malformed or missing Host header', () => {\n      it('should return empty string when req.url is not a valid URL', () => {\n        const req = makeReq('not-a-url')\n        const result = getRequestOrigin({\n          config: { serverURL: '', cors: [], csrf: [] },\n          req,\n        })\n        expect(result).toBe('')\n      })\n\n      it('should return empty string when Host header is absent', () => {\n        const req = makeReq('https://myapp.com/api/forgot-password', '')\n        const result = getRequestOrigin({\n          config: { serverURL: '', cors: ['https://myapp.com'], csrf: [] },\n          req,\n        })\n        expect(result).toBe('')\n      })\n    })\n  })\n})\n"],"names":["describe","expect","it","getRequestOrigin","makeReq","url","hostOverride","host","undefined","URL","headers","Headers","payload","logger","warn","req","result","config","serverURL","cors","csrf","toBe","origins"],"mappings":"AAEA,SAASA,QAAQ,EAAEC,MAAM,EAAEC,EAAE,QAAQ,SAAQ;AAE7C,SAASC,gBAAgB,QAAQ,qBAAoB;AAIrD,MAAMC,UAAU,CAACC,KAAaC;IAC5B,IAAIC,OAAOD;IACX,IAAIC,SAASC,WAAW;QACtB,IAAI;YACFD,OAAO,IAAIE,IAAIJ,KAAKE,IAAI;QAC1B,EAAE,OAAM;YACNA,OAAOC;QACT;IACF;IACA,OAAO;QACLH;QACAK,SAAS,IAAIC,QAAQJ,SAASC,YAAY;YAAED;QAAK,IAAI,CAAC;QACtDK,SAAS;YACPC,QAAQ;gBACNC,MAAM,KAAO;YACf;QACF;IACF;AACF;AAEAd,SAAS,oBAAoB;IAC3BA,SAAS,gCAAgC;QACvCE,GAAG,qDAAqD;YACtD,MAAMa,MAAMX,QAAQ,2CAA2C;YAC/D,MAAMY,SAASb,iBAAiB;gBAC9Bc,QAAQ;oBAAEC,WAAW;oBAAqBC,MAAM;oBAAKC,MAAM,EAAE;gBAAC;gBAC9DL;YACF;YACAd,OAAOe,QAAQK,IAAI,CAAC;QACtB;IACF;IAEArB,SAAS,oCAAoC;QAC3CA,SAAS,6BAA6B;YACpCE,GAAG,2EAA2E;gBAC5E,MAAMa,MAAMX,QAAQ;gBACpB,MAAMY,SAASb,iBAAiB;oBAC9Bc,QAAQ;wBAAEC,WAAW;wBAAIC,MAAM;4BAAC;4BAAqB;yBAAoB;wBAAEC,MAAM,EAAE;oBAAC;oBACpFL;gBACF;gBACAd,OAAOe,QAAQK,IAAI,CAAC;YACtB;YAEAnB,GAAG,4EAA4E;gBAC7E,MAAMa,MAAMX,QAAQ;gBACpB,MAAMY,SAASb,iBAAiB;oBAC9Bc,QAAQ;wBACNC,WAAW;wBACXC,MAAM;4BAAET,SAAS,EAAE;4BAAEY,SAAS;gCAAC;6BAAoB;wBAAC;wBACpDF,MAAM,EAAE;oBACV;oBACAL;gBACF;gBACAd,OAAOe,QAAQK,IAAI,CAAC;YACtB;YAEAnB,GAAG,mFAAmF;gBACpF,MAAMa,MAAMX,QAAQ,yCAAyC;gBAC7D,MAAMY,SAASb,iBAAiB;oBAC9Bc,QAAQ;wBAAEC,WAAW;wBAAIC,MAAM;4BAAC;yBAAoB;wBAAEC,MAAM,EAAE;oBAAC;oBAC/DL;gBACF;gBACAd,OAAOe,QAAQK,IAAI,CAAC;YACtB;QACF;QAEArB,SAAS,6BAA6B;YACpCE,GAAG,8DAA8D;gBAC/D,MAAMa,MAAMX,QAAQ;gBACpB,MAAMY,SAASb,iBAAiB;oBAC9Bc,QAAQ;wBAAEC,WAAW;wBAAIC,MAAM,EAAE;wBAAEC,MAAM;4BAAC;yBAAoB;oBAAC;oBAC/DL;gBACF;gBACAd,OAAOe,QAAQK,IAAI,CAAC;YACtB;YAEAnB,GAAG,oEAAoE;gBACrE,MAAMa,MAAMX,QAAQ;gBACpB,MAAMY,SAASb,iBAAiB;oBAC9Bc,QAAQ;wBACNC,WAAW;wBACXC,MAAM;4BAAC;yBAAoB;wBAC3BC,MAAM;4BAAC;yBAAoB;oBAC7B;oBACAL;gBACF;gBACAd,OAAOe,QAAQK,IAAI,CAAC;YACtB;QACF;QAEArB,SAAS,oCAAoC;YAC3CE,GAAG,8DAA8D;gBAC/D,MAAMa,MAAMX,QAAQ;gBACpB,MAAMY,SAASb,iBAAiB;oBAC9Bc,QAAQ;wBAAEC,WAAW;wBAAIC,MAAM,EAAE;wBAAEC,MAAM,EAAE;oBAAC;oBAC5CL;gBACF;gBACAd,OAAOe,QAAQK,IAAI,CAAC;YACtB;YAEAnB,GAAG,yDAAyD;gBAC1D,MAAMa,MAAMX,QAAQ,yCAAyC;gBAC7D,MAAMY,SAASb,iBAAiB;oBAC9Bc,QAAQ;wBAAEC,WAAW;wBAAIC,MAAM;4BAAC;yBAAoB;wBAAEC,MAAM,EAAE;oBAAC;oBAC/DL;gBACF;gBACAd,OAAOe,QAAQK,IAAI,CAAC;YACtB;QACF;IACF;AACF"}

package/dist/utilities/sanitizeUrl.d.ts

@@ -0,0 +1,7 @@
+/**
+ * Sanitizes a URL to ensure only allowed protocols are used.
+ * Allows: http, https, mailto, tel, relative paths, and fragment (#) URLs.
+ * Returns '#' for any URL with a disallowed protocol (e.g. javascript:, data:).
+ */
+export declare function sanitizeUrl(url: string): string;
+//# sourceMappingURL=sanitizeUrl.d.ts.map

package/dist/utilities/sanitizeUrl.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sanitizeUrl.d.ts","sourceRoot":"","sources":["../../src/utilities/sanitizeUrl.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AACH,wBAAgB,WAAW,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAgC/C"}

package/dist/utilities/sanitizeUrl.js

@@ -0,0 +1,28 @@
+/**
+ * Sanitizes a URL to ensure only allowed protocols are used.
+ * Allows: http, https, mailto, tel, relative paths, and fragment (#) URLs.
+ * Returns '#' for any URL with a disallowed protocol (e.g. javascript:, data:).
+ */ export function sanitizeUrl(url) {
+    if (!url) {
+        return '';
+    }
+    const trimmed = url.trim();
+    // eslint-disable-next-line no-control-regex
+    const cleaned = trimmed.replace(/[\x00-\x1f\x7f]/g, '');
+    if (cleaned.startsWith('#')) {
+        return cleaned;
+    }
+    if (cleaned.startsWith('/') || cleaned.startsWith('./') || cleaned.startsWith('../')) {
+        return cleaned;
+    }
+    const protocolMatch = cleaned.match(/^([a-z][a-z0-9+\-.]*):(?=.)/i);
+    if (protocolMatch) {
+        const protocol = protocolMatch[1].toLowerCase();
+        if (protocol !== 'http' && protocol !== 'https' && protocol !== 'mailto' && protocol !== 'tel') {
+            return '#';
+        }
+    }
+    return cleaned;
+}
+
+//# sourceMappingURL=sanitizeUrl.js.map

package/dist/utilities/sanitizeUrl.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":["../../src/utilities/sanitizeUrl.ts"],"sourcesContent":["/**\n * Sanitizes a URL to ensure only allowed protocols are used.\n * Allows: http, https, mailto, tel, relative paths, and fragment (#) URLs.\n * Returns '#' for any URL with a disallowed protocol (e.g. javascript:, data:).\n */\nexport function sanitizeUrl(url: string): string {\n  if (!url) {\n    return ''\n  }\n\n  const trimmed = url.trim()\n\n  // eslint-disable-next-line no-control-regex\n  const cleaned = trimmed.replace(/[\\x00-\\x1f\\x7f]/g, '')\n\n  if (cleaned.startsWith('#')) {\n    return cleaned\n  }\n\n  if (cleaned.startsWith('/') || cleaned.startsWith('./') || cleaned.startsWith('../')) {\n    return cleaned\n  }\n\n  const protocolMatch = cleaned.match(/^([a-z][a-z0-9+\\-.]*):(?=.)/i)\n  if (protocolMatch) {\n    const protocol = protocolMatch[1]!.toLowerCase()\n    if (\n      protocol !== 'http' &&\n      protocol !== 'https' &&\n      protocol !== 'mailto' &&\n      protocol !== 'tel'\n    ) {\n      return '#'\n    }\n  }\n\n  return cleaned\n}\n"],"names":["sanitizeUrl","url","trimmed","trim","cleaned","replace","startsWith","protocolMatch","match","protocol","toLowerCase"],"mappings":"AAAA;;;;CAIC,GACD,OAAO,SAASA,YAAYC,GAAW;IACrC,IAAI,CAACA,KAAK;QACR,OAAO;IACT;IAEA,MAAMC,UAAUD,IAAIE,IAAI;IAExB,4CAA4C;IAC5C,MAAMC,UAAUF,QAAQG,OAAO,CAAC,oBAAoB;IAEpD,IAAID,QAAQE,UAAU,CAAC,MAAM;QAC3B,OAAOF;IACT;IAEA,IAAIA,QAAQE,UAAU,CAAC,QAAQF,QAAQE,UAAU,CAAC,SAASF,QAAQE,UAAU,CAAC,QAAQ;QACpF,OAAOF;IACT;IAEA,MAAMG,gBAAgBH,QAAQI,KAAK,CAAC;IACpC,IAAID,eAAe;QACjB,MAAME,WAAWF,aAAa,CAAC,EAAE,CAAEG,WAAW;QAC9C,IACED,aAAa,UACbA,aAAa,WACbA,aAAa,YACbA,aAAa,OACb;YACA,OAAO;QACT;IACF;IAEA,OAAOL;AACT"}

package/dist/versions/saveVersion.d.ts

@@ -16,6 +16,7 @@ type Args<T extends JsonObject = JsonObject> = {
     returning?: boolean;
     select?: SelectType;
     snapshot?: any;
+    unpublish?: boolean;
 };
 export declare function saveVersion<TData extends JsonObject = JsonObject>(args: {
     returning: false;

package/dist/versions/saveVersion.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"saveVersion.d.ts","sourceRoot":"","sources":["../../src/versions/saveVersion.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAA;AAC/E,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAA;AACvE,OAAO,KAAK,EAA8C,OAAO,EAAE,MAAM,aAAa,CAAA;AACtF,OAAO,KAAK,EAAE,UAAU,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAS/E,KAAK,IAAI,CAAC,CAAC,SAAS,UAAU,GAAG,UAAU,IAAI;IAC7C,QAAQ,CAAC,EAAE,OAAO,CAAA;IAClB,UAAU,CAAC,EAAE,yBAAyB,CAAA;IACtC,cAAc,EAAE,CAAC,CAAA;IACjB,KAAK,CAAC,EAAE,OAAO,CAAA;IACf,MAAM,CAAC,EAAE,qBAAqB,CAAA;IAC9B,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAAA;IACpB,SAAS,CAAC,EAAE,QAAQ,GAAG,gBAAgB,GAAG,QAAQ,CAAA;IAClD,OAAO,EAAE,OAAO,CAAA;IAChB,qBAAqB,CAAC,EAAE,MAAM,CAAA;IAC9B,GAAG,CAAC,EAAE,cAAc,CAAA;IACpB,SAAS,CAAC,EAAE,OAAO,CAAA;IACnB,MAAM,CAAC,EAAE,UAAU,CAAA;IACnB,QAAQ,CAAC,EAAE,GAAG,CAAA;CACf,CAAA;AAED,wBAAsB,WAAW,CAAC,KAAK,SAAS,UAAU,GAAG,UAAU,EACrE,IAAI,EAAE;IAAE,SAAS,EAAE,KAAK,CAAA;CAAE,GAAG,IAAI,CAAC,KAAK,CAAC,GACvC,OAAO,CAAC,IAAI,CAAC,CAAA;AAChB,wBAAsB,WAAW,CAAC,KAAK,SAAS,UAAU,GAAG,UAAU,EACrE,IAAI,EAAE;IAAE,SAAS,EAAE,IAAI,CAAA;CAAE,GAAG,IAAI,CAAC,KAAK,CAAC,GACtC,OAAO,CAAC,UAAU,CAAC,CAAA;AACtB,wBAAsB,WAAW,CAAC,KAAK,SAAS,UAAU,GAAG,UAAU,EACrE,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,WAAW,CAAC,GACnC,OAAO,CAAC,UAAU,CAAC,CAAA"}
+{"version":3,"file":"saveVersion.d.ts","sourceRoot":"","sources":["../../src/versions/saveVersion.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,yBAAyB,EAAE,MAAM,gCAAgC,CAAA;AAC/E,OAAO,KAAK,EAAE,qBAAqB,EAAE,MAAM,4BAA4B,CAAA;AACvE,OAAO,KAAK,EAA8C,OAAO,EAAE,MAAM,aAAa,CAAA;AACtF,OAAO,KAAK,EAAE,UAAU,EAAE,cAAc,EAAE,UAAU,EAAE,MAAM,mBAAmB,CAAA;AAU/E,KAAK,IAAI,CAAC,CAAC,SAAS,UAAU,GAAG,UAAU,IAAI;IAC7C,QAAQ,CAAC,EAAE,OAAO,CAAA;IAClB,UAAU,CAAC,EAAE,yBAAyB,CAAA;IACtC,cAAc,EAAE,CAAC,CAAA;IACjB,KAAK,CAAC,EAAE,OAAO,CAAA;IACf,MAAM,CAAC,EAAE,qBAAqB,CAAA;IAC9B,EAAE,CAAC,EAAE,MAAM,GAAG,MAAM,CAAA;IACpB,SAAS,CAAC,EAAE,QAAQ,GAAG,gBAAgB,GAAG,QAAQ,CAAA;IAClD,OAAO,EAAE,OAAO,CAAA;IAChB,qBAAqB,CAAC,EAAE,MAAM,CAAA;IAC9B,GAAG,CAAC,EAAE,cAAc,CAAA;IACpB,SAAS,CAAC,EAAE,OAAO,CAAA;IACnB,MAAM,CAAC,EAAE,UAAU,CAAA;IACnB,QAAQ,CAAC,EAAE,GAAG,CAAA;IACd,SAAS,CAAC,EAAE,OAAO,CAAA;CACpB,CAAA;AAED,wBAAsB,WAAW,CAAC,KAAK,SAAS,UAAU,GAAG,UAAU,EACrE,IAAI,EAAE;IAAE,SAAS,EAAE,KAAK,CAAA;CAAE,GAAG,IAAI,CAAC,KAAK,CAAC,GACvC,OAAO,CAAC,IAAI,CAAC,CAAA;AAChB,wBAAsB,WAAW,CAAC,KAAK,SAAS,UAAU,GAAG,UAAU,EACrE,IAAI,EAAE;IAAE,SAAS,EAAE,IAAI,CAAA;CAAE,GAAG,IAAI,CAAC,KAAK,CAAC,GACtC,OAAO,CAAC,UAAU,CAAC,CAAA;AACtB,wBAAsB,WAAW,CAAC,KAAK,SAAS,UAAU,GAAG,UAAU,EACrE,IAAI,EAAE,IAAI,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,WAAW,CAAC,GACnC,OAAO,CAAC,UAAU,CAAC,CAAA"}

package/dist/versions/saveVersion.js

@@ -4,9 +4,10 @@ import { sanitizeInternalFields } from '../utilities/sanitizeInternalFields.js';
 import { getQueryDraftsSelect } from './drafts/getQueryDraftsSelect.js';
 import { enforceMaxVersions } from './enforceMaxVersions.js';
 import { saveSnapshot } from './saveSnapshot.js';
-export async function saveVersion({ id, autosave, collection, docWithLocales, draft, global, operation, payload, publishSpecificLocale, req, returning, select, snapshot }) {
+import { updateLatestVersion } from './updateLatestVersion.js';
+export async function saveVersion({ id, autosave, collection, docWithLocales, draft, global, operation, payload, publishSpecificLocale, req, returning, select, snapshot, unpublish }) {
     let result;
-    let createNewVersion = true;
+    let createdNewVersion = false;
     const now = new Date().toISOString();
     const versionData = deepCopyObjectSimple(docWithLocales);
     if ((collection?.timestamps || global) && draft) {
@@ -16,71 +17,20 @@ export async function saveVersion({ id, autosave, collection, docWithLocales, dr
         delete versionData._id;
     }
     try {
-        if (autosave) {
-            let docs;
-            const findVersionArgs = {
-                limit: 1,
-                pagination: false,
+        if (unpublish || autosave) {
+            result = await updateLatestVersion({
+                id,
+                collection,
+                global,
+                now,
+                payload,
                 req,
-                sort: '-updatedAt'
-            };
-            if (collection) {
-                ;
-                ({ docs } = await payload.db.findVersions({
-                    ...findVersionArgs,
-                    collection: collection.slug,
-                    limit: 1,
-                    pagination: false,
-                    req,
-                    where: {
-                        parent: {
-                            equals: id
-                        }
-                    }
-                }));
-            } else {
-                ;
-                ({ docs } = await payload.db.findGlobalVersions({
-                    ...findVersionArgs,
-                    global: global.slug,
-                    limit: 1,
-                    pagination: false,
-                    req
-                }));
-            }
-            const [latestVersion] = docs;
-            // overwrite the latest version if it's set to autosave
-            if (latestVersion && 'autosave' in latestVersion && latestVersion.autosave === true) {
-                createNewVersion = false;
-                const updateVersionArgs = {
-                    id: latestVersion.id,
-                    req,
-                    versionData: {
-                        createdAt: new Date(latestVersion.createdAt).toISOString(),
-                        latest: true,
-                        parent: id,
-                        updatedAt: now,
-                        version: {
-                            ...versionData
-                        }
-                    }
-                };
-                if (collection) {
-                    result = await payload.db.updateVersion({
-                        ...updateVersionArgs,
-                        collection: collection.slug,
-                        req
-                    });
-                } else {
-                    result = await payload.db.updateGlobalVersion({
-                        ...updateVersionArgs,
-                        global: global.slug,
-                        req
-                    });
-                }
-            }
+                shouldUpdate: autosave ? (v)=>'autosave' in v && v.autosave === true : undefined,
+                versionData
+            });
         }
-        if (createNewVersion) {
+        if (!result) {
+            createdNewVersion = true;
             const createVersionArgs = {
                 autosave: Boolean(autosave),
                 collectionSlug: undefined,
@@ -133,7 +83,7 @@ export async function saveVersion({ id, autosave, collection, docWithLocales, dr
         return undefined;
     }
     const max = getVersionsMax(collection || global);
-    if (createNewVersion && max > 0) {
+    if (createdNewVersion && max > 0) {
         await enforceMaxVersions({
             id,
             collection,