sitepaige-mcp-server 1.0.0 → 1.0.3

package/dist/components/menu.tsx

@@ -26,8 +26,10 @@ interface MenuItem {
   page: string | null;
   menu: string | null;
   untouchable: boolean;
-  link_type?: 'page' | 'external';
+  link_type?: 'page' | 'external' | 'file';
   external_url?: string | null;
+  file_id?: string | null;
+  file_name?: string | null;
   hiddenOnDesktop?: boolean; // New field to hide item on desktop (shows in icon bar instead)
 }
 
@@ -57,6 +59,8 @@ export default function Menu({ menu, onClick, pages = [] }: MenuProps) {
   const [hoveredIndex, setHoveredIndex] = useState<number | null>(null);
   const [mobileMenuOpen, setMobileMenuOpen] = useState(false);
   const [isMobile, setIsMobile] = useState(false);
+  const [selectedPage, setSelectedPage] = useState<string | null>(null);
+  const [isPaigeLoading, setIsPaigeLoading] = useState(false);
 
   // Handle case where menu is undefined/null
   if (!menu) {
@@ -88,7 +92,8 @@ export default function Menu({ menu, onClick, pages = [] }: MenuProps) {
     return () => window.removeEventListener('resize', checkMobile);
   }, []);
 
-  const direction = menu.direction === 'vertical' ? 'vertical' : 'horizontal';
+  const direction = menu.direction === 'vertical' ? 'vertical' : 
+                   menu.direction === 'tiled' ? 'tiled' : 'horizontal';
 
   const renderMenuItem = (item: MenuItem, index: number) => {
     const handleClick = () => {
@@ -187,8 +192,128 @@ export default function Menu({ menu, onClick, pages = [] }: MenuProps) {
     );
   };
 
+  // Render a tiled menu item
+  const renderTiledMenuItem = (item: MenuItem, index: number) => {
+    const isSelected = item.page === selectedPage;
+    
+    // Helper function to get font size value
+    const getFontSizeValue = (sizeClass: string) => {
+      const sizeMap: Record<string, string> = {
+        'text-xs': '0.75rem',
+        'text-sm': '0.875rem',
+        'text-base': '1rem',
+        'text-lg': '1.125rem',
+        'text-xl': '1.25rem',
+        'text-2xl': '1.5rem',
+        'text-3xl': '1.875rem',
+      };
+      return sizeMap[sizeClass] || '1.25rem';
+    };
+    
+    const tileContent = (
+      <div className={`
+        p-6 
+        bg-white 
+        border-2 
+        border-gray-300 
+        rounded-lg 
+        shadow-md 
+        hover:shadow-lg 
+        hover:border-blue-500 
+        transition-all 
+        duration-200 
+        cursor-pointer
+        text-center
+        h-full
+        flex
+        flex-col
+        items-center
+        justify-center
+        ${isSelected ? 'border-blue-600 bg-blue-50' : ''}
+        ${isPaigeLoading ? 'opacity-50 cursor-not-allowed' : ''}
+      `}>
+        <h3 
+          className={`${isSelected ? 'font-bold' : 'font-medium'} text-gray-800`}
+          style={{ fontFamily: menu.font, fontSize: getFontSizeValue(menu.fontSize || 'text-xl') }}
+        >
+          {item.name}
+        </h3>
+      </div>
+    );
+
+    if (item.link_type === 'external' && item.external_url) {
+      return (
+        <a
+          key={item.name}
+          href={item.external_url}
+          target="_blank"
+          rel="noopener noreferrer"
+          className="block h-full"
+        >
+          {tileContent}
+        </a>
+      );
+    } else if (item.link_type === 'file' && item.file_name) {
+      return (
+        <a
+          key={item.name}
+          href={`/library/files/${item.file_name}`}
+          target="_blank"
+          rel="noopener noreferrer"
+          className="block h-full"
+        >
+          {tileContent}
+        </a>
+      );
+    } else if (item.page) {
+      const page = pages.find(p => p.id === item.page);
+      let linkUrl = '#';
+      
+      if (page) {
+        let urlPath = page.name
+          .replace(/[^a-zA-Z0-9\s]/g, '')
+          .trim()
+          .replace(/\s+/g, '_')
+          .toLowerCase();
+        linkUrl = urlPath === 'home' || urlPath === 'index' ? '/' : `/${urlPath}`;
+      }
+      
+      return (
+        <Link
+          key={item.name}
+          href={linkUrl}
+          onClick={(e) => {
+            e.preventDefault();
+            if (isPaigeLoading) {
+              console.log('Navigation blocked: Paige is currently processing a request');
+              return;
+            }
+            setSelectedPage(item.page);
+            onClick?.();
+          }}
+          className="block h-full"
+        >
+          {tileContent}
+        </Link>
+      );
+    } else {
+      return (
+        <div key={item.name} className="block h-full">
+          {tileContent}
+        </div>
+      );
+    }
+  };
+
   return (
     <>
+      {/* Tiled menu layout */}
+      {direction === 'tiled' && (
+        <div className={`grid gap-4 ${isMobile ? 'grid-cols-1' : 'grid-cols-2 md:grid-cols-3 lg:grid-cols-4'}`}>
+          {menu.items?.map((item, index) => renderTiledMenuItem(item, index)) || []}
+        </div>
+      )}
+      
       {/* Hamburger menu for mobile horizontal menus */}
       {isMobile && direction === 'horizontal' && (
         <div className="relative">
@@ -211,7 +336,7 @@ export default function Menu({ menu, onClick, pages = [] }: MenuProps) {
       )}
       
       {/* Regular menu for desktop or vertical menus */}
-      {(!isMobile || direction === 'vertical') && (
+      {(!isMobile || direction === 'vertical') && direction !== 'tiled' && (
         <nav className={`${direction === 'horizontal' ? 'space-x-4' : 'flex flex-col'} ${menu.align === 'Left' ? 'justify-start' : menu.align === 'Center' ? 'justify-center' : menu.align === 'Right' ? 'justify-end' : ''}`}>
           {menu.items?.filter(item => !item.hiddenOnDesktop).map((item, index) => renderMenuItem(item, index)) || []}
         </nav>

package/dist/components/testimonial.tsx

@@ -112,7 +112,7 @@ export default function RTestimonial({ name, custom_view_description, design }:
               <div className="flex items-center">
                 {testimonial.photoId && (
                   <img
-                    src={`/api/image?imageid=${testimonial.photoId}`}
+                    src={`/images/${testimonial.photoId}.jpg`}
                     alt={testimonial.attribution}
                     className="w-12 h-12 rounded-full object-cover mr-4"
                     onError={(e) => {

package/dist/defaultapp/api/Auth/resend-verification/route.ts

@@ -0,0 +1,130 @@
+/*
+ * Resend verification email endpoint
+ * Allows users to request a new verification email
+ */
+
+import { NextResponse } from 'next/server';
+import { regenerateVerificationToken } from '../../../db-password-auth';
+import { send_email } from '../../../storage/email';
+
+// Email validation regex
+const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+
+export async function POST(request: Request) {
+  try {
+    const { email } = await request.json();
+
+    // Validate email format
+    if (!email || !emailRegex.test(email)) {
+      return NextResponse.json(
+        { error: 'Invalid email address' },
+        { status: 400 }
+      );
+    }
+
+    // Regenerate verification token
+    const result = await regenerateVerificationToken(email);
+
+    if (!result) {
+      // Don't reveal whether the email exists or not
+      return NextResponse.json({
+        success: true,
+        message: 'If an unverified account exists with this email, a verification email has been sent.'
+      });
+    }
+
+    const { verificationToken } = result;
+
+    // Get site domain from environment or default
+    const siteDomain = process.env.SITE_DOMAIN || 'https://sitepaige.com';
+    const verificationUrl = `${siteDomain}/api/Auth/verify-email?token=${verificationToken}`;
+
+    // Send verification email
+    try {
+      const emailHtml = `
+        <!DOCTYPE html>
+        <html>
+          <head>
+            <style>
+              body { font-family: Arial, sans-serif; line-height: 1.6; color: #333; }
+              .container { max-width: 600px; margin: 0 auto; padding: 20px; }
+              .button { 
+                display: inline-block; 
+                padding: 12px 24px; 
+                background-color: #f0f0f0; 
+                color: #000000; 
+                text-decoration: none; 
+                border: 1px solid #cccccc;
+                border-radius: 4px;
+              }
+              .footer { margin-top: 30px; font-size: 12px; color: #666; }
+            </style>
+          </head>
+          <body>
+            <div class="container">
+              <h2>Verify Your Email Address</h2>
+              <p>You requested a new verification email for your account at ${siteDomain}. Please verify your email address by clicking the button below:</p>
+              <p style="margin: 30px 0;">
+                <a href="${verificationUrl}" class="button">Verify Email Address</a>
+              </p>
+              <p>Or copy and paste this link into your browser:</p>
+              <p style="word-break: break-all; color: #0066cc;">${verificationUrl}</p>
+              <p>This link will expire in 24 hours.</p>
+              <div class="footer">
+                <p>If you didn't request this email, you can safely ignore it.</p>
+              </div>
+            </div>
+          </body>
+        </html>
+      `;
+
+      const emailText = `
+Verify Your Email Address
+
+You requested a new verification email for your account at ${siteDomain}. Please verify your email address by clicking the link below:
+
+${verificationUrl}
+
+This link will expire in 24 hours.
+
+If you didn't request this email, you can safely ignore it.
+      `;
+
+      await send_email({
+        to: email,
+        from: process.env.EMAIL_FROM || 'noreply@sitepaige.com',
+        subject: 'Verify your email address',
+        html: emailHtml,
+        text: emailText
+      });
+
+      return NextResponse.json({
+        success: true,
+        message: 'Verification email sent successfully! Please check your email.'
+      });
+
+    } catch (emailError) {
+      console.error('Failed to send verification email:', emailError);
+      return NextResponse.json({
+        success: false,
+        error: 'Failed to send verification email. Please try again later.'
+      }, { status: 500 });
+    }
+
+  } catch (error: any) {
+    console.error('Resend verification error:', error);
+
+    if (error.message === 'Email is already verified') {
+      return NextResponse.json(
+        { error: 'This email is already verified. Please sign in.' },
+        { status: 400 }
+      );
+    }
+
+    // Generic response to avoid revealing whether email exists
+    return NextResponse.json({
+      success: true,
+      message: 'If an unverified account exists with this email, a verification email has been sent.'
+    });
+  }
+}

package/dist/defaultapp/api/Auth/route.ts

@@ -10,7 +10,6 @@ import * as crypto from 'node:crypto';
 
 import { db_init, db_query } from '../../db';
 import { upsertUser, storeOAuthToken, validateSession, rotateSession } from '../../db-users';
-import { validateCsrfToken } from '../../csrf';
 
 type OAuthProvider = 'google' | 'facebook' | 'apple'  | 'github';
 
@@ -32,11 +31,113 @@ export async function POST(request: Request) {
   const db = await db_init();
   
   try {
-    const { code, provider } = await request.json();
+    const { code, provider, email, password } = await request.json();
     
-    if (!code || !provider) {
+    if (!provider) {
       return NextResponse.json(
-        { error: 'No authorization code or provider specified' },
+        { error: 'No provider specified' },
+        { status: 400 }
+      );
+    }
+
+    // Handle username/password authentication
+    if (provider === 'username') {
+      if (!email || !password) {
+        return NextResponse.json(
+          { error: 'Email and password are required' },
+          { status: 400 }
+        );
+      }
+
+      const { authenticateUser, createPasswordAuthTable } = await import('../../db-password-auth');
+      const { upsertUser } = await import('../../db-users');
+      
+      // Ensure password auth table exists
+      await createPasswordAuthTable();
+
+      try {
+        // Authenticate the user
+        const authRecord = await authenticateUser(email, password);
+        
+        if (!authRecord) {
+          return NextResponse.json(
+            { error: 'Invalid email or password' },
+            { status: 401 }
+          );
+        }
+
+        // Create or update user in the main Users table
+        const user = await upsertUser(
+          `password_${authRecord.id}`, // Unique OAuth ID for password users
+          'username' as any, // Source type
+          email.split('@')[0], // Username from email
+          email,
+          undefined // No avatar for password auth
+        );
+
+        // Delete existing sessions for this user
+        const existingSessions = await db_query(db, 
+          "SELECT ID FROM usersession WHERE userid = ?", 
+          [user.userid]
+        );
+        
+        if (existingSessions && existingSessions.length > 0) {
+          const sessionIds = existingSessions.map(session => session.ID);
+          const placeholders = sessionIds.map(() => '?').join(',');
+          await db_query(db, `DELETE FROM usersession WHERE ID IN (${placeholders})`, sessionIds);
+        }
+
+        // Generate secure session token and ID
+        const sessionId = crypto.randomUUID();
+        const sessionToken = crypto.randomBytes(32).toString('base64url');
+
+        // Create new session with secure token
+        await db_query(db, 
+          "INSERT INTO usersession (ID, SessionToken, userid, ExpirationDate) VALUES (?, ?, ?, ?)",
+          [sessionId, sessionToken, user.userid, new Date(Date.now() + 30 * 24 * 60 * 60 * 1000).toISOString()]
+        );
+
+        // Set session cookie with secure token
+        const sessionCookie = await cookies();
+        sessionCookie.set({
+          name: 'session_id', 
+          value: sessionToken,
+          httpOnly: true,
+          secure: process.env.NODE_ENV === 'production',
+          sameSite: process.env.NODE_ENV === 'production' ? 'strict' : 'lax',
+          maxAge: 30 * 24 * 60 * 60, // 30 days
+          path: '/',
+        });
+
+        // Create a completely clean object to avoid any database result object issues
+        const cleanUserData = {
+          userid: String(user.userid),
+          userName: String(user.UserName),
+          avatarURL: String(user.AvatarURL || ''),
+          userLevel: Number(user.UserLevel),
+          isAdmin: Number(user.UserLevel) === 2
+        };
+        
+        return NextResponse.json({ 
+          success: true,
+          user: cleanUserData
+        });
+
+      } catch (error: any) {
+        if (error.message === 'Email not verified') {
+          return NextResponse.json(
+            { error: 'Please verify your email before logging in' },
+            { status: 403 }
+          );
+        }
+        throw error;
+      }
+    }
+
+    // Handle OAuth authentication
+    if (!code) {
+      return NextResponse.json(
+        { error: 'No authorization code specified' },
         { status: 400 }
       );
     }
@@ -293,15 +394,6 @@ export async function GET() {
 }
 
 export async function DELETE(request: Request) {
-  // Validate CSRF token for logout
-  const isValidCsrf = await validateCsrfToken(request);
-  if (!isValidCsrf) {
-    return NextResponse.json(
-      { error: 'Invalid CSRF token' },
-      { status: 403 }
-    );
-  }
-  
   const db = await db_init();
   
   try {

package/dist/defaultapp/api/Auth/signup/route.ts

@@ -0,0 +1,133 @@
+/*
+ * Signup endpoint for username/password authentication
+ * Handles user registration with email verification
+ */
+
+import { NextResponse } from 'next/server';
+import { createPasswordAuth } from '../../../db-password-auth';
+import { send_email } from '../../../storage/email';
+
+// Email validation regex
+const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
+
+// Password validation - at least 8 characters, one uppercase, one lowercase, one number
+const passwordRegex = /^(?=.*[a-z])(?=.*[A-Z])(?=.*\d).{8,}$/;
+
+export async function POST(request: Request) {
+  try {
+    const { email, password } = await request.json();
+
+    // Validate email format
+    if (!email || !emailRegex.test(email)) {
+      return NextResponse.json(
+        { error: 'Invalid email address' },
+        { status: 400 }
+      );
+    }
+
+    // Validate password strength
+    if (!password || !passwordRegex.test(password)) {
+      return NextResponse.json(
+        { error: 'Password must be at least 8 characters long and contain at least one uppercase letter, one lowercase letter, and one number' },
+        { status: 400 }
+      );
+    }
+
+    // Create password auth record
+    const { passwordAuth, verificationToken } = await createPasswordAuth(email, password);
+
+    // Get site domain from environment or default
+    const siteDomain = process.env.SITE_DOMAIN || 'https://sitepaige.com';
+    const verificationUrl = `${siteDomain}/api/Auth/verify-email?token=${verificationToken}`;
+
+    // Send verification email
+    try {
+      const emailHtml = `
+        <!DOCTYPE html>
+        <html>
+          <head>
+            <style>
+              body { font-family: Arial, sans-serif; line-height: 1.6; color: #333; }
+              .container { max-width: 600px; margin: 0 auto; padding: 20px; }
+              .button { 
+                display: inline-block; 
+                padding: 12px 24px; 
+                background-color: #f0f0f0; 
+                color: #000000; 
+                text-decoration: none; 
+                border: 1px solid #cccccc;
+                border-radius: 4px;
+              }
+              .footer { margin-top: 30px; font-size: 12px; color: #666; }
+            </style>
+          </head>
+          <body>
+            <div class="container">
+              <h2>Welcome to ${siteDomain}!</h2>
+              <p>Thank you for signing up. Please verify your email address by clicking the button below:</p>
+              <p style="margin: 30px 0;">
+                <a href="${verificationUrl}" class="button">Verify Email Address</a>
+              </p>
+              <p>Or copy and paste this link into your browser:</p>
+              <p style="word-break: break-all; color: #0066cc;">${verificationUrl}</p>
+              <p>This link will expire in 24 hours.</p>
+              <div class="footer">
+                <p>If you didn't create an account, you can safely ignore this email.</p>
+              </div>
+            </div>
+          </body>
+        </html>
+      `;
+
+      const emailText = `
+Welcome to ${siteDomain}!
+
+Thank you for signing up. Please verify your email address by clicking the link below:
+
+${verificationUrl}
+
+This link will expire in 24 hours.
+
+If you didn't create an account, you can safely ignore this email.
+      `;
+
+      await send_email({
+        to: email,
+        from: process.env.EMAIL_FROM || 'noreply@sitepaige.com',
+        subject: 'Verify your email address',
+        html: emailHtml,
+        text: emailText
+      });
+
+      return NextResponse.json({
+        success: true,
+        message: 'Registration successful! Please check your email to verify your account.'
+      });
+
+    } catch (emailError) {
+      console.error('Failed to send verification email:', emailError);
+      // Still return success but with a warning
+      return NextResponse.json({
+        success: true,
+        message: 'Registration successful! However, we could not send the verification email. Please contact support.',
+        warning: 'Email sending failed'
+      });
+    }
+
+  } catch (error: any) {
+    console.error('Signup error:', error);
+
+    // Handle specific errors
+    if (error.message === 'Email already registered') {
+      return NextResponse.json(
+        { error: 'This email is already registered. Please sign in instead.' },
+        { status: 409 }
+      );
+    }
+
+    return NextResponse.json(
+      { error: error.message || 'Signup failed' },
+      { status: 500 }
+    );
+  }
+}

package/dist/defaultapp/api/Auth/verify-email/route.ts

@@ -0,0 +1,105 @@
+/*
+ * Email verification endpoint
+ * Handles email verification tokens from signup emails
+ */
+
+import { NextResponse } from 'next/server';
+import { verifyEmailWithToken } from '../../../db-password-auth';
+import { upsertUser } from '../../../db-users';
+import { db_init, db_query } from '../../../db';
+import { cookies } from 'next/headers';
+import * as crypto from 'node:crypto';
+
+export async function GET(request: Request) {
+  try {
+    const { searchParams } = new URL(request.url);
+    const token = searchParams.get('token');
+
+    if (!token) {
+      return NextResponse.json(
+        { error: 'Verification token is required' },
+        { status: 400 }
+      );
+    }
+
+    // Verify the email with token
+    const authRecord = await verifyEmailWithToken(token);
+
+    if (!authRecord) {
+      return NextResponse.json(
+        { error: 'Invalid or expired verification token' },
+        { status: 400 }
+      );
+    }
+
+    // Create or update user in the main Users table
+    const user = await upsertUser(
+      `password_${authRecord.id}`, // Unique OAuth ID for password users
+      'userpass' as any, // Source type
+      authRecord.email.split('@')[0], // Username from email
+      authRecord.email,
+      undefined // No avatar for password auth
+    );
+
+    if (!user) {
+      return NextResponse.json(
+        { error: 'Failed to create user account' },
+        { status: 500 }
+      );
+    }
+
+    // Auto-login the user after verification
+    const db = await db_init();
+    
+    // Delete existing sessions for this user
+    const existingSessions = await db_query(db, 
+      "SELECT ID FROM usersession WHERE userid = ?", 
+      [user.userid]
+    );
+    
+    if (existingSessions && existingSessions.length > 0) {
+      const sessionIds = existingSessions.map(session => session.ID);
+      const placeholders = sessionIds.map(() => '?').join(',');
+      await db_query(db, `DELETE FROM usersession WHERE ID IN (${placeholders})`, sessionIds);
+    }
+
+    // Generate secure session token and ID
+    const sessionId = crypto.randomUUID();
+    const sessionToken = crypto.randomBytes(32).toString('base64url');
+
+    // Create new session with secure token
+    await db_query(db, 
+      "INSERT INTO usersession (ID, SessionToken, userid, ExpirationDate) VALUES (?, ?, ?, ?)",
+      [sessionId, sessionToken, user.userid, new Date(Date.now() + 30 * 24 * 60 * 60 * 1000).toISOString()]
+    );
+
+    // Set session cookie with secure token
+    const sessionCookie = await cookies();
+    sessionCookie.set({
+      name: 'session_id', 
+      value: sessionToken,
+      httpOnly: true,
+      secure: process.env.NODE_ENV === 'production',
+      sameSite: process.env.NODE_ENV === 'production' ? 'strict' : 'lax',
+      maxAge: 30 * 24 * 60 * 60, // 30 days
+      path: '/',
+    });
+
+    // Redirect to home page or dashboard with success message
+    const siteDomain = process.env.SITE_DOMAIN || 'https://sitepaige.com';
+    const redirectUrl = new URL('/', siteDomain);
+    redirectUrl.searchParams.set('verified', 'true');
+    
+    return NextResponse.redirect(redirectUrl);
+
+  } catch (error: any) {
+    console.error('Email verification error:', error);
+    
+    // Redirect to home with error
+    const siteDomain = process.env.SITE_DOMAIN || 'https://sitepaige.com';
+    const redirectUrl = new URL('/', siteDomain);
+    redirectUrl.searchParams.set('error', 'verification_failed');
+    
+    return NextResponse.redirect(redirectUrl);
+  }
+}