studiocms 0.1.0-beta.7 → 0.1.0-beta.8

package/dist/routes/rest/v1/public/pages/index.js

@@ -0,0 +1,61 @@
+import studioCMS_SDK_Cache from "studiocms:sdk/cache";
+const GET = async (context) => {
+  const pages = await studioCMS_SDK_Cache.GET.pages();
+  const searchParams = context.url.searchParams;
+  const titleFilter = searchParams.get("title");
+  const slugFilter = searchParams.get("slug");
+  const authorFilter = searchParams.get("author");
+  const draftFilter = searchParams.get("draft") === "true";
+  const publishedFilter = searchParams.get("published") === "true";
+  const parentFolderFilter = searchParams.get("parentFolder");
+  let filteredPages = pages;
+  if (titleFilter) {
+    filteredPages = filteredPages.filter((page) => page.data.title.includes(titleFilter));
+  }
+  if (slugFilter) {
+    filteredPages = filteredPages.filter((page) => page.data.slug.includes(slugFilter));
+  }
+  if (authorFilter) {
+    filteredPages = filteredPages.filter((page) => page.data.authorId === authorFilter);
+  }
+  if (draftFilter) {
+    filteredPages = filteredPages.filter((page) => page.data.draft === draftFilter);
+  }
+  if (publishedFilter) {
+    filteredPages = filteredPages.filter((page) => !page.data.draft);
+  }
+  if (parentFolderFilter) {
+    filteredPages = filteredPages.filter((page) => page.data.parentFolder === parentFolderFilter);
+  }
+  return new Response(JSON.stringify(filteredPages), {
+    headers: {
+      "Content-Type": "application/json"
+    }
+  });
+};
+const OPTIONS = async () => {
+  return new Response(null, {
+    status: 204,
+    statusText: "No Content",
+    headers: {
+      Allow: "OPTIONS, GET",
+      "ALLOW-ACCESS-CONTROL-ORIGIN": "*",
+      "Cache-Control": "public, max-age=604800, immutable",
+      Date: (/* @__PURE__ */ new Date()).toUTCString()
+    }
+  });
+};
+const ALL = async () => {
+  return new Response(null, {
+    status: 405,
+    statusText: "Method Not Allowed",
+    headers: {
+      "ACCESS-CONTROL-ALLOW-ORIGIN": "*"
+    }
+  });
+};
+export {
+  ALL,
+  GET,
+  OPTIONS
+};

package/dist/routes/rest/v1/settings/index.d.ts

@@ -0,0 +1,5 @@
+import type { APIRoute } from 'astro';
+export declare const GET: APIRoute;
+export declare const PATCH: APIRoute;
+export declare const OPTIONS: APIRoute;
+export declare const ALL: APIRoute;

package/dist/routes/rest/v1/settings/index.js

@@ -0,0 +1,75 @@
+import studioCMS_SDK_Cache from "studiocms:sdk/cache";
+import { simpleResponse } from "../../../../utils/simpleResponse.js";
+import { verifyAuthToken } from "../../utils/auth-token.js";
+const GET = async (context) => {
+  const user = await verifyAuthToken(context);
+  if (user instanceof Response) {
+    return user;
+  }
+  const { rank } = user;
+  if (rank !== "owner") {
+    return simpleResponse(401, "Unauthorized");
+  }
+  const siteConfig = await studioCMS_SDK_Cache.GET.siteConfig();
+  return new Response(JSON.stringify(siteConfig), {
+    headers: {
+      "Content-Type": "application/json"
+    }
+  });
+};
+const PATCH = async (context) => {
+  const user = await verifyAuthToken(context);
+  if (user instanceof Response) {
+    return user;
+  }
+  const { rank } = user;
+  if (rank !== "owner") {
+    return simpleResponse(401, "Unauthorized");
+  }
+  const siteConfig = await context.request.json();
+  if (!siteConfig.title) {
+    return simpleResponse(400, "Invalid form data, title is required");
+  }
+  if (!siteConfig.description) {
+    return simpleResponse(400, "Invalid form data, description is required");
+  }
+  if (!siteConfig.loginPageBackground) {
+    return simpleResponse(400, "Invalid form data, loginPageBackground is required");
+  }
+  if (siteConfig.loginPageBackground === "custom" && !siteConfig.loginPageCustomImage) {
+    return simpleResponse(400, "Invalid form data, loginPageCustomImage is required");
+  }
+  try {
+    await studioCMS_SDK_Cache.UPDATE.siteConfig(siteConfig);
+    return simpleResponse(200, "Site config updated");
+  } catch (error) {
+    return simpleResponse(500, "Error updating site config");
+  }
+};
+const OPTIONS = async () => {
+  return new Response(null, {
+    status: 204,
+    statusText: "No Content",
+    headers: {
+      Allow: "OPTIONS, GET, PATCH",
+      "ALLOW-ACCESS-CONTROL-ORIGIN": "*",
+      "Cache-Control": "public, max-age=604800, immutable",
+      Date: (/* @__PURE__ */ new Date()).toUTCString()
+    }
+  });
+};
+const ALL = async () => {
+  return new Response(null, {
+    status: 405,
+    statusText: "Method Not Allowed",
+    headers: {
+      "ACCESS-CONTROL-ALLOW-ORIGIN": "*"
+    }
+  });
+};
+export {
+  ALL,
+  GET,
+  OPTIONS,
+  PATCH
+};

package/dist/routes/rest/v1/users/[id].d.ts

@@ -0,0 +1,6 @@
+import type { APIRoute } from 'astro';
+export declare const GET: APIRoute;
+export declare const PATCH: APIRoute;
+export declare const DELETE: APIRoute;
+export declare const OPTIONS: APIRoute;
+export declare const ALL: APIRoute;

package/dist/routes/rest/v1/users/[id].js

@@ -0,0 +1,212 @@
+import { verifyUserPermissionLevel } from "studiocms:auth/lib/user";
+import studioCMS_SDK from "studiocms:sdk";
+import { simpleResponse } from "../../../../utils/simpleResponse.js";
+import { verifyAuthToken } from "../../utils/auth-token.js";
+const GET = async (context) => {
+  const user = await verifyAuthToken(context);
+  if (user instanceof Response) {
+    return user;
+  }
+  const { rank } = user;
+  if (rank !== "owner" && rank !== "admin") {
+    return simpleResponse(401, "Unauthorized");
+  }
+  const { id } = context.params;
+  if (!id) {
+    return simpleResponse(400, "Invalid form data, id is required");
+  }
+  const existingUser = await studioCMS_SDK.GET.databaseEntry.users.byId(id);
+  if (!existingUser) {
+    return simpleResponse(400, "User not found");
+  }
+  const { avatar, createdAt, email, name, permissionsData, updatedAt, url, username } = existingUser;
+  const existingUserRank = permissionsData?.rank ?? "admin";
+  const data = {
+    avatar,
+    createdAt,
+    email,
+    id,
+    name,
+    rank: existingUserRank,
+    updatedAt,
+    url,
+    username
+  };
+  const loggedInUser = (await studioCMS_SDK.GET.databaseTable.users()).find(
+    (user2) => user2.id === id
+  );
+  if (!loggedInUser || loggedInUser === void 0) {
+    return simpleResponse(400, "User Error");
+  }
+  const permissionLevelInput = {
+    isLoggedIn: true,
+    user: loggedInUser,
+    permissionLevel: rank
+  };
+  const isAllowed = await verifyUserPermissionLevel(permissionLevelInput, existingUserRank);
+  if (!isAllowed) {
+    return simpleResponse(401, "Unauthorized");
+  }
+  return new Response(JSON.stringify(data), {
+    headers: {
+      "Content-Type": "application/json"
+    }
+  });
+};
+const PATCH = async (context) => {
+  const user = await verifyAuthToken(context);
+  if (user instanceof Response) {
+    return user;
+  }
+  const { rank } = user;
+  if (rank !== "owner" && rank !== "admin") {
+    return simpleResponse(401, "Unauthorized");
+  }
+  const { id } = context.params;
+  if (!id) {
+    return simpleResponse(400, "Invalid form data, id is required");
+  }
+  const existingUser = await studioCMS_SDK.GET.databaseEntry.users.byId(id);
+  if (!existingUser) {
+    return simpleResponse(400, "User not found");
+  }
+  const { permissionsData } = existingUser;
+  const existingUserRank = permissionsData?.rank ?? "admin";
+  const loggedInUser = (await studioCMS_SDK.GET.databaseTable.users()).find(
+    (user2) => user2.id === id
+  );
+  if (!loggedInUser || loggedInUser === void 0) {
+    return simpleResponse(400, "User Error");
+  }
+  const permissionLevelInput = {
+    isLoggedIn: true,
+    user: loggedInUser,
+    permissionLevel: rank
+  };
+  const isAllowed = await verifyUserPermissionLevel(permissionLevelInput, existingUserRank);
+  if (!isAllowed) {
+    return simpleResponse(401, "Unauthorized");
+  }
+  const jsonData = await context.request.json();
+  const { rank: newRank } = jsonData;
+  if (!newRank) {
+    return simpleResponse(400, "Missing field: Rank is required");
+  }
+  const isRankValid = ["visitor", "editor", "admin", "owner"].includes(newRank);
+  if (!isRankValid) {
+    return simpleResponse(400, "Invalid rank");
+  }
+  const updateRank = await studioCMS_SDK.UPDATE.permissions({
+    user: id,
+    rank
+  });
+  if (!updateRank) {
+    return simpleResponse(400, "Failed to update rank");
+  }
+  const updatedUser = await studioCMS_SDK.GET.databaseEntry.users.byId(id);
+  if (!updatedUser) {
+    return simpleResponse(400, "Failed to get updated user");
+  }
+  const {
+    avatar,
+    createdAt,
+    email,
+    name,
+    permissionsData: newPermissionsData,
+    updatedAt,
+    url,
+    username
+  } = updatedUser;
+  const updatedUserRank = newPermissionsData?.rank ?? "unknown";
+  const data = {
+    avatar,
+    createdAt,
+    email,
+    id,
+    name,
+    rank: updatedUserRank,
+    updatedAt,
+    url,
+    username
+  };
+  return new Response(JSON.stringify(data), {
+    headers: {
+      "Content-Type": "application/json"
+    }
+  });
+};
+const DELETE = async (context) => {
+  const user = await verifyAuthToken(context);
+  if (user instanceof Response) {
+    return user;
+  }
+  const { rank } = user;
+  if (rank !== "owner" && rank !== "admin") {
+    return simpleResponse(401, "Unauthorized");
+  }
+  const { id } = context.params;
+  if (!id) {
+    return simpleResponse(400, "Invalid form data, id is required");
+  }
+  const existingUser = await studioCMS_SDK.GET.databaseEntry.users.byId(id);
+  if (!existingUser) {
+    return simpleResponse(400, "User not found");
+  }
+  const { permissionsData } = existingUser;
+  const existingUserRank = permissionsData?.rank ?? "admin";
+  const loggedInUser = (await studioCMS_SDK.GET.databaseTable.users()).find(
+    (user2) => user2.id === id
+  );
+  if (!loggedInUser || loggedInUser === void 0) {
+    return simpleResponse(400, "User Error");
+  }
+  const permissionLevelInput = {
+    isLoggedIn: true,
+    user: loggedInUser,
+    permissionLevel: rank
+  };
+  const isAllowed = await verifyUserPermissionLevel(permissionLevelInput, existingUserRank);
+  if (!isAllowed) {
+    return simpleResponse(401, "Unauthorized");
+  }
+  try {
+    const response = await studioCMS_SDK.DELETE.user(id);
+    if (!response) {
+      return simpleResponse(400, "Failed to delete user");
+    }
+    if (response.status === "error") {
+      return simpleResponse(400, response.message);
+    }
+    return simpleResponse(200, response.message);
+  } catch (error) {
+    return simpleResponse(400, `Failed to delete user: ${error}`);
+  }
+};
+const OPTIONS = async () => {
+  return new Response(null, {
+    status: 204,
+    statusText: "No Content",
+    headers: {
+      Allow: "OPTIONS, GET, PATCH, DELETE",
+      "ALLOW-ACCESS-CONTROL-ORIGIN": "*",
+      "Cache-Control": "public, max-age=604800, immutable",
+      Date: (/* @__PURE__ */ new Date()).toUTCString()
+    }
+  });
+};
+const ALL = async () => {
+  return new Response(null, {
+    status: 405,
+    statusText: "Method Not Allowed",
+    headers: {
+      "ACCESS-CONTROL-ALLOW-ORIGIN": "*"
+    }
+  });
+};
+export {
+  ALL,
+  DELETE,
+  GET,
+  OPTIONS,
+  PATCH
+};

package/dist/routes/rest/v1/users/index.d.ts

@@ -0,0 +1,5 @@
+import type { APIRoute } from 'astro';
+export declare const GET: APIRoute;
+export declare const POST: APIRoute;
+export declare const OPTIONS: APIRoute;
+export declare const ALL: APIRoute;

package/dist/routes/rest/v1/users/index.js

@@ -0,0 +1,138 @@
+import { verifyPasswordStrength } from "studiocms:auth/lib/password";
+import { createLocalUser, verifyUsernameInput } from "studiocms:auth/lib/user";
+import studioCMS_SDK from "studiocms:sdk";
+import { z } from "astro/zod";
+import { simpleResponse } from "../../../../utils/simpleResponse.js";
+import { verifyAuthToken } from "../../utils/auth-token.js";
+const GET = async (context) => {
+  const user = await verifyAuthToken(context);
+  if (user instanceof Response) {
+    return user;
+  }
+  const { rank } = user;
+  if (rank !== "owner" && rank !== "admin") {
+    return simpleResponse(401, "Unauthorized");
+  }
+  const users = await studioCMS_SDK.GET.database.users();
+  let data = users.map(
+    ({ avatar, createdAt, email, id, name, permissionsData, updatedAt, url, username }) => ({
+      avatar,
+      createdAt,
+      email,
+      id,
+      name,
+      rank: permissionsData?.rank ?? "unknown",
+      updatedAt,
+      url,
+      username
+    })
+  );
+  if (rank !== "owner") {
+    data = data.filter((user2) => user2.rank !== "owner");
+  }
+  const searchParams = context.url.searchParams;
+  const rankFilter = searchParams.get("rank");
+  const usernameFilter = searchParams.get("username");
+  const nameFilter = searchParams.get("name");
+  let filteredData = data;
+  if (rankFilter) {
+    filteredData = filteredData.filter((user2) => user2.rank === rankFilter);
+  }
+  if (usernameFilter) {
+    filteredData = filteredData.filter((user2) => user2.username.includes(usernameFilter));
+  }
+  if (nameFilter) {
+    filteredData = filteredData.filter((user2) => user2.name.includes(nameFilter));
+  }
+  return new Response(JSON.stringify(filteredData), {
+    headers: {
+      "Content-Type": "application/json"
+    }
+  });
+};
+const POST = async (context) => {
+  const user = await verifyAuthToken(context);
+  if (user instanceof Response) {
+    return user;
+  }
+  const { rank } = user;
+  if (rank !== "owner" && rank !== "admin") {
+    return simpleResponse(401, "Unauthorized");
+  }
+  const jsonData = await context.request.json();
+  let { username, password, email, displayname, rank: newUserRank } = jsonData;
+  if (!username) {
+    return simpleResponse(400, "Missing field: Username is required");
+  }
+  if (!password) {
+    password = studioCMS_SDK.generateRandomPassword(12);
+  }
+  if (!email) {
+    return simpleResponse(400, "Missing field: Email is required");
+  }
+  if (!displayname) {
+    return simpleResponse(400, "Missing field: Display name is required");
+  }
+  if (!newUserRank) {
+    return simpleResponse(400, "Missing field: Rank is required");
+  }
+  if (verifyUsernameInput(username) !== true) {
+    return simpleResponse(
+      400,
+      "Invalid username: Username must be between 3 and 20 characters, only contain lowercase letters, numbers, -, and _ as well as not be a commonly used username (admin, root, etc.)"
+    );
+  }
+  if (await verifyPasswordStrength(password) !== true) {
+    return simpleResponse(
+      400,
+      'Invalid password: Password must be between 6 and 255 characters, and not be in the <a href="https://haveibeenpwned.com/Passwords" target="_blank">pwned password database</a>.'
+    );
+  }
+  const checkEmail = z.coerce.string().email({ message: "Email address is invalid" }).safeParse(email);
+  if (!checkEmail.success) {
+    return simpleResponse(400, `Invalid email: ${checkEmail.error.message}`);
+  }
+  const { usernameSearch, emailSearch } = await studioCMS_SDK.AUTH.user.searchUsersForUsernameOrEmail(username, checkEmail.data);
+  if (usernameSearch.length > 0) {
+    return simpleResponse(400, "Invalid username: Username is already in use");
+  }
+  if (emailSearch.length > 0) {
+    return simpleResponse(400, "Invalid email: Email is already in use");
+  }
+  const newUser = await createLocalUser(displayname, username, email, password);
+  const updateRank = await studioCMS_SDK.UPDATE.permissions({
+    user: newUser.id,
+    rank
+  });
+  return simpleResponse(
+    200,
+    JSON.stringify({ username, email, displayname, rank: updateRank.rank, password })
+  );
+};
+const OPTIONS = async () => {
+  return new Response(null, {
+    status: 204,
+    statusText: "No Content",
+    headers: {
+      Allow: "OPTIONS, GET, POST",
+      "ALLOW-ACCESS-CONTROL-ORIGIN": "*",
+      "Cache-Control": "public, max-age=604800, immutable",
+      Date: (/* @__PURE__ */ new Date()).toUTCString()
+    }
+  });
+};
+const ALL = async () => {
+  return new Response(null, {
+    status: 405,
+    statusText: "Method Not Allowed",
+    headers: {
+      "ACCESS-CONTROL-ALLOW-ORIGIN": "*"
+    }
+  });
+};
+export {
+  ALL,
+  GET,
+  OPTIONS,
+  POST
+};

package/dist/routes/sdk/fallback-list-pages.json.d.ts

@@ -0,0 +1,2 @@
+import type { APIRoute } from 'astro';
+export declare const GET: APIRoute;

package/dist/routes/sdk/fallback-list-pages.json.js

@@ -0,0 +1,19 @@
+import studioCMS_SDK from "studiocms:sdk/cache";
+const GET = async () => {
+  const pages = await studioCMS_SDK.GET.pages();
+  const lastUpdated = (/* @__PURE__ */ new Date()).toUTCString();
+  return new Response(
+    JSON.stringify({ lastUpdated, pages: pages.map((pageItem) => pageItem.data) }, null, 2),
+    {
+      headers: {
+        "Content-Type": "application/json",
+        "ACCESS-CONTROL-ALLOW-ORIGIN": "*",
+        "Cache-Control": "public, max-age=604800, immutable",
+        Date: lastUpdated
+      }
+    }
+  );
+};
+export {
+  GET
+};

package/dist/routes/sdk/fallback-list-pages.json.ts

@@ -0,0 +1,22 @@
+import studioCMS_SDK from 'studiocms:sdk/cache';
+import type { APIRoute } from 'astro';
+
+// export const prerender = true;
+
+export const GET: APIRoute = async (): Promise<Response> => {
+	const pages = await studioCMS_SDK.GET.pages();
+
+	const lastUpdated = new Date().toUTCString();
+
+	return new Response(
+		JSON.stringify({ lastUpdated, pages: pages.map((pageItem) => pageItem.data) }, null, 2),
+		{
+			headers: {
+				'Content-Type': 'application/json',
+				'ACCESS-CONTROL-ALLOW-ORIGIN': '*',
+				'Cache-Control': 'public, max-age=604800, immutable',
+				Date: lastUpdated,
+			},
+		}
+	);
+};

package/dist/routes/sdk/full-changelog.json.d.ts

@@ -0,0 +1,16 @@
+import type { APIRoute } from 'astro';
+import type { List } from 'mdast';
+export type Changelog = {
+    packageName: string;
+    versions: Version[];
+};
+export type Version = {
+    version: string;
+    changes: {
+        [key in SemverCategory]: List;
+    };
+    includes: Set<string>;
+};
+export declare const semverCategories: readonly ["major", "minor", "patch"];
+export type SemverCategory = (typeof semverCategories)[number];
+export declare const POST: APIRoute;