npm - studiocms - Versions diffs - 0.2.0 → 0.4.0 - Mend

studiocms 0.2.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (293) hide show

package/frontend/pages/studiocms_api/_handlers/dashboard/taxonomy.ts ADDED Viewed

@@ -0,0 +1,285 @@
+import { Notifications } from 'studiocms:notifier';
+import { SDKCore } from 'studiocms:sdk';
+import routeConfig from 'virtual:studiocms/route-config';
+import { HttpApiBuilder } from '@effect/platform';
+import { StudioCMSDashboardApiSpec } from '@withstudiocms/api-spec';
+import { CurrentUser } from '@withstudiocms/api-spec/astro-context';
+import { DashboardAPIError } from '@withstudiocms/api-spec/dashboard';
+import { StudioCMSPageDataCategories, StudioCMSPageDataTags } from '@withstudiocms/sdk/tables';
+import { Effect, Schema } from 'effect';
+import {
+	categoriesToTaxonomyNodes,
+	tagsToTaxonomyNodes,
+} from '#frontend/components/shared/taxonomy/shared.js';
+import { sharedDBErrors, sharedNotifierErrors } from './_shared.js';
+/**
+ * Check if the Dashboard API is enabled in the route configuration.
+ */
+const dashboardAPIEnabled = routeConfig.dashboardAPIEnabled;
+/**
+ * Taxonomy Handlers for the Dashboard API
+ */
+export const TaxonomyHandlers = HttpApiBuilder.group(
+	StudioCMSDashboardApiSpec,
+	'taxonomy',
+	(handlers) =>
+		handlers
+			.handle(
+				'taxonomy',
+				Effect.fn(
+					function* ({ payload }) {
+						if (!dashboardAPIEnabled) {
+							return yield* new DashboardAPIError({
+								error: 'Dashboard API is disabled',
+							});
+						}
+						const [sdk, userData, notifier] = yield* Effect.all([
+							SDKCore,
+							CurrentUser,
+							Notifications,
+						]);
+						if (!userData.isLoggedIn || !userData.userPermissionLevel.isEditor) {
+							return yield* new DashboardAPIError({ error: 'Unauthorized' });
+						}
+						if (!payload.mode || !payload.type) {
+							return yield* new DashboardAPIError({ error: 'Invalid request payload' });
+						}
+						const newId = yield* sdk.UTIL.Generators.generateRandomIDNumber(9);
+						switch (payload.type) {
+							case 'categories': {
+								const { mode, type: _, ...categoryData } = payload;
+								const decoder = Schema.encode(StudioCMSPageDataCategories.Select);
+								switch (mode) {
+									case 'create': {
+										const newCategory = yield* decoder({
+											...categoryData,
+											id: categoryData.id && categoryData.id > 0 ? categoryData.id : newId,
+										}).pipe(Effect.flatMap(sdk.POST.databaseEntry.categories));
+										if (!newCategory) {
+											return yield* new DashboardAPIError({ error: 'Failed to create category' });
+										}
+										yield* notifier
+											.sendEditorNotification('new_category', categoryData.name)
+											.pipe(
+												Effect.catchAll(
+													() => new DashboardAPIError({ error: 'Failed to send notification' })
+												)
+											);
+										return {
+											message: 'Category created successfully',
+										};
+									}
+									case 'edit': {
+										if (categoryData.id === categoryData.parent) {
+											return yield* new DashboardAPIError({
+												error: 'Category cannot be its own parent',
+											});
+										}
+										const updatedCategory = yield* decoder(categoryData).pipe(
+											Effect.flatMap(sdk.UPDATE.categories)
+										);
+										if (!updatedCategory) {
+											return yield* new DashboardAPIError({ error: 'Failed to update category' });
+										}
+										yield* notifier
+											.sendEditorNotification('update_category', categoryData.name)
+											.pipe(
+												Effect.catchAll(
+													() => new DashboardAPIError({ error: 'Failed to send notification' })
+												)
+											);
+										return {
+											message: 'Category updated successfully',
+										};
+									}
+									default:
+										return yield* new DashboardAPIError({ error: 'Invalid mode' });
+								}
+							}
+							case 'tags': {
+								const { mode, type: _, ...tagData } = payload;
+								const decoder = Schema.encode(StudioCMSPageDataTags.Select);
+								switch (mode) {
+									case 'create': {
+										const newTag = yield* decoder({
+											...tagData,
+											id: tagData.id && tagData.id > 0 ? tagData.id : newId,
+										}).pipe(Effect.flatMap(sdk.POST.databaseEntry.tags));
+										if (!newTag) {
+											return yield* new DashboardAPIError({ error: 'Failed to create tag' });
+										}
+										yield* notifier
+											.sendEditorNotification('new_tag', tagData.name)
+											.pipe(
+												Effect.catchAll(
+													() => new DashboardAPIError({ error: 'Failed to send notification' })
+												)
+											);
+										return {
+											message: 'Tag created successfully',
+										};
+									}
+									case 'edit': {
+										const updatedTag = yield* decoder(tagData).pipe(
+											Effect.flatMap(sdk.UPDATE.tags)
+										);
+										if (!updatedTag) {
+											return yield* new DashboardAPIError({ error: 'Failed to update tag' });
+										}
+										yield* notifier
+											.sendEditorNotification('update_tag', tagData.name)
+											.pipe(
+												Effect.catchAll(
+													() => new DashboardAPIError({ error: 'Failed to send notification' })
+												)
+											);
+										return {
+											message: 'Tag updated successfully',
+										};
+									}
+									default:
+										return yield* new DashboardAPIError({ error: 'Invalid mode' });
+								}
+							}
+							default:
+								return yield* new DashboardAPIError({ error: 'Invalid taxonomy type' });
+						}
+					},
+					Notifications.Provide,
+					Effect.catchTags({
+						...sharedDBErrors,
+						...sharedNotifierErrors,
+						GeneratorError: () => new DashboardAPIError({ error: 'Failed to generate new ID' }),
+						ParseError: () => new DashboardAPIError({ error: 'Failed to parse category data' }),
+					})
+				)
+			)
+			.handle(
+				'taxonomyDelete',
+				Effect.fn(
+					function* ({ payload: { id, type } }) {
+						if (!dashboardAPIEnabled) {
+							return yield* new DashboardAPIError({
+								error: 'Dashboard API is disabled',
+							});
+						}
+						const [sdk, userData, notify] = yield* Effect.all([
+							SDKCore,
+							CurrentUser,
+							Notifications,
+						]);
+						if (!userData.isLoggedIn || !userData.userPermissionLevel.isAdmin) {
+							return yield* new DashboardAPIError({ error: 'Unauthorized' });
+						}
+						switch (type) {
+							case 'categories': {
+								const allCategories = yield* sdk.GET.categories.getAll();
+								const isParentCategory = allCategories.some((c) => c.parent === id);
+								if (isParentCategory) {
+									return yield* new DashboardAPIError({
+										error: 'Cannot delete category that has child categories',
+									});
+								}
+								const foundCategory = allCategories.find((c) => c.id === id);
+								if (!foundCategory) {
+									return yield* new DashboardAPIError({ error: 'Category not found' });
+								}
+								const deletionSuccess = yield* sdk.DELETE.categories(id);
+								if (!deletionSuccess) {
+									return yield* new DashboardAPIError({ error: 'Failed to delete category' });
+								}
+								yield* notify
+									.sendEditorNotification('delete_category', foundCategory.name)
+									.pipe(
+										Effect.catchAll(
+											() => new DashboardAPIError({ error: 'Failed to send notification' })
+										)
+									);
+								return {
+									message: 'Category deleted successfully',
+								};
+							}
+							case 'tags': {
+								const foundTag = yield* sdk.GET.tags.byId(id);
+								if (!foundTag) {
+									return yield* new DashboardAPIError({ error: 'Tag not found' });
+								}
+								const deletionSuccess = yield* sdk.DELETE.tags(id);
+								if (!deletionSuccess) {
+									return yield* new DashboardAPIError({ error: 'Failed to delete tag' });
+								}
+								yield* notify
+									.sendEditorNotification('delete_tag', foundTag.name)
+									.pipe(
+										Effect.catchAll(
+											() => new DashboardAPIError({ error: 'Failed to send notification' })
+										)
+									);
+								return {
+									message: 'Tag deleted successfully',
+								};
+							}
+							default:
+								return yield* new DashboardAPIError({ error: 'Invalid taxonomy type' });
+						}
+					},
+					Notifications.Provide,
+					Effect.catchTags({
+						...sharedDBErrors,
+						...sharedNotifierErrors,
+					})
+				)
+			)
+			.handle('taxonomySearch', () =>
+				!dashboardAPIEnabled
+					? Effect.fail(new DashboardAPIError({ error: 'Dashboard API is disabled' }))
+					: SDKCore.pipe(
+							Effect.flatMap((sdk) =>
+								Effect.all([
+									sdk.GET.categories.getAll().pipe(Effect.map(categoriesToTaxonomyNodes)),
+									sdk.GET.tags.getAll().pipe(Effect.map(tagsToTaxonomyNodes)),
+								])
+							),
+							Effect.flatMap(([categories, tags]) => Effect.succeed([...categories, ...tags])),
+							Effect.catchTags(sharedDBErrors)
+						)
+			)
+);

package/frontend/pages/studiocms_api/_handlers/dashboard/templates.ts ADDED Viewed

@@ -0,0 +1,75 @@
+import { SDKCore } from 'studiocms:sdk';
+import templateEngine from 'studiocms:template-engine';
+import routeConfig from 'virtual:studiocms/route-config';
+import { HttpApiBuilder } from '@effect/platform';
+import { StudioCMSDashboardApiSpec } from '@withstudiocms/api-spec';
+import { CurrentUser } from '@withstudiocms/api-spec/astro-context';
+import { DashboardAPIError } from '@withstudiocms/api-spec/dashboard';
+import { Effect } from 'effect';
+import { sharedDBErrors } from './_shared.js';
+/**
+ * Check if the Dashboard API is enabled in the route configuration.
+ */
+const dashboardAPIEnabled = routeConfig.dashboardAPIEnabled;
+/**
+ * Templates Handlers for the Dashboard API
+ */
+export const TemplatesHandlers = HttpApiBuilder.group(
+	StudioCMSDashboardApiSpec,
+	'templates',
+	(handlers) =>
+		handlers.handle(
+			'updateEmailTemplates',
+			Effect.fn(
+				function* ({ payload }) {
+					if (!dashboardAPIEnabled) {
+						return yield* new DashboardAPIError({
+							error: 'Dashboard API is disabled',
+						});
+					}
+					const [sdk, engine, userData] = yield* Effect.all([SDKCore, templateEngine, CurrentUser]);
+					if (!userData.isLoggedIn || !userData.userPermissionLevel.isAdmin) {
+						return yield* new DashboardAPIError({ error: 'Unauthorized' });
+					}
+					const keys = engine.availableTemplates;
+					type Keys = (typeof keys)[number];
+					const updates: Partial<Record<Keys, string>> = {};
+					for (const key of keys) {
+						if (key in payload) {
+							updates[key] = payload[key];
+						}
+					}
+					if (Object.keys(updates).length === 0) {
+						return yield* new DashboardAPIError({
+							error: 'No valid templates provided for update.',
+						});
+					}
+					const updatedConfig = yield* sdk.CONFIG.templateConfig.update(updates);
+					if (!updatedConfig) {
+						return yield* new DashboardAPIError({ error: 'Failed to update templates.' });
+					}
+					return {
+						message: 'Templates updated successfully',
+					};
+				},
+				Effect.catchTags({
+					...sharedDBErrors,
+					TemplateEngineError: (cause) =>
+						new DashboardAPIError({ error: cause.message || 'Template Engine Error' }),
+					DeepmergeError: (cause) =>
+						new DashboardAPIError({
+							error: cause.message || 'Failed to merge template config updates',
+						}),
+				})
+			)
+		)
+);

package/frontend/pages/studiocms_api/_handlers/dashboard/users.ts ADDED Viewed

@@ -0,0 +1,312 @@
+import { developerConfig } from 'studiocms:config';
+import { Notifications } from 'studiocms:notifier';
+import { SDKCore } from 'studiocms:sdk';
+import type { tsPermissionsSelect } from 'studiocms:sdk/types';
+import routeConfig from 'virtual:studiocms/route-config';
+import { HttpApiBuilder } from '@effect/platform';
+import { StudioCMSDashboardApiSpec } from '@withstudiocms/api-spec';
+import { CurrentUser } from '@withstudiocms/api-spec/astro-context';
+import { DashboardAPIError } from '@withstudiocms/api-spec/dashboard';
+import { availablePermissionRanks } from '@withstudiocms/auth-kit/types';
+import { Effect } from 'effect';
+import { ValidRanks } from '#consts';
+import { sharedDBErrors, sharedNotifierErrors } from './_shared.js';
+/**
+ * Check if the Dashboard API is enabled in the route configuration.
+ */
+const dashboardAPIEnabled = routeConfig.dashboardAPIEnabled;
+/**
+ * Users Handlers for the Dashboard API
+ */
+export const UsersHandlers = HttpApiBuilder.group(StudioCMSDashboardApiSpec, 'users', (handlers) =>
+	handlers
+		.handle(
+			'updateUser',
+			Effect.fn(
+				function* ({ payload: { id, rank, emailVerified } }) {
+					if (!dashboardAPIEnabled) {
+						return yield* new DashboardAPIError({
+							error: 'Dashboard API is disabled',
+						});
+					}
+					if (developerConfig.demoMode !== false) {
+						return yield* new DashboardAPIError({
+							error: 'Demo mode is enabled, this action is not allowed.',
+						});
+					}
+					const [sdk, notifier, userData] = yield* Effect.all([
+						SDKCore,
+						Notifications,
+						CurrentUser,
+					]);
+					if (!userData.isLoggedIn || !userData.userPermissionLevel.isAdmin) {
+						return yield* new DashboardAPIError({
+							error: 'Unauthorized',
+						});
+					}
+					if (!ValidRanks.has(rank) || rank === 'unknown') {
+						return yield* new DashboardAPIError({
+							error: 'Invalid permission rank provided.',
+						});
+					}
+					const insertData: tsPermissionsSelect = {
+						user: id,
+						rank,
+					};
+					const user = yield* sdk.GET.users.byId(id);
+					if (!user) {
+						return yield* new DashboardAPIError({
+							error: 'User not found.',
+						});
+					}
+					const userPerms = availablePermissionRanks.indexOf(userData.permissionLevel);
+					const targetCurrentLevel = availablePermissionRanks.indexOf(
+						user.permissionsData?.rank || 'unknown'
+					);
+					const targetNewLevel = availablePermissionRanks.indexOf(rank);
+					if (userPerms === -1 || targetCurrentLevel === -1 || targetNewLevel === -1) {
+						return yield* new DashboardAPIError({
+							error: 'Invalid permission rank encountered.',
+						});
+					}
+					if (userPerms <= targetCurrentLevel) {
+						return yield* new DashboardAPIError({
+							error: 'You do not have permission to modify this user.',
+						});
+					}
+					if (userPerms <= targetNewLevel) {
+						return yield* new DashboardAPIError({
+							error: 'You cannot assign a permission rank equal to or higher than your own.',
+						});
+					}
+					const updatedData = yield* sdk.UPDATE.permissions(insertData);
+					if (!updatedData) {
+						return yield* new DashboardAPIError({
+							error: 'Failed to update user permissions.',
+						});
+					}
+					if (typeof emailVerified === 'boolean') {
+						yield* sdk.AUTH.user.update({
+							userId: id,
+							userData: {
+								id,
+								name: user.name,
+								username: user.username,
+								updatedAt: new Date().toISOString(),
+								createdAt: undefined,
+								emailVerified,
+							},
+						});
+					}
+					yield* Effect.all([
+						notifier.sendUserNotification('account_updated', id),
+						notifier.sendAdminNotification('user_updated', user.username),
+					]).pipe(
+						Effect.catchAll(
+							() =>
+								new DashboardAPIError({
+									error: 'Failed to send notifications',
+								})
+						)
+					);
+					return {
+						message: 'User updated successfully.',
+					};
+				},
+				Notifications.Provide,
+				Effect.catchTags({
+					...sharedDBErrors,
+					...sharedNotifierErrors,
+				})
+			)
+		)
+		.handle(
+			'deleteUser',
+			Effect.fn(
+				function* ({ payload: { userId, username, usernameConfirm } }) {
+					if (!dashboardAPIEnabled) {
+						return yield* new DashboardAPIError({
+							error: 'Dashboard API is disabled',
+						});
+					}
+					if (developerConfig.demoMode !== false) {
+						return yield* new DashboardAPIError({
+							error: 'Demo mode is enabled, this action is not allowed.',
+						});
+					}
+					const [sdk, notifier, userData] = yield* Effect.all([
+						SDKCore,
+						Notifications,
+						CurrentUser,
+					]);
+					if (!userData.isLoggedIn || !userData.userPermissionLevel.isAdmin) {
+						return yield* new DashboardAPIError({
+							error: 'Unauthorized',
+						});
+					}
+					if (username !== usernameConfirm) {
+						return yield* new DashboardAPIError({
+							error: 'Username confirmation does not match.',
+						});
+					}
+					const targetUser = yield* sdk.GET.users.byId(userId);
+					if (!targetUser) {
+						return yield* new DashboardAPIError({
+							error: 'User not found',
+						});
+					}
+					if (targetUser.username !== username) {
+						return yield* new DashboardAPIError({
+							error: 'Username confirmation does not match target user',
+						});
+					}
+					if (userData.user?.id && userData.user.id === userId) {
+						return yield* new DashboardAPIError({
+							error: 'You cannot delete your own account.',
+						});
+					}
+					const actorPerms = availablePermissionRanks.indexOf(userData.permissionLevel);
+					const targetPerms = availablePermissionRanks.indexOf(
+						targetUser.permissionsData?.rank || 'unknown'
+					);
+					if (actorPerms === -1 || targetPerms === -1) {
+						return yield* new DashboardAPIError({
+							error: 'Invalid permission rank encountered.',
+						});
+					}
+					if (actorPerms <= targetPerms) {
+						return yield* new DashboardAPIError({
+							error: 'You do not have permission to delete this user.',
+						});
+					}
+					if (targetUser.permissionsData?.rank === 'owner') {
+						const allUsers = yield* sdk.GET.users.all();
+						const ownerCount = allUsers.filter((u) => u.permissionsData?.rank === 'owner').length;
+						if (ownerCount <= 1) {
+							return yield* new DashboardAPIError({
+								error: 'Cannot delete the last owner account.',
+							});
+						}
+					}
+					const deleteResult = yield* sdk.DELETE.user(userId);
+					if (!deleteResult) {
+						return yield* new DashboardAPIError({
+							error: 'Failed to delete user.',
+						});
+					}
+					if (deleteResult.status === 'error') {
+						return yield* new DashboardAPIError({
+							error: deleteResult.message || 'Failed to delete user.',
+						});
+					}
+					yield* notifier.sendAdminNotification('user_deleted', targetUser.username).pipe(
+						Effect.catchAll(
+							() =>
+								new DashboardAPIError({
+									error: 'Failed to send notifications',
+								})
+						)
+					);
+					return {
+						message: deleteResult.message || 'User deleted successfully.',
+					};
+				},
+				Notifications.Provide,
+				Effect.catchTags({
+					...sharedDBErrors,
+					...sharedNotifierErrors,
+				})
+			)
+		)
+		.handle(
+			'updateUserNotifications',
+			Effect.fn(function* ({ payload: { id, notifications } }) {
+				if (!dashboardAPIEnabled) {
+					return yield* new DashboardAPIError({
+						error: 'Dashboard API is disabled',
+					});
+				}
+				if (developerConfig.demoMode !== false) {
+					return yield* new DashboardAPIError({
+						error: 'Demo mode is enabled, this action is not allowed.',
+					});
+				}
+				const [sdk, userData] = yield* Effect.all([SDKCore, CurrentUser]);
+				if (!userData.isLoggedIn || !userData.userPermissionLevel.isVisitor) {
+					return yield* new DashboardAPIError({
+						error: 'Unauthorized',
+					});
+				}
+				const existingUser = yield* sdk.GET.users.byId(id);
+				if (!existingUser) {
+					return yield* new DashboardAPIError({
+						error: 'User not found',
+					});
+				}
+				const updatedData = yield* sdk.AUTH.user.update({
+					userId: id,
+					userData: {
+						id,
+						name: existingUser.name,
+						username: existingUser.username,
+						updatedAt: new Date().toISOString(),
+						emailVerified: existingUser.emailVerified,
+						createdAt: undefined,
+						notifications,
+					},
+				});
+				if (!updatedData) {
+					return yield* new DashboardAPIError({
+						error: 'Failed to update user notifications',
+					});
+				}
+				return {
+					message: 'User notifications updated successfully',
+				};
+			}, Effect.catchTags(sharedDBErrors))
+		)
+);