npm - studiocms - Versions diffs - 0.2.0 → 0.4.0 - Mend

studiocms 0.2.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (293) hide show

package/frontend/pages/studiocms_api/_handlers/dashboard/verifyEndpoints.ts ADDED Viewed

@@ -0,0 +1,307 @@
+import { Session, VerifyEmail } from 'studiocms:auth/lib';
+import type { SessionValidationResult, UserSessionData } from 'studiocms:auth/lib/types';
+import { developerConfig } from 'studiocms:config';
+import { logger as _logger } from 'studiocms:logger';
+import { SDKCore } from 'studiocms:sdk';
+import routeConfig from 'virtual:studiocms/route-config';
+import { HttpApiBuilder, HttpServerResponse } from '@effect/platform';
+import { StudioCMSDashboardApiSpec } from '@withstudiocms/api-spec';
+import { CurrentUser } from '@withstudiocms/api-spec/astro-context';
+import { DashboardAPIError } from '@withstudiocms/api-spec/dashboard';
+import { AstroAPIContext } from '@withstudiocms/effect';
+import type { APIContext } from 'astro';
+import { Effect } from 'effect';
+import { AuthSessionCookieName } from '#consts';
+import { sharedDBErrors, sharedNotifierErrors } from './_shared.js';
+/**
+ * Check if the Dashboard API is enabled in the route configuration.
+ */
+const dashboardAPIEnabled = routeConfig.dashboardAPIEnabled;
+/**
+ * Response Data object for the verifySession endpoint. This defines the structure of the response that will be sent back to the client when verifying a user's session. It includes information about whether the user is logged in, their user details, permission level, and relevant route links for the dashboard.
+ */
+type ResponseData = {
+	isLoggedIn: boolean;
+	user: {
+		id: string;
+		name: string;
+		email: string | null;
+		avatar: string | null;
+		username: string;
+	} | null;
+	permissionLevel: UserSessionData['permissionLevel'];
+	routes: {
+		logout: string;
+		userProfile: string;
+		contentManagement: string;
+		dashboardIndex: string;
+	};
+};
+/**
+ * Response builder for the verifySession endpoint. This function constructs a standardized response object containing the user's authentication status, user information, permission level, and relevant route links. It is used to provide consistent responses for session verification requests, allowing the frontend to easily determine the user's session state and permissions.
+ */
+const responseBuilder = (
+	context: APIContext,
+	isLoggedIn: boolean,
+	user: SessionValidationResult['user'],
+	permissionLevel: UserSessionData['permissionLevel']
+) => {
+	const data: ResponseData = {
+		isLoggedIn,
+		user: user
+			? {
+					id: user.id,
+					name: user.name,
+					email: user.email || null,
+					avatar: user.avatar || null,
+					username: user.username,
+				}
+			: null,
+		permissionLevel: permissionLevel,
+		routes: {
+			logout: context.locals.StudioCMS.routeMap.authLinks.logoutAPI,
+			userProfile: context.locals.StudioCMS.routeMap.mainLinks.userProfile,
+			contentManagement: context.locals.StudioCMS.routeMap.mainLinks.contentManagement,
+			dashboardIndex: context.locals.StudioCMS.routeMap.mainLinks.dashboardIndex,
+		},
+	};
+	return data;
+};
+/**
+ * Verify Endpoints Handlers for the Dashboard API
+ */
+export const VerifyEndpointsHandlers = HttpApiBuilder.group(
+	StudioCMSDashboardApiSpec,
+	'verifyEndpoints',
+	(handlers) =>
+		handlers
+			.handle(
+				'verifyEmail',
+				Effect.fn(
+					function* ({ urlParams: { token, userId } }) {
+						if (!dashboardAPIEnabled) {
+							return yield* new DashboardAPIError({
+								error: 'Dashboard API is disabled, this action is not allowed.',
+							});
+						}
+						if (developerConfig.demoMode !== false) {
+							return yield* new DashboardAPIError({
+								error: 'Demo mode is enabled, this action is not allowed.',
+							});
+						}
+						const [sdk, verifyEmail, ctx] = yield* Effect.all([
+							SDKCore,
+							VerifyEmail,
+							AstroAPIContext,
+						]);
+						const verificationToken = yield* verifyEmail.getEmailVerificationRequest(userId);
+						if (!verificationToken) {
+							return yield* new DashboardAPIError({
+								error: 'Verification token not found',
+							});
+						}
+						if (verificationToken.token !== token) {
+							return yield* new DashboardAPIError({
+								error: 'Invalid token',
+							});
+						}
+						const existingUser = yield* sdk.GET.users.byId(userId);
+						if (!existingUser) {
+							return yield* new DashboardAPIError({
+								error: 'User not found',
+							});
+						}
+						yield* Effect.all([
+							sdk.AUTH.user.update({
+								userId,
+								userData: {
+									id: userId,
+									name: existingUser.name,
+									username: existingUser.username,
+									emailVerified: true,
+									updatedAt: new Date().toISOString(),
+									createdAt: undefined,
+								},
+							}),
+							sdk.AUTH.verifyEmail.delete(userId),
+						]);
+						if (!ctx.site) {
+							return yield* new DashboardAPIError({
+								error: 'Site configuration not found',
+							});
+						}
+						return HttpServerResponse.redirect(
+							new URL(ctx.locals.StudioCMS.routeMap.mainLinks.dashboardIndex, ctx.site?.toString())
+						);
+					},
+					VerifyEmail.Provide,
+					Effect.catchTags({
+						...sharedDBErrors,
+						...sharedNotifierErrors,
+					})
+				)
+			)
+			.handle(
+				'verifySession',
+				Effect.fn(function* ({ payload: { originPathname } }) {
+					const [ses, sdk, ctx] = yield* Effect.all([
+						Session.pipe(
+							Effect.catchAll(
+								() => new DashboardAPIError({ error: 'Failed to initialize session' })
+							)
+						),
+						SDKCore,
+						AstroAPIContext,
+					]);
+					const logger = _logger.fork('studiocms:runtime:api:verify-session');
+					if (!dashboardAPIEnabled) {
+						return responseBuilder(ctx, false, null, 'unknown');
+					}
+					const { cookies } = ctx;
+					const sessionToken = cookies.get(AuthSessionCookieName)?.value ?? null;
+					if (!sessionToken) {
+						logger.info(
+							`No session token found in cookies, returning unknown session status. Origin: ${originPathname}`
+						);
+						return responseBuilder(ctx, false, null, 'unknown');
+					}
+					const { session, user } = yield* ses
+						.validateSessionToken(sessionToken)
+						.pipe(
+							Effect.catchAll(
+								() => new DashboardAPIError({ error: 'Failed to validate session token' })
+							)
+						);
+					if (session === null) {
+						yield* ses.deleteSessionTokenCookie(ctx).pipe(
+							Effect.catchAll(
+								() =>
+									new DashboardAPIError({
+										error: 'Failed to delete invalid session token cookie',
+									})
+							)
+						);
+						logger.info(
+							`Session token is invalid or expired, deleting cookie. Origin: ${originPathname}`
+						);
+						return responseBuilder(ctx, false, null, 'unknown');
+					}
+					if (!user || user === null) {
+						logger.info(
+							`No user found for session token, returning unknown session status. Origin: ${originPathname}`
+						);
+						return responseBuilder(ctx, false, null, 'unknown');
+					}
+					const result = yield* sdk.AUTH.permission.currentStatus(user.id);
+					if (!result) {
+						logger.error(
+							`Failed to retrieve permission status for user ${user.id}, returning unknown session status. Origin: ${originPathname}`
+						);
+						return responseBuilder(ctx, true, user, 'unknown');
+					}
+					const permissionLevel: UserSessionData['permissionLevel'] = result.rank;
+					return responseBuilder(ctx, true, user, permissionLevel);
+				}, Effect.catchTags(sharedDBErrors))
+			)
+			.handle(
+				'resendVerifyEmail',
+				Effect.fn(
+					function* ({ payload: { userId } }) {
+						if (!dashboardAPIEnabled) {
+							return yield* new DashboardAPIError({
+								error: 'Dashboard API is disabled, this action is not allowed.',
+							});
+						}
+						if (developerConfig.demoMode !== false) {
+							return yield* new DashboardAPIError({
+								error: 'Demo mode is enabled, this action is not allowed.',
+							});
+						}
+						const [sdk, verifier, ctx, userData] = yield* Effect.all([
+							SDKCore,
+							VerifyEmail,
+							AstroAPIContext,
+							CurrentUser,
+						]);
+						if (!ctx.locals.StudioCMS.siteConfig.data.enableMailer) {
+							return yield* new DashboardAPIError({
+								error: 'Mailer is disabled, this action is disabled.',
+							});
+						}
+						if (!userData.isLoggedIn || !userData.userPermissionLevel.isAdmin) {
+							return yield* new DashboardAPIError({
+								error: 'Unauthorized',
+							});
+						}
+						const newToken = yield* sdk.AUTH.verifyEmail.create(userId);
+						if (!newToken) {
+							return yield* new DashboardAPIError({
+								error: 'Failed to create verification token',
+							});
+						}
+						const response = yield* verifier
+							.sendVerificationEmail(userId)
+							.pipe(
+								Effect.catchAll(
+									() => new DashboardAPIError({ error: 'Failed to send verification email' })
+								)
+							);
+						if (!response) {
+							return yield* new DashboardAPIError({
+								error: 'Failed to send verification email',
+							});
+						}
+						if ('error' in response) {
+							return yield* new DashboardAPIError({
+								error: response.error,
+							});
+						}
+						return {
+							message: response.message,
+						};
+					},
+					VerifyEmail.Provide,
+					Effect.catchTags({
+						...sharedDBErrors,
+						...sharedNotifierErrors,
+						GeneratorError: () => new DashboardAPIError({ error: 'An unknown error occurred' }),
+					})
+				)
+			)
+);

package/frontend/pages/studiocms_api/_handlers/integration/dbStudio.ts ADDED Viewed

@@ -0,0 +1,98 @@
+import config from 'studiocms:config';
+import { HttpApiBuilder } from '@effect/platform';
+import { Unauthorized } from '@effect/platform/HttpApiError';
+import { CurrentUser } from '@withstudiocms/api-spec/astro-context';
+import {
+	DbStudioQueryError,
+	IntegrationsAPIError,
+	StudioCMSIntegrationsApiSpec,
+} from '@withstudiocms/api-spec/integrations';
+import { CMSLogger } from '@withstudiocms/effect';
+import { Effect, Layer } from 'effect';
+import { AstroLocalsAuthLive } from '../../_middleware/astroLocals.js';
+import { getDriverInstance } from '../_utils/db-studio-driver.js';
+import { parseLogLevel } from '../_utils/parseLogLevel.js';
+/**
+ * Custom error class used for quick escaping from deep error handling in the Effect chain.
+ */
+export class QuickEscapeError {
+	readonly _tag = 'QuickEscapeError';
+	constructor(public data: typeof DbStudioQueryError.Type) {}
+}
+/**
+ * DB Studio API Handler.
+ *
+ * This handler manages the API routes for the DB Studio, including database queries and storage management.
+ */
+export const DbStudioAPIHandler = HttpApiBuilder.group(
+	StudioCMSIntegrationsApiSpec,
+	'dbStudio',
+	(handlers) =>
+		handlers.handle(
+			'dbStudioQuery',
+			Effect.fn(function* ({ payload }) {
+				const isDev = import.meta.env.DEV;
+				const logLevel = parseLogLevel(config.logLevel);
+				const log = new CMSLogger({ level: logLevel }, 'studiocms:database/studio');
+				// Check if demo mode is enabled
+				if (config.features.developerConfig.demoMode !== false) {
+					return yield* new Unauthorized();
+				}
+				const currentUser = yield* CurrentUser;
+				// Security check: only allow access in the following cases
+				// 1. In development mode
+				// 2. In production, only if the user is an owner
+				if (!isDev && currentUser.permissionLevel !== 'owner') {
+					return yield* new Unauthorized();
+				}
+				// Get the database driver instance
+				const driver = yield* getDriverInstance().pipe(
+					Effect.catchTag(
+						'DriverError',
+						(error) =>
+							new IntegrationsAPIError({
+								error: `Failed to get database driver: ${error.message}`,
+							})
+					)
+				);
+				log.debug(`Received ${payload.type} request`);
+				return yield* Effect.tryPromise({
+					try: async () => {
+						if (payload.type === 'query') {
+							const r = await driver.query(payload.statement);
+							return {
+								type: payload.type,
+								id: payload.id,
+								data: r,
+							};
+						}
+						const r = await driver.batch(payload.statements as string[]);
+						log.debug(`${payload.type} executed with ${r.length} results`);
+						return {
+							type: payload.type,
+							id: payload.id,
+							data: r,
+						};
+					},
+					catch: (cause) =>
+						new QuickEscapeError(
+							DbStudioQueryError.make({
+								id: payload.id,
+								type: payload.type,
+								error: cause instanceof Error ? cause.message : String(cause),
+							})
+						),
+				}).pipe(Effect.catchTag('QuickEscapeError', ({ data }) => Effect.succeed(data)));
+			})
+		)
+).pipe(Layer.provide(AstroLocalsAuthLive));

package/frontend/pages/studiocms_api/_handlers/integration/index.ts ADDED Viewed

@@ -0,0 +1,17 @@
+import { HttpApiBuilder } from '@effect/platform';
+import { StudioCMSIntegrationsApiSpec } from '@withstudiocms/api-spec';
+import { Layer } from 'effect';
+import { DbStudioAPIHandler } from './dbStudio.js';
+import { StorageManagerAPIHandler } from './storageManager.js';
+/**
+ * Combined Integrations API Handler.
+ */
+export const IntegrationsAPIHandler = Layer.merge(DbStudioAPIHandler, StorageManagerAPIHandler);
+/**
+ * Live implementation of the Integrations API Handler.
+ */
+export const IntegrationsAPILive = HttpApiBuilder.api(StudioCMSIntegrationsApiSpec).pipe(
+	Layer.provide(IntegrationsAPIHandler)
+);

package/frontend/pages/studiocms_api/_handlers/integration/storageManager.ts ADDED Viewed

@@ -0,0 +1,107 @@
+import APIServiceModule from 'studiocms:storage-manager/module';
+import { HttpApiBuilder, type HttpServerResponse } from '@effect/platform';
+import type { HttpBodyError } from '@effect/platform/HttpBody';
+import { StudioCMSIntegrationsApiSpec } from '@withstudiocms/api-spec';
+import { AstroAPIContext } from '@withstudiocms/api-spec/astro-context';
+import { IntegrationsAPIError } from '@withstudiocms/api-spec/integrations';
+import type { APIContext } from 'astro';
+import { Effect, Layer } from 'effect';
+import type { StorageAPIEndpointFn } from '#storage-api';
+import APICore from '#storage-manager/core/api-core';
+import UrlMappingDatabase from '#storage-manager/core/database';
+import EffectifyAstroContextDriver from '#storage-manager/core/effectify-astro-context';
+import UrlMappingService from '#storage-manager/core/url-mapping';
+import { AstroLocalsAuthLive } from '../../_middleware/astroLocals.js';
+// Singleton instance of the API core
+let apiCore: APICore<
+	APIContext,
+	Effect.Effect<HttpServerResponse.HttpServerResponse, HttpBodyError>
+>;
+/**
+ * Retrieves the singleton instance of the APICore.
+ *
+ * This function initializes the APICore instance if it hasn't been created yet,
+ * setting up the necessary context driver, URL mapping service, and API service module.
+ *
+ * @returns The singleton APICore instance.
+ */
+function getAPICore() {
+	if (apiCore) {
+		return apiCore;
+	}
+	// Instantiate the Effectify Astro context driver
+	const effectifyAstroContextDriver = new EffectifyAstroContextDriver();
+	// Instantiate the database
+	const database = new UrlMappingDatabase();
+	// Instantiate the URL mapping service
+	const urlMappingService = new UrlMappingService(database);
+	// Instantiate the API service module
+	const apiService = new APIServiceModule(effectifyAstroContextDriver, urlMappingService);
+	// Instantiate the API core
+	apiCore = new APICore({
+		driver: effectifyAstroContextDriver,
+		urlMappingService: urlMappingService,
+		storageDriver: apiService,
+	});
+	return apiCore;
+}
+/**
+ * Helper function to create storage manager handlers with consistent error handling.
+ *
+ * This function takes a StorageAPIEndpointFn and returns a handler function that processes the request
+ * using the APICore instance. It includes error handling to catch and transform errors into a consistent format.
+ *
+ * @param _try - The StorageAPIEndpointFn to execute for the request.
+ * @returns A function that handles the API request and returns an Effect with the response or error.
+ */
+const makeStorageManagerHandler = (
+	_try: StorageAPIEndpointFn<
+		APIContext,
+		Effect.Effect<HttpServerResponse.HttpServerResponse, HttpBodyError, never>
+	>
+) =>
+	AstroAPIContext.pipe(
+		Effect.flatMap((ctx) =>
+			Effect.tryPromise({
+				try: () => _try(ctx),
+				catch: (error) =>
+					new IntegrationsAPIError({
+						error: `Failed to handle storage manager request: ${error instanceof Error ? error.message : String(error)}`,
+					}),
+			})
+		),
+		Effect.flatten,
+		Effect.catchTag(
+			'HttpBodyError',
+			() =>
+				new IntegrationsAPIError({
+					error: 'Failed to parse request body',
+				})
+		)
+	);
+/**
+ * Storage Manager API Handler.
+ *
+ * This handler manages the API routes for storage management, including database queries and storage operations.
+ * It uses the APICore to handle storage-related requests and includes error handling for various failure scenarios.
+ */
+export const StorageManagerAPIHandler = HttpApiBuilder.group(
+	StudioCMSIntegrationsApiSpec,
+	'storageManager',
+	(handlers) =>
+		handlers
+			.handleRaw('storageManager', () => makeStorageManagerHandler(getAPICore().getPOST('locals')))
+			.handleRaw('storageManagerUpload', () =>
+				makeStorageManagerHandler(getAPICore().getPUT('locals'))
+			)
+).pipe(Layer.provide(AstroLocalsAuthLive));

package/frontend/pages/studiocms_api/_handlers/rest-api/index.ts ADDED Viewed

@@ -0,0 +1,8 @@
+import { RestAPIV1Live } from './v1/index.js';
+/**
+ * Live REST API Handler Layer - Provides the REST API with all necessary dependencies for live operation.
+ *
+ * For now, We just re-export the V1 live handler, but in the future, this can be expanded to include additional versions
+ */
+export const RestAPILive = RestAPIV1Live;

package/frontend/pages/studiocms_api/_handlers/rest-api/v1/_shared.ts ADDED Viewed

@@ -0,0 +1,41 @@
+import { RestAPIError } from '@withstudiocms/api-spec/rest-api';
+/**
+ * Shared database error handlers for the REST API. These handlers convert common database-related errors into consistent RestAPIError responses, allowing for cleaner and more maintainable error handling across all endpoints that interact with the database.
+ */
+export const sharedDBErrors = {
+	DBCallbackFailure: () => new RestAPIError({ error: 'Database callback failed' }),
+	DBClientInitializationError: () =>
+		new RestAPIError({ error: 'Database client initialization failed' }),
+	NotFoundError: () => new RestAPIError({ error: 'Resource not found' }),
+	QueryError: () => new RestAPIError({ error: 'Database query failed' }),
+	QueryParseError: () => new RestAPIError({ error: 'Database query parsing failed' }),
+	SDKInitializationError: () => new RestAPIError({ error: 'SDK initialization failed' }),
+};
+/**
+ * Shared notification error handlers for the REST API. These handlers convert common notification-related errors into consistent RestAPIError responses, allowing for cleaner and more maintainable error handling across all endpoints that involve sending notifications.
+ */
+export const sharedNotifierErrors = {
+	ConfigError: () => new RestAPIError({ error: 'Configuration error during notification sending' }),
+	SMTPError: () => new RestAPIError({ error: 'SMTP error during notification sending' }),
+	UnknownException: () =>
+		new RestAPIError({ error: 'An unknown error occurred during notification sending' }),
+};
+/**
+ * Shared page collection error handlers for the REST API. These handlers convert common errors that can occur during the collection of pages for operations like category deletion into consistent RestAPIError responses, allowing for cleaner and more maintainable error handling in endpoints that involve complex data collection and manipulation.
+ */
+export const sharedPageCollectionErrors = {
+	ParseError: () => new RestAPIError({ error: 'Failed to parse data during page collection' }),
+	FolderTreeError: () =>
+		new RestAPIError({
+			error: 'Failed to retrieve folder tree during page collection',
+		}),
+	CollectorError: () =>
+		new RestAPIError({
+			error: 'Failed to collect necessary data during page collection',
+		}),
+	PaginateError: () =>
+		new RestAPIError({ error: 'Failed to paginate data during page collection' }),
+};

package/frontend/pages/studiocms_api/_handlers/rest-api/v1/index.ts ADDED Viewed

@@ -0,0 +1,17 @@
+import { HttpApiBuilder } from '@effect/platform';
+import { StudioCMSRestApiV1Spec } from '@withstudiocms/api-spec';
+import { Layer } from 'effect';
+import { RestApiPublicHandler } from './public.js';
+import { RestApiSecureHandler } from './secure.js';
+/**
+ * Collection of REST API handlers for the new Effect HttpApi handlers. This collection currently includes both public and secure handlers for REST API v1, but can be expanded in the future to include additional versions or handler groups as needed.
+ */
+const RestAPILayers = Layer.merge(RestApiPublicHandler, RestApiSecureHandler);
+/**
+ * Live REST API V1 Handler Layer - Provides the REST API with all necessary dependencies for live operation.
+ */
+export const RestAPIV1Live = HttpApiBuilder.api(StudioCMSRestApiV1Spec).pipe(
+	Layer.provide(RestAPILayers)
+);