npm - studiocms - Versions diffs - 0.2.0 → 0.4.0 - Mend

studiocms 0.2.0 → 0.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (293) hide show

package/frontend/pages/studiocms_api/dashboard/create-user.ts DELETED Viewed

@@ -1,186 +0,0 @@
-import { Password, User } from 'studiocms:auth/lib';
-import { apiResponseLogger } from 'studiocms:logger';
-import { Notifications } from 'studiocms:notifier';
-import { SDKCore } from 'studiocms:sdk';
-import { type AvailablePermissionRanks, UserPermissionLevel } from '@withstudiocms/auth-kit/types';
-import {
-	AllResponse,
-	createEffectAPIRoutes,
-	createJsonResponse,
-	Effect,
-	genLogger,
-	OptionsResponse,
-	readAPIContextJson,
-} from '@withstudiocms/effect';
-import { z } from 'astro/zod';
-import { ValidRanks } from '#consts';
-type JSONData = {
-	username: string | undefined;
-	password: string | undefined;
-	email: string | undefined;
-	displayname: string | undefined;
-	rank: AvailablePermissionRanks | undefined;
-};
-export const { POST, OPTIONS, ALL } = createEffectAPIRoutes(
-	{
-		POST: (ctx) =>
-			genLogger('studiocms/routes/api/dashboard/create-user.POST')(function* () {
-				const [pass, userHelper, notify, sdk] = yield* Effect.all([
-					Password,
-					User,
-					Notifications,
-					SDKCore,
-				]);
-				// Get user data
-				const userData = ctx.locals.StudioCMS.security?.userSessionData;
-				// Check if user is logged in
-				if (!userData?.isLoggedIn) {
-					return apiResponseLogger(403, 'Unauthorized');
-				}
-				// Check if user has permission
-				const isAuthorized = ctx.locals.StudioCMS.security?.userPermissionLevel.isAdmin;
-				if (!isAuthorized) {
-					return apiResponseLogger(403, 'Unauthorized');
-				}
-				let { username, password, email, displayname, rank } =
-					yield* readAPIContextJson<JSONData>(ctx);
-				// If the username, password, email, or display name is missing, return an error
-				if (!username) {
-					return apiResponseLogger(400, 'Missing field: Username is required');
-				}
-				if (!password) {
-					password = yield* sdk.UTIL.Generators.generateRandomPassword(12);
-				}
-				if (!email) {
-					return apiResponseLogger(400, 'Missing field: Email is required');
-				}
-				if (!displayname) {
-					return apiResponseLogger(400, 'Missing field: Display name is required');
-				}
-				if (!rank) {
-					return apiResponseLogger(400, 'Missing field: Rank is required');
-				}
-				// Validate target rank and ensure caller has sufficient privilege
-				if (!ValidRanks.has(rank) || rank === 'unknown') {
-					return apiResponseLogger(400, 'Invalid rank');
-				}
-				const callerPerm = yield* userHelper.getUserPermissionLevel(userData);
-				const rankToPerm = (r: typeof rank) => {
-					switch (r) {
-						case 'owner':
-							return UserPermissionLevel.owner;
-						case 'admin':
-							return UserPermissionLevel.admin;
-						case 'editor':
-							return UserPermissionLevel.editor;
-						case 'visitor':
-							return UserPermissionLevel.visitor;
-						default:
-							return UserPermissionLevel.unknown;
-					}
-				};
-				const targetPerm = rankToPerm(rank);
-				// Use explicit weights to avoid relying on enum ordinal
-				const permWeight = (lvl: UserPermissionLevel) => {
-					switch (lvl) {
-						case UserPermissionLevel.owner:
-							return 4;
-						case UserPermissionLevel.admin:
-							return 3;
-						case UserPermissionLevel.editor:
-							return 2;
-						case UserPermissionLevel.visitor:
-							return 1;
-						default:
-							return 0;
-					}
-				};
-				// Only owners can assign 'owner'
-				if (rank === 'owner' && callerPerm !== UserPermissionLevel.owner) {
-					return createJsonResponse({ error: 'Forbidden' }, { status: 403 });
-				}
-				// Allow equality for owner→owner; otherwise require caller >= target
-				if (permWeight(callerPerm) < permWeight(targetPerm)) {
-					return createJsonResponse({ error: 'Forbidden' }, { status: 403 });
-				}
-				// If the email is invalid, return an error
-				const checkEmail = z.coerce
-					.string()
-					.email({ message: 'Email address is invalid' })
-					.safeParse(email);
-				if (!checkEmail.success) {
-					return apiResponseLogger(400, `Invalid email: ${checkEmail.error.message}`);
-				}
-				const [verifyUsernameResponse, verifyPasswordResponse, { usernameSearch, emailSearch }] =
-					yield* Effect.all([
-						userHelper.verifyUsernameInput(username),
-						pass.verifyPasswordStrength(password),
-						sdk.AUTH.user.searchUsersForUsernameOrEmail(username, checkEmail.data),
-					]);
-				// If the username is invalid, return an error
-				if (verifyUsernameResponse !== true) {
-					return apiResponseLogger(400, verifyUsernameResponse);
-				}
-				// If the password is invalid, return an error
-				if (verifyPasswordResponse !== true) {
-					return apiResponseLogger(400, verifyPasswordResponse);
-				}
-				if (usernameSearch.length > 0) {
-					return apiResponseLogger(400, 'Invalid username: Username is already in use');
-				}
-				if (emailSearch.length > 0) {
-					return apiResponseLogger(400, 'Invalid email: Email is already in use');
-				}
-				// Create a new user
-				yield* userHelper.createLocalUser(displayname, username, email, password).pipe(
-					Effect.flatMap((newUser) =>
-						sdk.UPDATE.permissions({
-							user: newUser.id,
-							rank: rank,
-						})
-					),
-					Effect.tap(() => notify.sendAdminNotification('new_user', username))
-				);
-				return apiResponseLogger(
-					200,
-					JSON.stringify({ username, email, displayname, rank: rank, password })
-				);
-			}).pipe(Notifications.Provide),
-		OPTIONS: () => Effect.try(() => OptionsResponse({ allowedMethods: ['POST'] })),
-		ALL: () => Effect.try(() => AllResponse()),
-	},
-	{
-		cors: { methods: ['POST', 'OPTIONS'] },
-		onError: (error) => {
-			console.error('API Error:', error);
-			return createJsonResponse(
-				{ error: 'Internal Server Error' },
-				{
-					status: 500,
-				}
-			);
-		},
-	}
-);

package/frontend/pages/studiocms_api/dashboard/email-notification-settings-site.ts DELETED Viewed

@@ -1,74 +0,0 @@
-import { apiResponseLogger } from 'studiocms:logger';
-import { SDKCore } from 'studiocms:sdk';
-import type { ConfigFinal, StudioCMSNotificationSettings } from 'studiocms:sdk/types';
-import {
-	AllResponse,
-	createEffectAPIRoutes,
-	createJsonResponse,
-	Effect,
-	genLogger,
-	OptionsResponse,
-	readAPIContextJson,
-} from '@withstudiocms/effect';
-export const { POST, OPTIONS, ALL } = createEffectAPIRoutes(
-	{
-		POST: (ctx) =>
-			genLogger('studiocms/routes/api/dashboard/email-notification-settings-site.POST')(
-				function* () {
-					const sdk = yield* SDKCore;
-					// Get user data
-					const userData = ctx.locals.StudioCMS.security?.userSessionData;
-					// Check if user is logged in
-					if (!userData?.isLoggedIn) {
-						return apiResponseLogger(403, 'Unauthorized');
-					}
-					// Check if user has permission
-					const isAuthorized = ctx.locals.StudioCMS.security?.userPermissionLevel.isOwner;
-					if (!isAuthorized) {
-						return apiResponseLogger(403, 'Unauthorized');
-					}
-					yield* readAPIContextJson<unknown>(ctx).pipe(
-						Effect.map((raw) => {
-							const rawData = (raw ?? {}) as Record<string, unknown>;
-							const safe = {
-								emailVerification:
-									typeof rawData.emailVerification === 'boolean'
-										? rawData.emailVerification
-										: undefined,
-								requireAdminVerification:
-									typeof rawData.requireAdminVerification === 'boolean'
-										? rawData.requireAdminVerification
-										: undefined,
-								requireEditorVerification:
-									typeof rawData.requireEditorVerification === 'boolean'
-										? rawData.requireEditorVerification
-										: undefined,
-								oAuthBypassVerification:
-									typeof rawData.oAuthBypassVerification === 'boolean'
-										? rawData.oAuthBypassVerification
-										: undefined,
-							} as ConfigFinal<StudioCMSNotificationSettings>;
-							return safe;
-						}),
-						Effect.flatMap((data) => sdk.notificationSettings.site.update(data))
-					);
-					return apiResponseLogger(200, 'Notification settings updated');
-				}
-			),
-		OPTIONS: () => Effect.try(() => OptionsResponse({ allowedMethods: ['POST'] })),
-		ALL: () => Effect.try(() => AllResponse()),
-	},
-	{
-		cors: { methods: ['POST', 'OPTIONS'] },
-		onError: (error) => {
-			console.error('API Error:', error);
-			return createJsonResponse({ error: 'Internal Server Error' }, { status: 500 });
-		},
-	}
-);

package/frontend/pages/studiocms_api/dashboard/mailer/check-email.ts DELETED Viewed

@@ -1,75 +0,0 @@
-import { apiResponseLogger } from 'studiocms:logger';
-import { Mailer } from 'studiocms:mailer';
-import {
-	AllResponse,
-	createEffectAPIRoutes,
-	createJsonResponse,
-	Effect,
-	genLogger,
-	OptionsResponse,
-	readAPIContextJson,
-} from '@withstudiocms/effect';
-export const { POST, OPTIONS, ALL } = createEffectAPIRoutes(
-	{
-		POST: (ctx) =>
-			genLogger('routes/mailer/test-email/POST')(function* () {
-				const mailer = yield* Mailer;
-				// Check if mailer is enabled
-				if (!ctx.locals.StudioCMS.siteConfig.data.enableMailer) {
-					return apiResponseLogger(403, 'Mailer is disabled for this site');
-				}
-				// Check if user is logged in
-				if (!ctx.locals.StudioCMS.security?.userSessionData.isLoggedIn) {
-					return apiResponseLogger(403, 'Unauthorized');
-				}
-				// Check if user has permission
-				if (!ctx.locals.StudioCMS.security?.userPermissionLevel.isOwner) {
-					return apiResponseLogger(403, 'Unauthorized');
-				}
-				// Get JSON data safely
-				let test_email: unknown;
-				try {
-					({ test_email } = yield* readAPIContextJson<{ test_email?: unknown }>(ctx));
-				} catch {
-					return apiResponseLogger(400, 'Invalid JSON body');
-				}
-				// Validate form data
-				if (typeof test_email !== 'string' || test_email.trim() === '') {
-					return apiResponseLogger(400, 'Invalid form data, test_email is required');
-				}
-				const email = test_email.trim();
-				// Basic email sanity-check
-				if (!/^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email)) {
-					return apiResponseLogger(400, 'Invalid email address');
-				}
-				// Send Test Email
-				const response = yield* mailer.sendMail({
-					to: test_email,
-					subject: 'StudioCMS Test Email',
-					text: 'This is a test email from StudioCMS.',
-				});
-				if ('error' in response) {
-					console.error('Mailer test-email failed:', response.error);
-					return apiResponseLogger(500, 'Failed to send test email');
-				}
-				return apiResponseLogger(200, 'Test email sent');
-			}).pipe(Mailer.Provide),
-		OPTIONS: () => Effect.try(() => OptionsResponse({ allowedMethods: ['POST'] })),
-		ALL: () => Effect.try(() => AllResponse()),
-	},
-	{
-		cors: { methods: ['POST', 'OPTIONS'] },
-		onError: (error) => {
-			console.error('API Error:', error);
-			return createJsonResponse({ error: 'Internal Server Error' }, { status: 500 });
-		},
-	}
-);

package/frontend/pages/studiocms_api/dashboard/mailer/config.ts DELETED Viewed

@@ -1,136 +0,0 @@
-import { apiResponseLogger } from 'studiocms:logger';
-import { Mailer } from 'studiocms:mailer';
-import {
-	AllResponse,
-	createEffectAPIRoutes,
-	createJsonResponse,
-	Effect,
-	genLogger,
-	OptionsResponse,
-	parseAPIContextJson,
-	Schema,
-} from '@withstudiocms/effect';
-export class SmtpConfigSchema extends Schema.Class<SmtpConfigSchema>('SmtpConfigSchema')({
-	port: Schema.Number,
-	host: Schema.String,
-	secure: Schema.Boolean,
-	proxy: Schema.Union(Schema.String, Schema.Null),
-	auth_user: Schema.Union(Schema.String, Schema.Null),
-	auth_pass: Schema.Union(Schema.String, Schema.Null),
-	tls_rejectUnauthorized: Schema.Union(Schema.Boolean, Schema.Null),
-	tls_servername: Schema.Union(Schema.String, Schema.Null),
-	default_sender: Schema.String,
-}) {}
-export const { POST, PATCH, OPTIONS, ALL } = createEffectAPIRoutes(
-	{
-		POST: (ctx) =>
-			genLogger('routes/mailer/config/POST')(function* () {
-				const mailer = yield* Mailer;
-				// Check if user is logged in
-				if (!ctx.locals.StudioCMS.security?.userSessionData.isLoggedIn) {
-					return apiResponseLogger(401, 'Authentication required');
-				}
-				// Check if user has permission
-				if (!ctx.locals.StudioCMS.security?.userPermissionLevel.isOwner) {
-					return apiResponseLogger(403, 'Forbidden');
-				}
-				// Get Json Data
-				const smtpConfig = yield* parseAPIContextJson(ctx, SmtpConfigSchema);
-				// Validate form data
-				if (!Number.isInteger(smtpConfig.port) || smtpConfig.port < 1 || smtpConfig.port > 65535) {
-					return apiResponseLogger(
-						400,
-						'Invalid form data, port must be an integer between 1 and 65535'
-					);
-				}
-				if (typeof smtpConfig.host !== 'string' || smtpConfig.host.trim() === '') {
-					return apiResponseLogger(400, 'Invalid form data, host is required');
-				}
-				if (typeof smtpConfig.secure !== 'boolean') {
-					return apiResponseLogger(400, 'Invalid form data, secure must be a boolean');
-				}
-				if (
-					typeof smtpConfig.default_sender !== 'string' ||
-					smtpConfig.default_sender.trim() === ''
-				) {
-					return apiResponseLogger(400, 'Invalid form data, default_sender is required');
-				}
-				// Update Database
-				const config = yield* mailer.createMailerConfigTable(smtpConfig);
-				if (!config) {
-					return apiResponseLogger(500, 'Error creating mailer config table');
-				}
-				return apiResponseLogger(200, 'Mailer config updated');
-			}).pipe(Mailer.Provide),
-		PATCH: (ctx) =>
-			genLogger('routes/mailer/config/PATCH')(function* () {
-				const mailer = yield* Mailer;
-				// Check if user is logged in
-				if (!ctx.locals.StudioCMS.security?.userSessionData.isLoggedIn) {
-					return apiResponseLogger(403, 'Unauthorized');
-				}
-				// Check if user has permission
-				if (!ctx.locals.StudioCMS.security?.userPermissionLevel.isOwner) {
-					return apiResponseLogger(403, 'Unauthorized');
-				}
-				// Get Json Data
-				const smtpConfig = yield* parseAPIContextJson(ctx, SmtpConfigSchema);
-				// Validate form data
-				if (!smtpConfig.port) {
-					return apiResponseLogger(400, 'Invalid form data, port is required');
-				}
-				if (!smtpConfig.host) {
-					return apiResponseLogger(400, 'Invalid form data, host is required');
-				}
-				if (!smtpConfig.secure) {
-					return apiResponseLogger(400, 'Invalid form data, secure is required');
-				}
-				if (!smtpConfig.default_sender) {
-					return apiResponseLogger(400, 'Invalid form data, default_sender is required');
-				}
-				// Update Database
-				const config = yield* mailer.updateMailerConfigTable(smtpConfig);
-				if (!config) {
-					return apiResponseLogger(500, 'Error updating mailer config table');
-				}
-				return apiResponseLogger(200, 'Mailer config updated');
-			}).pipe(Mailer.Provide),
-		OPTIONS: () => Effect.try(() => OptionsResponse({ allowedMethods: ['POST', 'PATCH'] })),
-		ALL: () => Effect.try(() => AllResponse()),
-	},
-	{
-		cors: { methods: ['POST', 'PATCH', 'OPTIONS'] },
-		// biome-ignore lint/suspicious/noExplicitAny: allows for better error handling
-		onError: (error: any) => {
-			console.error('API Error:', error);
-			const isClientError =
-				error?.status === 400 ||
-				error?.name === 'SyntaxError' ||
-				error?._tag === 'ParseError' ||
-				error?._tag === 'JSONParseError' ||
-				(typeof error?.name === 'string' && error.name.includes('Schema'));
-			return createJsonResponse(
-				{ error: isClientError ? 'Invalid request body' : 'Internal Server Error' },
-				{ status: isClientError ? 400 : 500 }
-			);
-		},
-	}
-);

package/frontend/pages/studiocms_api/dashboard/plugins/[plugin].ts DELETED Viewed

@@ -1,80 +0,0 @@
-import { apiResponseLogger } from 'studiocms:logger';
-import pluginList from 'studiocms:plugins';
-import { settingsEndpoints } from 'studiocms:plugins/endpoints';
-import {
-	AllResponse,
-	createEffectAPIRoutes,
-	createJsonResponse,
-	Effect,
-	genLogger,
-	OptionsResponse,
-	pipe,
-} from '@withstudiocms/effect';
-import { StudioCMSAPIError } from '#frontend/utils/errors.js';
-export const { POST, OPTIONS, ALL } = createEffectAPIRoutes(
-	{
-		POST: (ctx) =>
-			genLogger('studiocms/routes/api/dashboard/plugins/[plugin].POST')(function* () {
-				// Get user data
-				const userData = ctx.locals.StudioCMS.security?.userSessionData;
-				// Check if user is logged in
-				if (!userData?.isLoggedIn) {
-					return apiResponseLogger(403, 'Unauthorized');
-				}
-				// Check if user has permission
-				const isAuthorized = ctx.locals.StudioCMS.security?.userPermissionLevel?.isAdmin === true;
-				if (!isAuthorized) {
-					return apiResponseLogger(403, 'Unauthorized');
-				}
-				const { plugin } = ctx.params;
-				const settingsPage = yield* Effect.try({
-					try: () =>
-						pipe(
-							pluginList.filter(({ settingsPage }) => !!settingsPage),
-							(p) => p.find(({ identifier }) => identifier === plugin),
-							(p) => {
-								if (!p) {
-									return apiResponseLogger(404, 'Plugin not found');
-								}
-								const settingsPage = settingsEndpoints.find(
-									({ identifier }) => identifier === plugin
-								);
-								if (!settingsPage) {
-									return apiResponseLogger(404, 'Plugin does not have a settings page');
-								}
-								return settingsPage;
-							}
-						),
-					catch: (cause) =>
-						new StudioCMSAPIError({
-							message: 'An error occurred while fetching plugin settings page',
-							cause,
-						}),
-				});
-				if (settingsPage instanceof Response) {
-					return settingsPage;
-				}
-				if (!settingsPage.onSave) {
-					return apiResponseLogger(404, 'Plugin does not have a settings page');
-				}
-				return settingsPage.onSave(ctx);
-			}),
-		OPTIONS: () => Effect.try(() => OptionsResponse({ allowedMethods: ['POST'] })),
-		ALL: () => Effect.try(() => AllResponse()),
-	},
-	{
-		cors: { methods: ['POST', 'OPTIONS'] },
-		onError: (error) => {
-			console.error('API Error:', error);
-			return createJsonResponse({ error: 'Internal Server Error' }, { status: 500 });
-		},
-	}
-);