till/managarten
1
0
Fork 0
mirror of https://github.com/Memo-2023/mana-monorepo.git synced 2026-05-14 21:01:08 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
managarten/packages/website-blocks/src/moduleEmbed/ModuleEmbedInspectorFallback.svelte
Till JS 57be0f61b1 feat(website): M4 — forms + moduleEmbed 
Adds two new block types and the server-side infrastructure for
untrusted input + cross-module data embedding.

Forms:
- packages/website-blocks/src/form: declarative fields (text, email,
  tel, url, textarea, number) with required / maxLength / placeholder
  per field. Honeypot hidden input in the renderer; public-mode POST
  to a same-origin SvelteKit proxy that forwards to mana-api.
- apps/api: website.submissions table (schema.ts + 0001_submissions.sql)
  + POST /public/submit/:siteSlug/:blockId. Loads the current published
  snapshot, finds the form block, validates payload against its
  declared fields (trim, type check, length cap), rejects honeypot
  submissions silently, rate-limits per IP (10 / 5 min) in-memory.
  Unknown keys are dropped — clients can only submit declared fields.
- Owner-facing: GET/DELETE /sites/:id/submissions + SubmissionsView
  component + /(app)/website/[siteId]/submissions route. Shows
  incoming submissions with status pill + payload preview + delete.
- apps/mana/.../routes/s/[siteSlug]/__submit/[blockId]/+server.ts:
  same-origin proxy so form posts don't trigger CORS and IP / user-
  agent headers are forwarded via SvelteKit's trusted getClientAddress.

M4 first-pass does NOT wire target-module delivery (contacts / notify).
Submissions stay in the inbox until owner-side tool handlers land
(M4.x). `target` enum is intentionally `['inbox']` only for now.

moduleEmbed:
- packages/website-blocks/src/moduleEmbed: source dropdown
  (picture.board | library.entries), max-items, layout (grid | list),
  optional filter object. The `resolved` field on props is populated at
  publish time by the editor-side resolver — public renderer reads it
  directly, no Dexie / API round-trip needed.
- apps/mana/.../website/embeds.ts: per-source resolvers. picture.board
  enforces `isPublic=true`; library.entries respects filter.isFavorite
  / kind / status so owners can expose a subset (e.g. "my favorites").
- buildSnapshot() walks the tree after assembly and fills in
  block.props.resolved for every moduleEmbed. Publish slower, public
  visits fast. No cross-service call at render time.

Validation:
- pnpm run validate:all: 6/6 gates green
- pnpm run check (web): 0 errors, 0 warnings
- apps/api type-check: green

Apply Postgres with:
  psql "$DATABASE_URL" -f apps/api/drizzle/website/0001_submissions.sql

Plan: docs/plans/website-builder.md (M4 shipped)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 14:36:52 +02:00

98 lines
2.2 KiB
Svelte
Raw Blame History

<script lang="ts">
/**
* URL-style fallback for the pure-package inspector — the app-side
* override adds a board picker that queries Dexie.
*/
import type { BlockInspectorProps } from '../types';
import type { ModuleEmbedProps } from './schema';
let { block, onChange }: BlockInspectorProps<ModuleEmbedProps> = $props();
</script>
<div class="wb-inspector">
<label class="wb-field">
<span>Quelle</span>
<select
value={block.props.source}
onchange={(e) => onChange({ source: e.currentTarget.value as ModuleEmbedProps['source'] })}
>
<option value="picture.board">Picture-Board</option>
<option value="library.entries">Bibliothek</option>
</select>
</label>
<label class="wb-field">
<span>Quellen-ID</span>
<input
type="text"
value={block.props.sourceId}
oninput={(e) => onChange({ sourceId: e.currentTarget.value })}
placeholder="Board-ID oder leer für 'alle'"
/>
</label>
<label class="wb-field">
<span>Titel (optional)</span>
<input
type="text"
value={block.props.title}
oninput={(e) => onChange({ title: e.currentTarget.value })}
/>
</label>
<div class="wb-row">
<label class="wb-field">
<span>Layout</span>
<select
value={block.props.layout}
onchange={(e) => onChange({ layout: e.currentTarget.value as ModuleEmbedProps['layout'] })}
>
<option value="grid">Grid</option>
<option value="list">Liste</option>
</select>
</label>
<label class="wb-field">
<span>Max. Einträge</span>
<input
type="number"
min="1"
max="48"
value={block.props.maxItems}
oninput={(e) => onChange({ maxItems: parseInt(e.currentTarget.value, 10) || 12 })}
/>
</label>
</div>
</div>
<style>
.wb-inspector {
display: flex;
flex-direction: column;
gap: 1rem;
}
.wb-field {
display: flex;
flex-direction: column;
gap: 0.25rem;
}
.wb-field > span {
font-size: 0.75rem;
font-weight: 500;
opacity: 0.7;
}
.wb-field input,
.wb-field select {
padding: 0.4rem 0.6rem;
border-radius: 0.375rem;
border: 1px solid rgba(255, 255, 255, 0.12);
background: rgba(255, 255, 255, 0.04);
color: inherit;
font-size: 0.8125rem;
}
.wb-row {
display: grid;
grid-template-columns: 1fr 1fr;
gap: 0.5rem;
}
</style>
Reference in a new issue View git blame Copy permalink