till/managarten
1
0
Fork 0
mirror of https://github.com/Memo-2023/mana-monorepo.git synced 2026-05-14 21:21:10 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
managarten/packages/website-blocks/src/moduleEmbed/schema.ts
Till JS 57be0f61b1 feat(website): M4 — forms + moduleEmbed 
Adds two new block types and the server-side infrastructure for
untrusted input + cross-module data embedding.

Forms:
- packages/website-blocks/src/form: declarative fields (text, email,
  tel, url, textarea, number) with required / maxLength / placeholder
  per field. Honeypot hidden input in the renderer; public-mode POST
  to a same-origin SvelteKit proxy that forwards to mana-api.
- apps/api: website.submissions table (schema.ts + 0001_submissions.sql)
  + POST /public/submit/:siteSlug/:blockId. Loads the current published
  snapshot, finds the form block, validates payload against its
  declared fields (trim, type check, length cap), rejects honeypot
  submissions silently, rate-limits per IP (10 / 5 min) in-memory.
  Unknown keys are dropped — clients can only submit declared fields.
- Owner-facing: GET/DELETE /sites/:id/submissions + SubmissionsView
  component + /(app)/website/[siteId]/submissions route. Shows
  incoming submissions with status pill + payload preview + delete.
- apps/mana/.../routes/s/[siteSlug]/__submit/[blockId]/+server.ts:
  same-origin proxy so form posts don't trigger CORS and IP / user-
  agent headers are forwarded via SvelteKit's trusted getClientAddress.

M4 first-pass does NOT wire target-module delivery (contacts / notify).
Submissions stay in the inbox until owner-side tool handlers land
(M4.x). `target` enum is intentionally `['inbox']` only for now.

moduleEmbed:
- packages/website-blocks/src/moduleEmbed: source dropdown
  (picture.board | library.entries), max-items, layout (grid | list),
  optional filter object. The `resolved` field on props is populated at
  publish time by the editor-side resolver — public renderer reads it
  directly, no Dexie / API round-trip needed.
- apps/mana/.../website/embeds.ts: per-source resolvers. picture.board
  enforces `isPublic=true`; library.entries respects filter.isFavorite
  / kind / status so owners can expose a subset (e.g. "my favorites").
- buildSnapshot() walks the tree after assembly and fills in
  block.props.resolved for every moduleEmbed. Publish slower, public
  visits fast. No cross-service call at render time.

Validation:
- pnpm run validate:all: 6/6 gates green
- pnpm run check (web): 0 errors, 0 warnings
- apps/api type-check: green

Apply Postgres with:
  psql "$DATABASE_URL" -f apps/api/drizzle/website/0001_submissions.sql

Plan: docs/plans/website-builder.md (M4 shipped)

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-04-23 14:36:52 +02:00

68 lines
2.1 KiB
TypeScript
Raw Blame History

import { z } from 'zod';
/**
* Resolved item shape — every embed provider returns items in this
* normalized form so the renderer doesn't care about the source.
*/
export const EmbedItemSchema = z.object({
title: z.string(),
subtitle: z.string().optional(),
imageUrl: z.string().optional(),
/** External link — for library entries, a page URL. */
href: z.string().optional(),
});
export type EmbedItem = z.infer<typeof EmbedItemSchema>;
export const EmbedResolvedSchema = z.object({
items: z.array(EmbedItemSchema),
/** If resolution failed, the error message surfaces in public mode. */
error: z.string().optional(),
/** ISO timestamp of when resolution happened. */
resolvedAt: z.string().optional(),
});
/**
* Supported embed sources. Add new sources here + a matching provider
* in the editor's publish resolver.
*/
export const EmbedSourceSchema = z.enum(['picture.board', 'library.entries']);
export type EmbedSource = z.infer<typeof EmbedSourceSchema>;
export const ModuleEmbedSchema = z.object({
source: EmbedSourceSchema.default('picture.board'),
/** Target id — board id for picture, empty for "all entries" in library. */
sourceId: z.string().max(64).default(''),
/** Display title. Optional; renderer falls back to source default. */
title: z.string().max(160).default(''),
layout: z.enum(['grid', 'list']).default('grid'),
maxItems: z.number().int().min(1).max(48).default(12),
/**
* Optional filters depending on source. Library uses { isFavorite?,
* status?, kind? }; picture ignores them in M4.
*/
filter: z
.object({
isFavorite: z.boolean().optional(),
status: z.string().max(32).optional(),
kind: z.string().max(32).optional(),
})
.default({}),
/**
* Filled at publish time. The public renderer reads this directly —
* no Dexie, no API round-trip. The editor shows a "nicht aufgelöst"
* placeholder when missing.
*/
resolved: EmbedResolvedSchema.optional(),
});
export type ModuleEmbedProps = z.infer<typeof ModuleEmbedSchema>;
export const MODULE_EMBED_DEFAULTS: ModuleEmbedProps = {
source: 'picture.board',
sourceId: '',
title: '',
layout: 'grid',
maxItems: 12,
filter: {},
};
Reference in a new issue View git blame Copy permalink