diff --git a/lib/directus.ts b/lib/directus.ts index bbbbd77b..a5740286 100644 --- a/lib/directus.ts +++ b/lib/directus.ts @@ -1,17 +1,18 @@ // lib/directus.ts -// Central Directus helpers used by API routes. Minimal hard-coding, robust parsing. +// Central Directus helpers used by API routes. const BASE = process.env.DIRECTUS_URL!; -const TOKEN_SUBMIT = -process.env.DIRECTUS_TOKEN_SUBMIT ?? -process.env.DIRECTUS_STATIC_TOKEN ?? -process.env.DIRECTUS_TOKEN ?? -""; +const TOKEN_SUBMIT = process.env.DIRECTUS_TOKEN_SUBMIT!; +const TOKEN_ADMIN_REGISTER = process.env.DIRECTUS_TOKEN_ADMIN_REGISTER || ""; +const ROLE_MEMBER_ID_ENV = process.env.DIRECTUS_ROLE_MEMBER_ID || ""; +const ROLE_MEMBER_NAME_ENV = process.env.DIRECTUS_ROLE_MEMBER_NAME || "Users"; + const PROJECTS_COLLECTION = process.env.DIRECTUS_PROJECTS_COLLECTION || "projects"; if (!BASE) console.warn("[directus] Missing DIRECTUS_URL"); -if (!TOKEN_SUBMIT) console.warn("[directus] Missing submit token (DIRECTUS_TOKEN_SUBMIT / DIRECTUS_STATIC_TOKEN / DIRECTUS_TOKEN)"); +if (!TOKEN_SUBMIT) console.warn("[directus] Missing DIRECTUS_TOKEN_SUBMIT"); +if (!TOKEN_ADMIN_REGISTER) console.warn("[directus] Missing DIRECTUS_TOKEN_ADMIN_REGISTER (used for registration)"); export function bytesFromMB(mb: number) { return Math.round(mb * 1024 * 1024); @@ -30,11 +31,7 @@ async function parseJsonSafe(res: Response) { return { json, text }; } -/** - * directusFetch: - * - Adds Authorization + Accept headers - * - Parses JSON safely and throws with readable error text on !ok - */ +/** directusFetch with the SUBMIT token (used by options + settings submit) */ export async function directusFetch( path: string, init?: RequestInit @@ -46,7 +43,30 @@ export async function directusFetch( Authorization: `Bearer ${TOKEN_SUBMIT}`, ...(init?.headers || {}), }, - cache: "no-store", + }); + + const { json, text } = await parseJsonSafe(res); + if (!res.ok) { + throw new Error(`Directus error ${res.status}: ${text || res.statusText}`); + } + return (json ?? {}) as T; +} + +/** Same as above, but uses the ADMIN REGISTER token */ +export async function directusAdminFetch( + path: string, + init?: RequestInit +): Promise { + if (!TOKEN_ADMIN_REGISTER) { + throw new Error("Missing DIRECTUS_TOKEN_ADMIN_REGISTER"); + } + const res = await fetch(`${BASE}${path}`, { + ...init, + headers: { + Accept: "application/json", + Authorization: `Bearer ${TOKEN_ADMIN_REGISTER}`, + ...(init?.headers || {}), + }, }); const { json, text } = await parseJsonSafe(res); @@ -57,9 +77,10 @@ export async function directusFetch( } /* ───────────────────────────────────────────────────────────── - * Folder lookup (by "path" = "/") with caching. - * Requires READ on directus_folders to fully resolve, but gracefully - * degrades (returns undefined) if forbidden/not found. + * On-the-fly folder lookup by "path" = "/" + * Caches results in-memory. If lookup is forbidden (403) or not found, + * we return undefined and uploads proceed without a folder. + * Requires READ on directus_folders (id,name,parent.name) to fully work. * ──────────────────────────────────────────────────────────── */ type FolderItem = { @@ -75,7 +96,7 @@ let folderListCacheAt = 0; async function fetchAllFolders(): Promise { try { const q = `/folders?fields=id,name,parent.id,parent.name&limit=500`; - const res = await directusFetch<{ data: FolderItem[] }>(q); + const res = await directusAdminFetch<{ data: FolderItem[] }>(q); return res?.data ?? []; } catch (e: any) { console.warn("[directus] fetchAllFolders failed:", e?.message || e); @@ -121,8 +142,10 @@ async function getFolderIdByPath(path: string): Promise { /** * uploadFile: - * Uploads a file and (optionally) sets the folder **at create time** - * so we don't need UPDATE permission on directus_files. + * Robustly uploads a file (Blob/File). Accepts optional folder routing: + * - options.folderId: direct UUID if you have it + * - options.folderNamePath: "/" lookup via /folders + * Also sets filename_download & optional title. */ export async function uploadFile( file: Blob | File, @@ -136,7 +159,11 @@ export async function uploadFile( let folderId = options?.folderId; if (!folderId && options?.folderNamePath) { - folderId = await getFolderIdByPath(options.folderNamePath); + try { + folderId = await getFolderIdByPath(options.folderNamePath); + } catch { + // ignore; proceed without a folder + } } if (folderId) form.set("folder", folderId); @@ -152,11 +179,14 @@ export async function uploadFile( const { json, text } = await parseJsonSafe(res); if (!res.ok) { throw new Error( - `File upload failed: status=${res.status} ${res.statusText} body=${(text || "").slice(0, 400) || ""}` + `File upload failed: status=${res.status} ${res.statusText} body=${(text || "").slice( + 0, + 400 + ) || ""}` ); } - const id = json?.data?.submission_id ?? json?.data?.id ?? json?.submission_id ?? json?.id; + const id = json?.data?.id ?? json?.id; if (!id) throw new Error("File upload succeeded but no id returned"); return { id: String(id) }; } @@ -165,51 +195,121 @@ export async function uploadFile( export async function createSettingsItem( collection: string, payload: any -): Promise<{ data: any }> { - return directusFetch<{ data: any }>(`/items/${collection}`, { +): Promise<{ data: { id: string } }> { + return directusFetch<{ data: { id: string } }>(`/items/${collection}`, { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify(payload), }); } -/** Project helpers (used by app/api/submit/project/route.ts) */ +/** ───────────────────────────────────────────────────────────── + * Project helpers (used by app/api/submit/project/route.ts) + * Collection can be overridden via DIRECTUS_PROJECTS_COLLECTION + * ──────────────────────────────────────────────────────────── */ + export async function createProjectRow( payload: any -): Promise<{ data: any }> { - return directusFetch<{ data: any }>(`/items/${PROJECTS_COLLECTION}`, { - method: "POST", - headers: { "Content-Type": "application/json" }, - body: JSON.stringify(payload), - }); +): Promise<{ data: { id: string } }> { + return directusFetch<{ data: { id: string } }>( + `/items/${PROJECTS_COLLECTION}`, + { + method: "POST", + headers: { "Content-Type": "application/json" }, + body: JSON.stringify(payload), + } + ); } export async function patchProject( id: string | number, payload: any -): Promise<{ data: any }> { - return directusFetch<{ data: any }>(`/items/${PROJECTS_COLLECTION}/${id}`, { - method: "PATCH", - headers: { "Content-Type": "application/json" }, - body: JSON.stringify(payload), - }); +): Promise<{ data: { id: string } }> { + return directusFetch<{ data: { id: string } }>( + `/items/${PROJECTS_COLLECTION}/${id}`, + { + method: "PATCH", + headers: { "Content-Type": "application/json" }, + body: JSON.stringify(payload), + } + ); } -// One-time diagnostic: log which role this token maps to (safe in prod) -(async () => { - if (!BASE || !TOKEN_SUBMIT) return; - try { - const r = await fetch(`${BASE}/users/me?fields=role.name`, { - headers: { Authorization: `Bearer ${TOKEN_SUBMIT}` }, - cache: "no-store", - }); - if (r.ok) { - const j = await r.json().catch(() => ({})); - console.log(`[directus] using role: ${j?.data?.role?.name ?? "unknown"}`); - } else { - console.warn(`[directus] whoami failed with ${r.status}`); - } - } catch (e: any) { - console.warn(`[directus] whoami error: ${e?.message ?? e}`); +/* ───────────────────────────────────────────────────────────── + * Auth helpers (registration / login support) + * ──────────────────────────────────────────────────────────── */ + +export async function resolveMemberRoleId(): Promise { + if (ROLE_MEMBER_ID_ENV) return ROLE_MEMBER_ID_ENV; + + // Fallback by role name (e.g., "Users") + const name = ROLE_MEMBER_NAME_ENV; + const q = `/roles?filter[name][_eq]=${encodeURIComponent( + name + )}&fields=id,name&limit=1`; + const { data } = await directusAdminFetch<{ data: Array<{ id: string }> }>(q); + const hit = data?.[0]?.id; + if (!hit) throw new Error(`Role not found: ${name}`); + return hit; +} + +/** Create a Directus user (username required, email optional). */ +export async function createDirectusUser(input: { + username: string; + password: string; + email?: string; + roleId?: string; +}): Promise<{ id: string }> { + const role = input.roleId || (await resolveMemberRoleId()); + + // If email is omitted, create a stable placeholder so login can still work. + const email = + input.email && input.email.trim() + ? input.email.trim() + : `${input.username}@noemail.local`; + + const res = await directusAdminFetch<{ data: { id: string } }>(`/users`, { + method: "POST", + headers: { "Content-Type": "application/json" }, + body: JSON.stringify({ + status: "active", + role, + username: input.username, + email, + password: input.password, + }), + }); + + return { id: String(res?.data?.id) }; +} + +/** Find user's email by username (returns null if not found) */ +export async function emailForUsername(username: string): Promise { + const q = `/users?filter[username][_eq]=${encodeURIComponent( + username + )}&fields=email&limit=1`; + const { data } = await directusAdminFetch<{ data: Array<{ email?: string }> }>( + q + ); + const em = data?.[0]?.email; + return em ? String(em) : null; +} + +/** Proxy Directus /auth/login and return tokens (email required here). */ +export async function loginDirectus(email: string, password: string) { + const res = await fetch(`${BASE}/auth/login`, { + method: "POST", + headers: { + Accept: "application/json", + "Content-Type": "application/json", + }, + body: JSON.stringify({ email, password }), + }); + + const { json, text } = await parseJsonSafe(res); + if (!res.ok) { + throw new Error(`Directus error ${res.status}: ${text || res.statusText}`); } -})(); + // Directus typically returns { data: { access_token, refresh_token, expires } } + return json?.data ?? json; +}