feat: standard system hexes; new name; updated user flows

Author: ericrallen

README.md

@@ -2,15 +2,15 @@
 
 ![Hex v2](./public/hex-v2.png)
 
-Hex is an application for managing
+Project Hex is an application for managing
 [Hex Flower Engines](https://goblinshenchman.wordpress.com/2018/10/25/2d6-hex-power-flower/)
 for any tabletop game in the browser.
 
-**Disclaimer**: The [Hex Flower Engine](https://goblinshenchman.wordpress.com/hex-power-flower/) implementation that Hex uses was orignally described by [Goblin's Henchman](https://goblinshenchman.wordpress.com). Dead Villager Dead Adventurer Games and the Hex project take no credit for the Hex Flower Engine system and are not affiliated with Goblin's Henchman, but we are grateful for the work they put into designing the system and sharing it with the world. Consider supporting Goblin's Henchman's work by purchasing their products on DriveThruRPG: [https://www.drivethrurpg.com/en/publisher/9524/Goblin039s-Henchmanaffiliate_id%3D774882](https://www.drivethrurpg.com/en/publisher/9524/Goblin039s-Henchmanaffiliate_id%3D774882).
+**Disclaimer**: The [Hex Flower Engine](https://goblinshenchman.wordpress.com/hex-power-flower/) implementation that Hex uses was orignally described by [Goblin's Henchman](https://goblinshenchman.wordpress.com). Dead Villager Dead Adventurer Games and Project Hex take no credit for the Hex Flower Engine system and are not affiliated with Goblin's Henchman, but we are grateful for the work they put into designing the system and sharing it with the world. Consider supporting Goblin's Henchman's work by purchasing their products on DriveThruRPG: [https://www.drivethrurpg.com/en/publisher/9524/Goblin039s-Henchmanaffiliate_id%3D774882](https://www.drivethrurpg.com/en/publisher/9524/Goblin039s-Henchmanaffiliate_id%3D774882).
 
 ## Create and Share Hex Flower Engines
 
-In the Hex application, you can create your own Hex Flower Engines, share them with your players, and even publish them to the Garden, where other users can find them and use them in their own games.
+In the Project Hex application, you can create your own Hex Flower Engines, share them with your players, and even publish them to the Garden, where other users can find them and use them in their own games.
 
 The Hex Editor allows you to choose a label, icon, color, and description for each Hex cell, and also customize the Hex Flower Engine movement rules for each roll outcome for that cell.
 
@@ -24,11 +24,12 @@ The Hex Editor allows you to choose a label, icon, color, and description for ea
 
 The legacy version of this application is still hosted on GitHub Pages, but `v2` is a much better application for your needs and provides an interface for you to configure your own Hex Flower Engines.
 
-It currently supports two engines:
+It currently supports ~~two~~ three engines:
 
 - `Standard Hex Flower Engine`: basic hex flower engine with standard movement rules
   as described in the
   [article linked above](https://goblinshenchman.wordpress.com/2018/10/25/2d6-hex-power-flower/)
+- `Inverse Hex Flower Engine`: standard hex flower engine with inverted movement rules
 - `SKT Weather Engine`: modified hex flower engine built for a specific weather
   generator for a D&D campaign; rules are described
   [here](https://github.com/chrisman/skookums-and-dragons/wiki/House-rules#weather)

functions/api/admin/cascade-delete.ts

@@ -0,0 +1,89 @@
+// Admin API: Emergency cascade delete of engine and all forks
+// DELETE /api/admin/cascade-delete
+
+import type { Env } from '../../types';
+import { getAuthUser, json, errorResponse } from '../../utils';
+
+interface CascadeDeleteRequest {
+  engineId: string;
+  confirmation: string; // Engine name for confirmation
+}
+
+export const onRequestDelete: PagesFunction<Env> = async (context) => {
+  const { request, env } = context;
+
+  // Check authentication
+  const session = await getAuthUser(request, env);
+  if (!session) {
+    return errorResponse('Unauthorized', 401);
+  }
+
+  // Check admin status
+  const user = await env.DB.prepare(`
+    SELECT is_admin FROM profiles WHERE id = ?
+  `).bind(session.userId).first();
+
+  if (!user?.is_admin) {
+    return errorResponse('Admin access required', 403);
+  }
+
+  try {
+    const body = await request.json() as CascadeDeleteRequest;
+
+    if (!body.engineId || !body.confirmation) {
+      return errorResponse('Engine ID and confirmation are required', 400);
+    }
+
+    // Get the engine and verify confirmation
+    const engine = await env.DB.prepare(`
+      SELECT id, definition FROM engines WHERE id = ?
+    `).bind(body.engineId).first();
+
+    if (!engine) {
+      return errorResponse('Engine not found', 404);
+    }
+
+    const definition = JSON.parse(engine.definition as string);
+    const engineName = definition.name;
+
+    // Verify confirmation matches engine name
+    if (body.confirmation !== engineName) {
+      return errorResponse('Confirmation does not match engine name', 400);
+    }
+
+    // Get all forks of this engine
+    const forks = await env.DB.prepare(`
+      SELECT id FROM engines WHERE forked_from = ?
+    `).bind(body.engineId).all();
+
+    const forkIds = forks.results.map(f => f.id as string);
+
+    // Delete all forks first (CASCADE will handle related tables)
+    if (forkIds.length > 0) {
+      const placeholders = forkIds.map(() => '?').join(',');
+      await env.DB.prepare(`
+        DELETE FROM engines WHERE id IN (${placeholders})
+      `).bind(...forkIds).run();
+    }
+
+    // Delete the original engine (CASCADE will handle related tables)
+    await env.DB.prepare(`
+      DELETE FROM engines WHERE id = ?
+    `).bind(body.engineId).run();
+
+    const deletedCount = forkIds.length + 1;
+
+    console.log(`[ADMIN] Cascade deleted engine ${engineName} (${body.engineId}) and ${forkIds.length} forks by admin ${session.userId}`);
+
+    return json({
+      success: true,
+      deletedCount,
+      engineId: body.engineId,
+      engineName,
+      forksDeleted: forkIds.length,
+    });
+  } catch (error) {
+    console.error('Cascade delete error:', error);
+    return errorResponse('Failed to cascade delete engine', 500);
+  }
+};

functions/api/admin/unpublish.ts

@@ -0,0 +1,70 @@
+// Admin API: Unpublish an engine
+// POST /api/admin/unpublish
+
+import type { Env } from '../../types';
+import { getAuthUser, json, errorResponse } from '../../utils';
+
+interface UnpublishRequest {
+  engineId: string;
+}
+
+export const onRequestPost: PagesFunction<Env> = async (context) => {
+  const { request, env } = context;
+
+  // Check authentication
+  const session = await getAuthUser(request, env);
+  if (!session) {
+    return errorResponse('Unauthorized', 401);
+  }
+
+  // Check admin status
+  const user = await env.DB.prepare(`
+    SELECT is_admin FROM profiles WHERE id = ?
+  `).bind(session.userId).first();
+
+  if (!user?.is_admin) {
+    return errorResponse('Admin access required', 403);
+  }
+
+  try {
+    const body = await request.json() as UnpublishRequest;
+
+    if (!body.engineId) {
+      return errorResponse('Engine ID is required', 400);
+    }
+
+    // Check if engine exists and is public
+    const engine = await env.DB.prepare(`
+      SELECT id, visibility, definition FROM engines WHERE id = ?
+    `).bind(body.engineId).first();
+
+    if (!engine) {
+      return errorResponse('Engine not found', 404);
+    }
+
+    if (engine.visibility !== 'public') {
+      return errorResponse('Engine is not published', 400);
+    }
+
+    const now = new Date().toISOString();
+
+    // Unpublish the engine (set to private and record timestamp)
+    await env.DB.prepare(`
+      UPDATE engines
+      SET visibility = 'private',
+          unpublished_at = ?
+      WHERE id = ?
+    `).bind(now, body.engineId).run();
+
+    // Return updated engine
+    return json({
+      id: engine.id,
+      visibility: 'private',
+      unpublishedAt: now,
+      definition: JSON.parse(engine.definition as string),
+    });
+  } catch (error) {
+    console.error('Unpublish error:', error);
+    return errorResponse('Failed to unpublish engine', 500);
+  }
+};

functions/api/auth/me.ts

@@ -14,24 +14,25 @@ export const onRequestGet: PagesFunction<Env> = async (context) => {
 
   // Get user profile
   const user = await env.DB.prepare(`
-    SELECT id, email, display_name, avatar_url, is_admin, default_engine_id, created_at, updated_at, accept_terms, hex_newsletter_opt_in, dvda_newsletter_opt_in
+    SELECT id, email, display_name, avatar_url, is_admin, default_engine_id, default_editor_engine_id, created_at, updated_at, accept_terms, hex_newsletter_opt_in, dvda_newsletter_opt_in
     FROM profiles
     WHERE id = ?
   `).bind(session.userId).first();
-  
+
   if (!user) {
     return errorResponse('User not found', 404);
   }
 
   console.log("Fetched user profile:", user);
-  
+
   return json({
     id: user.id,
     email: user.email,
     displayName: user.display_name,
     avatarUrl: user.avatar_url,
     isAdmin: user.is_admin === 1,
     defaultEngineId: user.default_engine_id,
+    defaultEditorEngineId: user.default_editor_engine_id,
     createdAt: user.created_at,
     updatedAt: user.updated_at,
     acceptTerms: user.accept_terms,

functions/api/auth/profile.ts

@@ -30,18 +30,18 @@ export const onRequestPatch: PagesFunction<Env> = async (context) => {
     return errorResponse('Unauthorized', 401);
   }
 
-  let body: { displayName?: string; avatarIcon?: string | null; defaultEngineId?: string | null; acceptTerms?: boolean; hexNewsletterOptIn?: boolean; dvdaNewsletterOptIn?: boolean };
+  let body: { displayName?: string; avatarIcon?: string | null; defaultEngineId?: string | null; defaultEditorEngineId?: string | null; acceptTerms?: boolean; hexNewsletterOptIn?: boolean; dvdaNewsletterOptIn?: boolean };
 
   try {
     body = await request.json();
   } catch {
     return errorResponse('Invalid JSON body', 400);
   }
-  
-  const { displayName, avatarIcon, defaultEngineId, acceptTerms, hexNewsletterOptIn, dvdaNewsletterOptIn } = body;
+
+  const { displayName, avatarIcon, defaultEngineId, defaultEditorEngineId, acceptTerms, hexNewsletterOptIn, dvdaNewsletterOptIn } = body;
 
   const existingUser = await env.DB.prepare(`
-    SELECT id, email, display_name, avatar_url, is_admin, default_engine_id, accept_terms, hex_newsletter_opt_in, dvda_newsletter_opt_in
+    SELECT id, email, display_name, avatar_url, is_admin, default_engine_id, default_editor_engine_id, accept_terms, hex_newsletter_opt_in, dvda_newsletter_opt_in
     FROM profiles
     WHERE id = ?
   `).bind(session.userId).first();
@@ -78,13 +78,25 @@ export const onRequestPatch: PagesFunction<Env> = async (context) => {
   if (defaultEngineId !== undefined && defaultEngineId !== null) {
     // Check that the engine exists and belongs to the user
     const engine = await env.DB.prepare(`
-      SELECT id FROM engines WHERE id = ? AND owner_id = ?
+      SELECT id FROM engines WHERE id = ? AND (owner_id = ? OR is_system_default = 1)
     `).bind(defaultEngineId, session.userId).first();
-    
+
     if (!engine) {
       return errorResponse('Engine not found or not owned by user', 400);
     }
   }
+
+  // Validate default editor engine if provided
+  if (defaultEditorEngineId !== undefined && defaultEditorEngineId !== null) {
+    // Check that the engine exists and belongs to the user
+    const engine = await env.DB.prepare(`
+      SELECT id FROM engines WHERE id = ? AND (owner_id = ? OR is_system_default = 1)
+    `).bind(defaultEditorEngineId, session.userId).first();
+
+    if (!engine) {
+      return errorResponse('Editor engine not found or not owned by user', 400);
+    }
+  }
 
   // Build update query
   const updates: string[] = [];
@@ -104,7 +116,12 @@ export const onRequestPatch: PagesFunction<Env> = async (context) => {
     updates.push('default_engine_id = ?');
     values.push(defaultEngineId);
   }
- 
+
+  if (defaultEditorEngineId !== undefined) {
+    updates.push('default_editor_engine_id = ?');
+    values.push(defaultEditorEngineId);
+  }
+
   if (acceptTerms !== undefined) {
     updates.push('accept_terms = ?');
     values.push(acceptTerms ? '1' : '0');
@@ -135,7 +152,7 @@ export const onRequestPatch: PagesFunction<Env> = async (context) => {
 
   // Return updated user
   const user = await env.DB.prepare(`
-    SELECT id, email, display_name, avatar_url, is_admin, default_engine_id, accept_terms, hex_newsletter_opt_in, dvda_newsletter_opt_in
+    SELECT id, email, display_name, avatar_url, is_admin, default_engine_id, default_editor_engine_id, accept_terms, hex_newsletter_opt_in, dvda_newsletter_opt_in
     FROM profiles
     WHERE id = ?
   `).bind(session.userId).first();
@@ -144,25 +161,23 @@ export const onRequestPatch: PagesFunction<Env> = async (context) => {
     return errorResponse('User not found', 404);
   }
 
-  if (!!existingUser.hex_newsletter_opt_in !== !!hexNewsletterOptIn) {
-    try {
-      await subscribeToNewsletter(user?.email || "", env.HEX_NEWSLETTER_ID || "", hexNewsletterOptIn ? 1 : 0, env);
-    } catch (error) {
-      console.error("Failed to update Hex newsletter subscription:", error);
+  if (typeof user.email === "string" && user.email) {
+    if (!!existingUser.hex_newsletter_opt_in !== !!hexNewsletterOptIn) {
+      try {
+        await subscribeToNewsletter(user.email, env.HEX_NEWSLETTER_ID!, !!hexNewsletterOptIn, env);
+      } catch (error) {
+        console.error("Failed to update Hex newsletter subscription:", error);
+      }
     }
-  }
 
-  if (!!existingUser.dvda_newsletter_opt_in !== !!dvdaNewsletterOptIn) {
-    try {
-      await subscribeToNewsletter(user?.email || "", env.DVDA_NEWSLETTER_ID || "", dvdaNewsletterOptIn ? 1 : 0, env);
-    } catch (error) {
-      console.error("Failed to update DVDA newsletter subscription:", error);
+    if (!!existingUser.dvda_newsletter_opt_in !== !!dvdaNewsletterOptIn) {
+      try {
+        await subscribeToNewsletter(user.email, env.DVDA_NEWSLETTER_ID!, !!dvdaNewsletterOptIn, env);
+      } catch (error) {
+        console.error("Failed to update DVDA newsletter subscription:", error);
+      }
     }
   }
-
-  if (!existingUser.accept_terms && acceptTerms !== true) {
-    return errorResponse('You must accept the terms to use the service', 400);
-  }
 
   return json({
     id: user.id,
@@ -171,6 +186,7 @@ export const onRequestPatch: PagesFunction<Env> = async (context) => {
     avatarUrl: user.avatar_url,
     isAdmin: user.is_admin === 1,
     defaultEngineId: user.default_engine_id,
+    defaultEditorEngineId: user.default_editor_engine_id,
     acceptTerms: user.accept_terms === 1,
     hexNewsletterOptIn: user.hex_newsletter_opt_in === 1,
     dvdaNewsletterOptIn: user.dvda_newsletter_opt_in === 1,

functions/api/auth/verify.ts

@@ -41,7 +41,7 @@ export const onRequestGet: PagesFunction<Env> = async (context) => {
 
     // Find or create user
     let user = await env.DB.prepare(`
-      SELECT id, email, display_name, avatar_url, is_admin, created_at, updated_at
+      SELECT id, email, display_name, avatar_url, is_admin, created_at, updated_at, default_engine_id, default_editor_engine_id, accept_terms, hex_newsletter_opt_in, dvda_newsletter_opt_in
       FROM profiles
       WHERE email = ?
     `).bind(authToken.email).first<{
@@ -52,6 +52,11 @@ export const onRequestGet: PagesFunction<Env> = async (context) => {
       is_admin: number;
       created_at: string;
       updated_at: string;
+      default_engine_id: string | null;
+      default_editor_engine_id: string | null;
+      accept_terms: number;
+      hex_newsletter_opt_in: number;
+      dvda_newsletter_opt_in: number;
     }>();
 
     const isAdmin = isAdminEmail(authToken.email, env);
@@ -74,6 +79,11 @@ export const onRequestGet: PagesFunction<Env> = async (context) => {
         is_admin: isAdmin ? 1 : 0,
         created_at: new Date().toISOString(),
         updated_at: new Date().toISOString(),
+        default_engine_id: null,
+        default_editor_engine_id: null,
+        accept_terms: 0,
+        hex_newsletter_opt_in: 0,
+        dvda_newsletter_opt_in: 0,
       };
     } else if (isAdmin && !user.is_admin) {
       // Update admin status if needed
@@ -111,6 +121,13 @@ export const onRequestGet: PagesFunction<Env> = async (context) => {
         displayName: user.display_name,
         avatarUrl: user.avatar_url,
         isAdmin: user.is_admin === 1,
+        defaultEngineId: user.default_engine_id,
+        defaultEditorEngineId: user.default_editor_engine_id,
+        createdAt: user.created_at,
+        updatedAt: user.updated_at,
+        acceptTerms: user.accept_terms,
+        hexNewsletterOptIn: user.hex_newsletter_opt_in,
+        dvdaNewsletterOptIn: user.dvda_newsletter_opt_in,
       },
       accessToken,
       refreshToken,