fix: cms preview, media tenant isolation, post hero image, test-migration#420
Merged
fix: cms preview, media tenant isolation, post hero image, test-migration#420
Conversation
|
|
|
View your CI Pipeline Execution ↗ for commit f017db3
☁️ Nx Cloud last updated this comment at |
There was a problem hiding this comment.
Pull request overview
This PR improves Payload CMS preview safety/behavior, strengthens multi-tenant media isolation (including S3 key prefixing), fixes post image rendering (embedded image blocks + hero images), and hardens the DB migration test harness readiness check.
Changes:
- Updates preview handling (open-redirect prevention, draft-mode behavior) and adds middleware to clear stale draft cookies after logout/session expiry.
- Implements tenant-aware media storage (tenant filename prefixing +
prefixfield) and updates rendering/UI types to support clean display (filenameWithoutPrefix) and correct URL joining. - Fixes CMS renderer image support (register
imageblock converter, useImageBlockfor hero images) and adjusts migration-test Postgres readiness polling to use host TCP.
Reviewed changes
Copilot reviewed 15 out of 17 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| tools/db-tools/lib/test-migration.ts | Polls Postgres readiness via host TCP psql instead of container socket checks |
| package.json | Bumps Payload and related plugin versions to ~3.71.0 |
| pnpm-lock.yaml | Locks updated Payload ecosystem dependencies and transitive updates |
| packages/nx-payload/src/utils/versions.ts | Aligns workspace-wide Payload ESM version to ~3.71.0 |
| apps/web/package.json | Updates @payloadcms/richtext-lexical to ~3.71.0 |
| apps/cms/src/app/api/preview/route.ts | Tightens preview redirect validation and enables draft mode for authenticated admins |
| apps/cms/src/middleware.ts | Clears stale __prerender_bypass when payload-token is missing |
| apps/cms/src/collections/media/media.collection.ts | Adds tenant-based filename prefixing + prefix/filenameWithoutPrefix fields and compound uniqueness |
| apps/cms/src/migrations/index.ts | Registers new migration 20260422_222457_cod_383 |
| apps/cms/src/migrations/20260422_222457_cod_383.ts | Adds media prefix + filename_without_prefix columns and index changes |
| libs/shared/util/payload-types/src/lib/payload-types.ts | Extends generated types with prefix and filenameWithoutPrefix |
| libs/shared/ui/cms-renderer/src/lib/render/RenderPost.tsx | Renders hero image via ImageBlock |
| libs/shared/ui/cms-renderer/src/lib/blocks/RichText.tsx | Registers image block converter so embedded images render |
| libs/shared/ui/cms-renderer/src/lib/blocks/ImageBlock.tsx | Fixes URL joining and supports hiding captions for hero usage |
| libs/shared/ui/cms-renderer/src/lib/blocks/MediaBlock.tsx | Fixes URL joining for media rendering |
| libs/shared/ui/cms-renderer/src/lib/blocks/FileAreaBlock.tsx | Uses filenameWithoutPrefix for display in file areas |
Files not reviewed (1)
- pnpm-lock.yaml: Language not supported
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
✨ Your pull request projects are ready for preview
|
hakalb
force-pushed
the
fix/cms-preview-route-redirect
branch
from
6ddb812 to
854fa56
Compare
|
✨ Your pull request projects are ready for preview
|
hakalb
force-pushed
the
fix/cms-preview-route-redirect
branch
from
854fa56 to
923435a
Compare
hakalb
force-pushed
the
fix/cms-preview-route-redirect
branch
from
923435a to
f017db3
Compare
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## main #420 +/- ##
===========================================
+ Coverage 43.77% 64.18% +20.41%
===========================================
Files 128 207 +79
Lines 1558 5350 +3792
Branches 334 734 +400
===========================================
+ Hits 682 3434 +2752
- Misses 831 1866 +1035
- Partials 45 50 +5 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
__prerender_bypasscookie when nopayload-tokenis presentprefixfield, compound unique index(filename, prefix)to prevent cross-tenant collisions on re-seed;filenameWithoutPrefixcomputed field for clean admin displayimageblock inRichTextJSX converters (it was missing — blocks embedded in post content were silently dropped); fix URL construction double-slash inImageBlock; useImageBlockfor hero image rendering inRenderPostSELECT 1) instead of the UNIX socket inside the container, preventing a race where psql connects before PostgreSQL's TCP port is fully boundTest plan
moon/moon-*.jpg,star/star-*.jpg, etc.) with no duplicate-filename errors on re-seedimageblock — verify image renders correctlypnpm cdwr→test-migration— verify schema restore no longer fails with "server closed the connection unexpectedly"🤖 Generated with Claude Code