eksa-framework 3.3.2 → 3.4.3

data/exe/eksa

@@ -10,7 +10,9 @@ def usage
   puts "  eksa init              - Inisialisasi project baru"
   puts "  eksa g controller NAME - Generate controller baru"
   puts "  eksa g model NAME      - Generate model baru"
-  puts "  eksa g post TITLE      - Generate blog post markdown baru"
+  puts "  eksa g post TITLE      - Post baru [args: --category, --author, --image]"
+  puts "  eksa feature ACTION F  - Toggle fitur: action=enable/disable, F=cms/auth"
+  puts "  eksa reset-password USR PWD - Reset password akun admin"
   puts "  eksa run               - Jalankan server aplikasi"
   puts "-----------------------------\n"
 end
@@ -115,16 +117,23 @@ def generate_model(name)
   puts "  [OK] Created #{file_path}"
 end
 
-def generate_post(title)
+def generate_post(title, options = {})
   FileUtils.mkdir_p("_posts")
   date = Time.now.strftime("%Y-%m-%d")
   slug = title.downcase.strip.gsub(' ', '-').gsub(/[^\w-]/, '')
   filename = "_posts/#{date}-#{slug}.md"
 
+  author = options[:author] || ""
+  category = options[:category] || "Uncategorized"
+  image = options[:image] || ""
+
   content = <<~MARKDOWN
     ---
     title: "#{title}"
     date: #{Time.now.strftime("%Y-%m-%d %H:%M:%S")}
+    author: "#{author}"
+    category: "#{category}"
+    image: "#{image}"
     ---
 
     Tulis konten blog Anda di sini...
@@ -135,6 +144,67 @@ def generate_post(title)
   puts "  [OK] Created #{filename}"
 end
 
+def toggle_feature(action, feature)
+  valid_features = ['cms', 'auth']
+  
+  unless valid_features.include?(feature)
+    puts "❌ Error: Fitur tidak dikenali. Pilihan: #{valid_features.join(', ')}"
+    return
+  end
+  
+  unless ['enable', 'disable'].include?(action)
+    puts "❌ Error: Aksi tidak dikenali. Gunakan 'enable' atau 'disable'."
+    return
+  end
+  
+  config_path = File.join(Dir.pwd, '.eksa.json')
+  
+  begin
+    config = File.exist?(config_path) ? JSON.parse(File.read(config_path)) : { 'cms' => false, 'auth' => false }
+  rescue JSON::ParserError
+    config = { 'cms' => false, 'auth' => false }
+  end
+  
+  config[feature] = (action == 'enable')
+  
+  File.write(config_path, JSON.pretty_generate(config))
+  
+  status_color = action == 'enable' ? "✅ Aktif" : "🚫 Nonaktif"
+  puts "⚙️ Fitur '#{feature}' berhasil di #{status_color}."
+  
+  if action == 'enable' && feature == 'cms'
+    puts "   Tip: Pastikan Anda juga mengaktifkan 'auth' agar CMS Anda aman."
+  end
+end
+
+def reset_password(username, password)
+  require 'bcrypt'
+  require 'sqlite3'
+  db_path = File.join(Dir.pwd, 'db', 'eksa_app.db')
+  
+  unless File.exist?(db_path)
+    puts "❌ Error: Database tidak ditemukan. Pastikan project sudah diinisialisasi."
+    return
+  end
+  
+  db = SQLite3::Database.new(db_path)
+  
+  begin
+    user = db.execute("SELECT id FROM eksa_users WHERE username = ? LIMIT 1", [username]).first
+  rescue SQLite3::SQLException
+    puts "❌ Error: Tabel user tidak ditemukan. Apakah Anda sudah mengaktifkan auth?"
+    return
+  end
+  
+  if user
+    hash = BCrypt::Password.create(password)
+    db.execute("UPDATE eksa_users SET password_hash = ? WHERE username = ?", [hash, username])
+    puts "✅ Akses dipulihkan! Password untuk admin '#{username}' berhasil diubah."
+  else
+    puts "❌ Error: User '#{username}' tidak ditemukan dalam database."
+  end
+end
+
 def start_server
   if File.exist?('config.ru')
     puts "🚀 Memulai Eksa Framework Server..."
@@ -160,10 +230,35 @@ when 'g', 'generate'
   elsif subcommand == 'model' && name
     generate_model(name)
   elsif subcommand == 'post' && name
-    generate_post(name)
+    options = {}
+    while (arg = ARGV.shift)
+      case arg
+      when '--category' then options[:category] = ARGV.shift
+      when '--author'   then options[:author] = ARGV.shift
+      when '--image'    then options[:image] = ARGV.shift
+      end
+    end
+    generate_post(name, options)
+  else
+    usage
+  end
+when 'feature'
+  action = ARGV.shift
+  feature = ARGV.shift
+  if action && feature
+    require 'json'
+    toggle_feature(action, feature)
   else
     usage
   end
+when 'reset-password'
+  username = ARGV.shift
+  password = ARGV.shift
+  if username && password
+    reset_password(username, password)
+  else
+    puts "❌ Error: Argumen tidak lengkap. Gunakan: eksa reset-password USERNAME NEW_PASSWORD"
+  end
 else
   usage
 end

data/lib/eksa/auth_controller.rb

@@ -0,0 +1,50 @@
+module Eksa
+  class AuthController < Eksa::Controller
+    def login
+      return redirect_to "/cms" if current_user
+      render_internal 'auth/login'
+    end
+
+    def register
+      return redirect_to "/cms" if current_user
+      @admin_exists = Eksa::User.all.any?
+      render_internal 'auth/register'
+    end
+
+    def process_login
+      username = params['username']
+      password = params['password']
+      
+      user = Eksa::User.authenticate(username, password)
+      if user
+        session['user_id'] = user[:id]
+        redirect_to "/cms", notice: "Selamat datang kembali, #{username}!"
+      else
+        redirect_to "/auth/login", notice: "Username atau password salah."
+      end
+    end
+
+    def process_register
+      if Eksa::User.all.any?
+        return redirect_to "/auth/login", notice: "Registrasi ditutup. Hanya satu admin yang diizinkan."
+      end
+
+      username = params['username']
+      password = params['password']
+      
+      if username && !username.empty? && password && password.length >= 6
+        Eksa::User.create(username, password)
+        user = Eksa::User.authenticate(username, password)
+        session['user_id'] = user[:id]
+        redirect_to "/cms", notice: "Akun berhasil dibuat. Selamat datang!"
+      else
+        redirect_to "/auth/register", notice: "Data tidak valid. Password minimal 6 karakter."
+      end
+    end
+
+    def logout
+      session.delete('user_id')
+      redirect_to "/", notice: "Anda telah berhasil logout."
+    end
+  end
+end

data/lib/eksa/cms_controller.rb

@@ -0,0 +1,110 @@
+module Eksa
+  class CmsController < Eksa::Controller
+    def index
+      return unless require_auth
+      
+      @posts = Eksa::MarkdownPost.all(include_unpublished: true)
+      render_internal 'cms/index'
+    end
+
+    def edit
+      return unless require_auth
+      
+      slug = params['slug']
+      @post = Eksa::MarkdownPost.find(slug)
+      
+      if @post
+        render_internal 'cms/edit'
+      else
+        redirect_to "/cms", notice: "Error: Postingan tidak ditemukan."
+      end
+    end
+
+    def update_post
+      return unless require_auth
+      
+      slug = params['slug']
+      post_path = File.join(Eksa::MarkdownPost::POSTS_DIR, "#{slug}.md")
+      
+      unless File.exist?(post_path)
+        return redirect_to "/cms", notice: "Error: Postingan tidak ditemukan."
+      end
+
+      # Existing metadata fetching to preserve unmodified keys like 'date' if not handling them
+      # We parse form params
+      title = params['title']
+      category = params['category']
+      author = params['author']
+      image = params['image']
+      content = params['content']
+      
+      # We'll re-read the original to preserve keys we aren't allowing to edit (like published status and date)
+      original_content = File.read(post_path, encoding: 'utf-8')
+      metadata = {}
+      
+      if original_content =~ /\A(---\s*\r?\n.*?\r?\n)^(---\s*\r?\n?)/m
+        metadata = YAML.safe_load($1, permitted_classes: [Time]) || {}
+      end
+      
+      # Update metadata with form values
+      metadata['title'] = title
+      metadata['category'] = category
+      metadata['author'] = author
+      metadata['image'] = image unless image.nil? || image.strip.empty?
+      
+      # Dump new YAML
+      new_yaml = YAML.dump(metadata)
+      
+      # Join with content
+      new_file_content = "#{new_yaml}---\n\n#{content}"
+      
+      # Write changes
+      File.write(post_path, new_file_content, encoding: 'utf-8')
+      
+      redirect_to "/cms", notice: "Postingan '#{title}' berhasil diperbarui."
+    end
+
+    def toggle_status
+      return unless require_auth
+      
+      slug = params['slug']
+      post_path = File.join(Eksa::MarkdownPost::POSTS_DIR, "#{slug}.md")
+      
+      if File.exist?(post_path)
+        content = File.read(post_path, encoding: 'utf-8')
+        
+        # Simple string replacement for published status in front matter
+        if content.match?(/^published:\s*false/m)
+          new_content = content.sub(/^published:\s*false/m, "published: true")
+          status = "diaktifkan"
+        elsif content.match?(/^published:\s*true/m)
+          new_content = content.sub(/^published:\s*true/m, "published: false")
+          status = "dinonaktifkan"
+        else
+          # If no published tag exists, it's implicitly true, so we set it to false
+          new_content = content.sub(/\A(---\r?\n)/) { "#{$1}published: false\n" }
+          status = "dinonaktifkan"
+        end
+        
+        File.write(post_path, new_content)
+        redirect_to "/cms", notice: "Postingan #{File.basename(post_path)} berhasil #{status}."
+      else
+        redirect_to "/cms", notice: "Error: Postingan tidak ditemukan."
+      end
+    end
+
+    def delete_post
+      return unless require_auth
+
+      slug = params['slug']
+      post_path = File.join(Eksa::MarkdownPost::POSTS_DIR, "#{slug}.md")
+
+      if File.exist?(post_path)
+        File.delete(post_path)
+        redirect_to "/cms", notice: "Postingan berhasil dihapus secara permanen."
+      else
+        redirect_to "/cms", notice: "Error: Postingan tidak ditemukan."
+      end
+    end
+  end
+end

data/lib/eksa/controller.rb

@@ -15,6 +15,23 @@ module Eksa
       @request.params
     end
 
+    def session
+      @request.session
+    end
+
+    def current_user
+      return @current_user if defined?(@current_user)
+      @current_user = session['user_id'] ? Eksa::User.find(session['user_id']) : nil
+    end
+
+    def require_auth
+      unless current_user
+        redirect_to "/auth/login", notice: "Anda harus login untuk mengakses halaman ini."
+        return false
+      end
+      true
+    end
+
     def stylesheet_tag(filename)
       "<link rel='stylesheet' href='/css/#{filename}.css'>"
     end
@@ -38,22 +55,31 @@ module Eksa
       variables.each { |k, v| instance_variable_set("@#{k}", v) }
 
       content_path = File.expand_path("./app/views/#{template_name}.html.erb")
+      internal_content_path = File.expand_path("../../eksa/views/#{template_name}.html.erb", __FILE__)
+      
       layout_path  = File.expand_path("./app/views/layout.html.erb")
+      internal_layout_path  = File.expand_path("../../eksa/views/layout.html.erb", __FILE__)
+
+      actual_content_path = File.exist?(content_path) ? content_path : internal_content_path
+      actual_layout_path = File.exist?(layout_path) ? layout_path : internal_layout_path
 
-      if File.exist?(content_path)
-        @content = ERB.new(File.read(content_path)).result(binding)
-        if File.exist?(layout_path)
-          ERB.new(File.read(layout_path)).result(binding)
+      if File.exist?(actual_content_path)
+        @content = ERB.new(File.read(actual_content_path)).result(binding)
+        if File.exist?(actual_layout_path)
+          ERB.new(File.read(actual_layout_path)).result(binding)
         else
           @content
         end
       else
         "<div class='glass' style='padding: 2rem; border-radius: 1rem; color: #ff5555; background: rgba(255,0,0,0.1); backdrop-filter: blur(10px);'>
           <h2 style='margin-top:0;'>⚠️ View Error</h2>
-          <p>Template <strong>#{template_name}</strong> tidak ditemukan di:</p>
-          <code style='display:block; background:rgba(0,0,0,0.2); padding:0.5rem; border-radius:0.5rem;'>#{content_path}</code>
+          <p>Template <strong>#{template_name}</strong> tidak ditemukan di app/views atau internal eksa/views.</p>
         </div>"
       end
     end
+
+    def render_internal(template_name, variables = {})
+      render(template_name, variables)
+    end
   end
 end

data/lib/eksa/markdown_post.rb

@@ -10,16 +10,19 @@ module Eksa
 
     POSTS_DIR = "_posts"
 
-    def self.all
+    def self.all(include_unpublished: false)
       return [] unless Dir.exist?(POSTS_DIR)
       
-      Dir.glob(File.join(POSTS_DIR, "*.md")).map do |file|
+      posts = Dir.glob(File.join(POSTS_DIR, "*.md")).map do |file|
         new(file)
-      end.sort_by { |p| p.date }.reverse
+      end
+      
+      posts.reject! { |p| !p.published? } unless include_unpublished
+      posts.sort_by { |p| p.date }.reverse
     end
 
     def self.find(slug)
-      all.find { |p| p.slug == slug }
+      all(include_unpublished: true).find { |p| p.slug == slug && p.published? }
     end
 
     def initialize(file_path)
@@ -36,6 +39,22 @@ module Eksa
       @metadata['date'] || File.mtime(File.join(POSTS_DIR, @filename))
     end
 
+    def author
+      @metadata['author'] || ""
+    end
+
+    def category
+      @metadata['category'] || "Uncategorized"
+    end
+
+    def image
+      @metadata['image'] || ""
+    end
+
+    def published?
+      @metadata.key?('published') ? @metadata['published'] : true
+    end
+
     def body_html
       Kramdown::Document.new(@content, input: 'GFM').to_html
     end

data/lib/eksa/user.rb

@@ -0,0 +1,47 @@
+module Eksa
+  class User < Eksa::Model
+    require 'bcrypt'
+
+    def self.setup_schema
+      db.execute <<~SQL
+        CREATE TABLE IF NOT EXISTS eksa_users (
+          id INTEGER PRIMARY KEY AUTOINCREMENT,
+          username TEXT UNIQUE,
+          password_hash TEXT,
+          created_at DATETIME DEFAULT CURRENT_TIMESTAMP
+        )
+      SQL
+    end
+
+    def self.all
+      db.execute("SELECT id, username FROM eksa_users")
+    end
+
+    def self.create(username, password)
+      hash = BCrypt::Password.create(password)
+      db.execute("INSERT INTO eksa_users (username, password_hash) VALUES (?, ?)", [username, hash])
+    end
+
+    def self.update_password(username, new_password)
+      hash = BCrypt::Password.create(new_password)
+      db.execute("UPDATE eksa_users SET password_hash = ? WHERE username = ?", [hash, username])
+    end
+
+    def self.authenticate(username, password)
+      user_data = db.execute("SELECT id, username, password_hash FROM eksa_users WHERE username = ? LIMIT 1", [username]).first
+      return nil unless user_data
+
+      stored_hash = BCrypt::Password.new(user_data[2])
+      if stored_hash == password
+        { id: user_data[0], username: user_data[1] }
+      else
+        nil
+      end
+    end
+
+    def self.find(id)
+      user_data = db.execute("SELECT id, username FROM eksa_users WHERE id = ? LIMIT 1", [id]).first
+      user_data ? { id: user_data[0], username: user_data[1] } : nil
+    end
+  end
+end

data/lib/eksa/version.rb

@@ -1,3 +1,3 @@
 module Eksa
-  VERSION = "3.3.2"
+  VERSION = "3.4.3"
 end

data/lib/eksa/views/auth/login.html.erb

@@ -0,0 +1,44 @@
+<div class="glass max-w-md mx-auto rounded-3xl p-8 animate__animated animate__fadeIn relative overflow-hidden">
+  <div class="absolute inset-0 bg-indigo-500/10 blur-3xl rounded-full translate-x-1/2 -translate-y-1/2"></div>
+  
+  <div class="relative z-10 text-center mb-8">
+    <div class="w-16 h-16 bg-white/10 rounded-2xl flex items-center justify-center mx-auto mb-4 border border-white/20 shadow-xl">
+      <i data-lucide="lock" class="w-8 h-8 text-indigo-300"></i>
+    </div>
+    <h1 class="text-3xl font-extrabold text-white tracking-tight mb-2">Masuk CMS</h1>
+    <p class="text-white/50 text-sm">Masuk untuk mengelola postingan blog Anda.</p>
+  </div>
+
+  <% if @flash && @flash[:notice] %>
+    <div class="relative z-10 mb-6 p-4 rounded-xl bg-red-500/20 border border-red-500/30 text-red-200 text-sm text-center font-medium animate__animated animate__shakeX">
+      <i data-lucide="alert-circle" class="w-4 h-4 inline-block mr-1 -mt-0.5"></i>
+      <%= @flash[:notice] %>
+    </div>
+  <% end %>
+
+  <form action="/auth/process_login" method="post" class="relative z-10 space-y-4">
+    <div>
+      <label class="block text-xs font-bold text-indigo-300 uppercase tracking-widest mb-2">Username</label>
+      <input type="text" name="username" required 
+             class="w-full bg-black/40 border border-white/10 rounded-xl px-4 py-3 text-white focus:outline-none focus:border-indigo-500 focus:ring-1 focus:ring-indigo-500 transition placeholder-white/20"
+             placeholder="Masukkan username...">
+    </div>
+    
+    <div>
+      <label class="block text-xs font-bold text-indigo-300 uppercase tracking-widest mb-2">Password</label>
+      <input type="password" name="password" required 
+             class="w-full bg-black/40 border border-white/10 rounded-xl px-4 py-3 text-white focus:outline-none focus:border-indigo-500 focus:ring-1 focus:ring-indigo-500 transition placeholder-white/20"
+             placeholder="••••••••">
+    </div>
+
+    <button type="submit" class="w-full mt-4 bg-indigo-600 hover:bg-indigo-500 text-white font-bold py-3 px-4 rounded-xl transition duration-300 shadow-lg shadow-indigo-600/30 flex items-center justify-center gap-2">
+      <i data-lucide="log-in" class="w-4 h-4"></i> Sign In
+    </button>
+  </form>
+
+  <div class="relative z-10 mt-6 text-center">
+    <p class="text-white/40 text-xs">Belum punya akun admin? 
+      <a href="/auth/register" class="text-indigo-400 hover:text-white transition font-medium">Register di sini</a>
+    </p>
+  </div>
+</div>

data/lib/eksa/views/auth/register.html.erb

@@ -0,0 +1,53 @@
+<div class="glass max-w-md mx-auto rounded-3xl p-8 animate__animated animate__fadeIn relative overflow-hidden">
+  <div class="absolute inset-0 bg-emerald-500/10 blur-3xl rounded-full translate-x-1/2 -translate-y-1/2"></div>
+  
+  <div class="relative z-10 text-center mb-8">
+    <div class="w-16 h-16 bg-white/10 rounded-2xl flex items-center justify-center mx-auto mb-4 border border-white/20 shadow-xl">
+      <i data-lucide="user-plus" class="w-8 h-8 text-emerald-300"></i>
+    </div>
+    <h1 class="text-3xl font-extrabold text-white tracking-tight mb-2">Registrasi Admin</h1>
+    <p class="text-white/50 text-sm">Buat akun untuk mengelola Eksa Framework.</p>
+  </div>
+
+  <% if @admin_exists %>
+    <div class="relative z-10 text-center bg-emerald-500/20 border border-emerald-500/30 rounded-xl p-6 text-emerald-200">
+      <i data-lucide="badge-check" class="w-12 h-12 mx-auto mb-3 text-emerald-400"></i>
+      <h2 class="text-lg font-bold mb-2 text-white">Akun Admin Sudah Dibuat</h2>
+      <p class="text-sm opacity-80 text-white/70">Hanya satu akun admin yang diizinkan untuk keamanan CMS.</p>
+    </div>
+  <% else %>
+  
+    <% if @flash && @flash[:notice] %>
+      <div class="relative z-10 mb-6 p-4 rounded-xl bg-red-500/20 border border-red-500/30 text-red-200 text-sm text-center font-medium animate__animated animate__shakeX">
+        <i data-lucide="alert-circle" class="w-4 h-4 inline-block mr-1 -mt-0.5"></i>
+        <%= @flash[:notice] %>
+      </div>
+    <% end %>
+
+    <form action="/auth/process_register" method="post" class="relative z-10 space-y-4">
+      <div>
+        <label class="block text-xs font-bold text-emerald-300 uppercase tracking-widest mb-2">Username</label>
+        <input type="text" name="username" required 
+               class="w-full bg-black/40 border border-white/10 rounded-xl px-4 py-3 text-white focus:outline-none focus:border-emerald-500 focus:ring-1 focus:ring-emerald-500 transition placeholder-white/20"
+               placeholder="Pilih username...">
+      </div>
+      
+      <div>
+        <label class="block text-xs font-bold text-emerald-300 uppercase tracking-widest mb-2">Password</label>
+        <input type="password" name="password" required minlength="6"
+               class="w-full bg-black/40 border border-white/10 rounded-xl px-4 py-3 text-white focus:outline-none focus:border-emerald-500 focus:ring-1 focus:ring-emerald-500 transition placeholder-white/20"
+               placeholder="Minimal 6 karakter">
+      </div>
+
+      <button type="submit" class="w-full mt-4 bg-emerald-600 hover:bg-emerald-500 text-white font-bold py-3 px-4 rounded-xl transition duration-300 shadow-lg shadow-emerald-600/30 flex items-center justify-center gap-2">
+        <i data-lucide="shield-check" class="w-4 h-4"></i> Buat Akun
+      </button>
+    </form>
+  <% end %>
+
+  <div class="relative z-10 mt-6 text-center">
+    <p class="text-white/40 text-xs">Sudah punya akun? 
+      <a href="/auth/login" class="text-emerald-400 hover:text-white transition font-medium">Login sekarang</a>
+    </p>
+  </div>
+</div>

data/lib/eksa/views/cms/edit.html.erb

@@ -0,0 +1,63 @@
+<div class="glass max-w-4xl mx-auto rounded-3xl p-10 text-white animate__animated animate__zoomIn animate__faster relative overflow-hidden">
+  <div class="absolute inset-0 bg-yellow-500/10 blur-3xl rounded-full translate-x-1/2 -translate-y-1/2"></div>
+  
+  <div class="relative z-10 flex items-center justify-between mb-8 pb-6 border-b border-white/10">
+    <div class="flex items-center gap-4">
+      <div class="w-14 h-14 bg-yellow-500/20 rounded-2xl flex items-center justify-center border border-yellow-500/30 shadow-xl shadow-yellow-500/20">
+        <i data-lucide="edit-3" class="w-7 h-7 text-yellow-300"></i>
+      </div>
+      <div>
+        <h1 class="text-3xl font-extrabold tracking-tight">Edit <span class="text-yellow-300">Post</span></h1>
+        <p class="text-white/50 text-sm mt-1">Mengedit <%= @post.filename %></p>
+      </div>
+    </div>
+    <a href="/cms" class="px-4 py-2 bg-white/5 hover:bg-white/10 rounded-xl transition border border-white/10 text-sm font-medium flex items-center gap-2">
+      <i data-lucide="arrow-left" class="w-4 h-4"></i> Kembali
+    </a>
+  </div>
+
+  <form action="/cms/update/<%= @post.slug %>" method="post" class="relative z-10 space-y-6">
+    <div class="grid grid-cols-1 md:grid-cols-2 gap-6">
+      <div class="space-y-2">
+        <label class="block text-xs font-bold text-yellow-300 uppercase tracking-widest">Judul Postingan</label>
+        <input type="text" name="title" value="<%= @post.title %>" required
+               class="w-full bg-black/40 border border-white/10 rounded-xl px-4 py-3 text-white focus:outline-none focus:border-yellow-500 focus:ring-1 focus:ring-yellow-500 transition">
+      </div>
+      
+      <div class="space-y-2">
+        <label class="block text-xs font-bold text-yellow-300 uppercase tracking-widest">Kategori</label>
+        <input type="text" name="category" value="<%= @post.category %>" required
+               class="w-full bg-black/40 border border-white/10 rounded-xl px-4 py-3 text-white focus:outline-none focus:border-yellow-500 focus:ring-1 focus:ring-yellow-500 transition">
+      </div>
+
+      <div class="space-y-2">
+        <label class="block text-xs font-bold text-yellow-300 uppercase tracking-widest">Penulis (Author)</label>
+        <input type="text" name="author" value="<%= @post.author %>" required
+               class="w-full bg-black/40 border border-white/10 rounded-xl px-4 py-3 text-white focus:outline-none focus:border-yellow-500 focus:ring-1 focus:ring-yellow-500 transition">
+      </div>
+
+      <div class="space-y-2">
+        <label class="block text-xs font-bold text-yellow-300 uppercase tracking-widest">Image Thumbnail URL</label>
+        <input type="text" name="image" value="<%= @post.image %>"
+               class="w-full bg-black/40 border border-white/10 rounded-xl px-4 py-3 text-white focus:outline-none focus:border-yellow-500 focus:ring-1 focus:ring-yellow-500 transition"
+               placeholder="Contoh: header.jpg atau kosongkan">
+      </div>
+    </div>
+
+    <div class="space-y-2 pt-4">
+      <label class="block text-xs font-bold text-yellow-300 uppercase tracking-widest">Konten (Markdown)</label>
+      <div class="relative group">
+        <textarea name="content" required rows="15"
+                  class="w-full bg-black/40 border border-white/10 rounded-xl px-5 py-4 text-white focus:outline-none focus:border-yellow-500 focus:ring-1 focus:ring-yellow-500 font-mono text-sm leading-relaxed transition"><%= @post.content.strip %></textarea>
+        <!-- Decorative subtle icon -->
+        <i data-lucide="file-text" class="absolute bottom-4 right-4 w-12 h-12 text-white/5 pointer-events-none transition group-hover:text-yellow-500/10"></i>
+      </div>
+    </div>
+
+    <div class="pt-6 border-t border-white/5 flex justify-end">
+      <button type="submit" class="bg-yellow-500 hover:bg-yellow-400 text-yellow-950 font-bold py-3 px-8 rounded-xl transition duration-300 shadow-xl shadow-yellow-500/20 flex items-center gap-2">
+        <i data-lucide="save" class="w-5 h-5"></i> Simpan Perubahan
+      </button>
+    </div>
+  </form>
+</div>