@autumnsgrove/groveengine 0.4.10 → 0.4.12
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -40,6 +40,7 @@
|
|
|
40
40
|
let cursorLine = $state(1);
|
|
41
41
|
let cursorCol = $state(1);
|
|
42
42
|
let isUpdating = $state(false);
|
|
43
|
+
let isProgrammaticUpdate = $state(false); // Flag to skip oninput during toolbar operations
|
|
43
44
|
|
|
44
45
|
// Image upload state
|
|
45
46
|
let isDragging = $state(false);
|
|
@@ -185,7 +186,7 @@
|
|
|
185
186
|
|
|
186
187
|
// Cursor position tracking
|
|
187
188
|
function updateCursorPosition() {
|
|
188
|
-
if (!textareaRef) return;
|
|
189
|
+
if (!textareaRef || isProgrammaticUpdate) return; // Skip during programmatic updates
|
|
189
190
|
const pos = textareaRef.selectionStart;
|
|
190
191
|
const textBefore = content.substring(0, pos);
|
|
191
192
|
const lines = textBefore.split("\n");
|
|
@@ -326,31 +327,41 @@
|
|
|
326
327
|
}
|
|
327
328
|
|
|
328
329
|
// Text manipulation helpers
|
|
329
|
-
function wrapSelection(before, after) {
|
|
330
|
+
async function wrapSelection(before, after) {
|
|
330
331
|
if (!textareaRef || isUpdating) return;
|
|
331
332
|
isUpdating = true;
|
|
333
|
+
isProgrammaticUpdate = true;
|
|
334
|
+
|
|
332
335
|
const start = textareaRef.selectionStart;
|
|
333
336
|
const end = textareaRef.selectionEnd;
|
|
334
337
|
const selectedText = content.substring(start, end);
|
|
335
338
|
content = content.substring(0, start) + before + selectedText + after + content.substring(end);
|
|
336
|
-
|
|
337
|
-
|
|
338
|
-
|
|
339
|
-
|
|
340
|
-
|
|
341
|
-
|
|
339
|
+
|
|
340
|
+
await tick(); // Wait for Svelte to update DOM
|
|
341
|
+
|
|
342
|
+
textareaRef.selectionStart = start + before.length;
|
|
343
|
+
textareaRef.selectionEnd = end + before.length;
|
|
344
|
+
textareaRef.focus();
|
|
345
|
+
|
|
346
|
+
isProgrammaticUpdate = false;
|
|
347
|
+
isUpdating = false;
|
|
342
348
|
}
|
|
343
349
|
|
|
344
|
-
function insertAtCursor(text) {
|
|
350
|
+
async function insertAtCursor(text) {
|
|
345
351
|
if (!textareaRef || isUpdating) return;
|
|
346
352
|
isUpdating = true;
|
|
353
|
+
isProgrammaticUpdate = true;
|
|
354
|
+
|
|
347
355
|
const start = textareaRef.selectionStart;
|
|
348
356
|
content = content.substring(0, start) + text + content.substring(start);
|
|
349
|
-
|
|
350
|
-
|
|
351
|
-
|
|
352
|
-
|
|
353
|
-
|
|
357
|
+
|
|
358
|
+
await tick(); // Wait for Svelte to update DOM
|
|
359
|
+
|
|
360
|
+
textareaRef.selectionStart = textareaRef.selectionEnd = start + text.length;
|
|
361
|
+
textareaRef.focus();
|
|
362
|
+
|
|
363
|
+
isProgrammaticUpdate = false;
|
|
364
|
+
isUpdating = false;
|
|
354
365
|
}
|
|
355
366
|
|
|
356
367
|
// Toolbar actions
|
|
@@ -366,19 +377,24 @@
|
|
|
366
377
|
insertAtCursor("");
|
|
367
378
|
}
|
|
368
379
|
|
|
369
|
-
function insertCodeBlock() {
|
|
380
|
+
async function insertCodeBlock() {
|
|
370
381
|
if (!textareaRef || isUpdating) return;
|
|
371
382
|
isUpdating = true;
|
|
383
|
+
isProgrammaticUpdate = true;
|
|
384
|
+
|
|
372
385
|
const start = textareaRef.selectionStart;
|
|
373
386
|
const end = textareaRef.selectionEnd;
|
|
374
387
|
const selectedText = content.substring(start, end);
|
|
375
388
|
const codeBlock = "```\n" + (selectedText || "code here") + "\n```";
|
|
376
389
|
content = content.substring(0, start) + codeBlock + content.substring(end);
|
|
377
|
-
|
|
378
|
-
|
|
379
|
-
|
|
380
|
-
|
|
381
|
-
|
|
390
|
+
|
|
391
|
+
await tick(); // Wait for Svelte to update DOM
|
|
392
|
+
|
|
393
|
+
textareaRef.selectionStart = textareaRef.selectionEnd = start + codeBlock.length;
|
|
394
|
+
textareaRef.focus();
|
|
395
|
+
|
|
396
|
+
isProgrammaticUpdate = false;
|
|
397
|
+
isUpdating = false;
|
|
382
398
|
}
|
|
383
399
|
|
|
384
400
|
function insertList() {
|
package/dist/utils/api.d.ts
CHANGED
|
@@ -2,6 +2,11 @@
|
|
|
2
2
|
* Client-side API utility with automatic CSRF token injection
|
|
3
3
|
* Provides fetch wrapper with security headers and error handling
|
|
4
4
|
*/
|
|
5
|
+
/**
|
|
6
|
+
* Get CSRF token from cookie or meta tag
|
|
7
|
+
* @returns {string|null} CSRF token or null if not found
|
|
8
|
+
*/
|
|
9
|
+
export function getCSRFToken(): string | null;
|
|
5
10
|
/**
|
|
6
11
|
* Fetch wrapper with automatic CSRF token injection
|
|
7
12
|
* @param {string} url - API endpoint URL
|
package/dist/utils/api.js
CHANGED
|
@@ -3,6 +3,26 @@
|
|
|
3
3
|
* Provides fetch wrapper with security headers and error handling
|
|
4
4
|
*/
|
|
5
5
|
|
|
6
|
+
/**
|
|
7
|
+
* Get CSRF token from cookie or meta tag
|
|
8
|
+
* @returns {string|null} CSRF token or null if not found
|
|
9
|
+
*/
|
|
10
|
+
export function getCSRFToken() {
|
|
11
|
+
if (typeof document === "undefined") return null; // SSR safety
|
|
12
|
+
|
|
13
|
+
// Try cookie first
|
|
14
|
+
const cookieToken = document.cookie
|
|
15
|
+
.split("; ")
|
|
16
|
+
.find((row) => row.startsWith("csrf_token="))
|
|
17
|
+
?.split("=")[1];
|
|
18
|
+
|
|
19
|
+
if (cookieToken) return cookieToken;
|
|
20
|
+
|
|
21
|
+
// Fallback to meta tag
|
|
22
|
+
const metaTag = document.querySelector('meta[name="csrf-token"]');
|
|
23
|
+
return metaTag?.getAttribute("content") || null;
|
|
24
|
+
}
|
|
25
|
+
|
|
6
26
|
/**
|
|
7
27
|
* Fetch wrapper with automatic CSRF token injection
|
|
8
28
|
* @param {string} url - API endpoint URL
|
|
@@ -11,20 +31,22 @@
|
|
|
11
31
|
* @throws {Error} If request fails
|
|
12
32
|
*/
|
|
13
33
|
export async function apiRequest(url, options = {}) {
|
|
14
|
-
const csrfToken =
|
|
34
|
+
const csrfToken = getCSRFToken();
|
|
35
|
+
const method = options.method?.toUpperCase() || "GET";
|
|
36
|
+
const isStateMutating = ["POST", "PUT", "DELETE", "PATCH"].includes(method);
|
|
15
37
|
|
|
16
38
|
// Debug logging
|
|
17
39
|
if (typeof console !== "undefined" && process.env.NODE_ENV !== "production") {
|
|
18
40
|
console.debug("[apiRequest]", {
|
|
19
41
|
url,
|
|
42
|
+
method,
|
|
20
43
|
csrfToken: csrfToken ? "present" : "missing",
|
|
44
|
+
isStateMutating,
|
|
21
45
|
});
|
|
22
46
|
}
|
|
23
47
|
|
|
24
48
|
// Build headers - don't set Content-Type for FormData (browser sets it with boundary)
|
|
25
49
|
const headers = {
|
|
26
|
-
...(csrfToken && { "X-CSRF-Token": csrfToken }),
|
|
27
|
-
...(csrfToken && { "csrf-token": csrfToken }), // fallback header
|
|
28
50
|
...options.headers,
|
|
29
51
|
};
|
|
30
52
|
|
|
@@ -33,9 +55,16 @@ export async function apiRequest(url, options = {}) {
|
|
|
33
55
|
headers["Content-Type"] = "application/json";
|
|
34
56
|
}
|
|
35
57
|
|
|
58
|
+
// Add CSRF token for state-changing requests
|
|
59
|
+
if (isStateMutating && csrfToken) {
|
|
60
|
+
headers["X-CSRF-Token"] = csrfToken;
|
|
61
|
+
headers["csrf-token"] = csrfToken; // fallback header
|
|
62
|
+
}
|
|
63
|
+
|
|
36
64
|
const response = await fetch(url, {
|
|
37
65
|
...options,
|
|
38
66
|
headers,
|
|
67
|
+
credentials: "include", // Include cookies
|
|
39
68
|
});
|
|
40
69
|
|
|
41
70
|
if (!response.ok) {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@autumnsgrove/groveengine",
|
|
3
|
-
"version": "0.4.
|
|
3
|
+
"version": "0.4.12",
|
|
4
4
|
"description": "Multi-tenant blog engine for Grove Platform. Features gutter annotations, markdown editing, magic code auth, and Cloudflare Workers deployment.",
|
|
5
5
|
"author": "AutumnsGrove",
|
|
6
6
|
"license": "MIT",
|