@bbki.ng/backend 0.3.6 → 0.3.8

package/CHANGELOG.md

@@ -1,5 +1,17 @@
 # backend
 
+## 0.3.8
+
+### Patch Changes
+
+- 21296f0: update backend
+
+## 0.3.7
+
+### Patch Changes
+
+- 796a37a: remove unused code
+
 ## 0.3.6
 
 ### Patch Changes

package/migrations/001_add_posts.sql

@@ -0,0 +1,13 @@
+-- posts table for blog articles
+CREATE TABLE IF NOT EXISTS posts (
+  id TEXT PRIMARY KEY,
+  title TEXT NOT NULL UNIQUE,
+  content TEXT NOT NULL,
+  author TEXT DEFAULT 'bbki.ng',
+  created_at TEXT NOT NULL,
+  updated_at TEXT NOT NULL
+);
+
+-- indexes for common queries
+CREATE INDEX IF NOT EXISTS idx_posts_created_at ON posts(created_at DESC);
+CREATE INDEX IF NOT EXISTS idx_posts_title ON posts(title);

package/migrations/002_seed_test_data.sql

@@ -0,0 +1,15 @@
+-- Seed test data for local development
+INSERT INTO posts (id, title, content, author, created_at, updated_at) VALUES
+('test-post-001', 'Hello World', 'This is a test post for local development. Welcome to bbki.ng!', 'bbki.ng', datetime('now'), datetime('now')),
+('test-post-002', 'Second Post', 'Another test post to verify the posts list is working correctly.', 'bbki.ng', datetime('now', '-1 day'), datetime('now', '-1 day')),
+('test-post-003', 'Testing Markdown', '# Markdown Test
+
+This post tests **bold** and *italic* text.
+
+## Code Block
+```javascript
+const hello = "world";
+console.log(hello);
+```
+
+> A blockquote for testing.', 'bbki.ng', datetime('now', '-2 days'), datetime('now', '-2 days'));

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bbki.ng/backend",
-  "version": "0.3.6",
+  "version": "0.3.8",
   "type": "module",
   "dependencies": {
     "@simplewebauthn/server": "13.2.2",
@@ -20,7 +20,7 @@
     "prettier": "^3.2.0",
     "typescript": "^5.3.0",
     "wrangler": "^4.58.0",
-    "@bbki.ng/config": "1.0.4"
+    "@bbki.ng/config": "1.0.6"
   },
   "prettier": "@bbki.ng/config/prettier",
   "scripts": {

package/src/controllers/posts/add.controller.ts

@@ -0,0 +1,90 @@
+import { Context } from 'hono';
+import { HTTPException } from 'hono/http-exception';
+
+interface AddPostRequest {
+  title: string;
+  content: string;
+  author?: string;
+}
+
+const MAX_TITLE_LENGTH = 200;
+const MAX_CONTENT_LENGTH = 100000;
+
+export const addPost = async (c: Context) => {
+  try {
+    // Parse and validate request body
+    const body = await c.req.json<AddPostRequest>();
+
+    if (!body.title || typeof body.title !== 'string') {
+      throw new HTTPException(400, { message: 'Title is required' });
+    }
+
+    if (!body.content || typeof body.content !== 'string') {
+      throw new HTTPException(400, { message: 'Content is required' });
+    }
+
+    const title = body.title.trim();
+    const content = body.content.trim();
+
+    if (title.length === 0) {
+      throw new HTTPException(400, { message: 'Title cannot be empty' });
+    }
+
+    if (title.length > MAX_TITLE_LENGTH) {
+      throw new HTTPException(413, { message: `Title exceeds ${MAX_TITLE_LENGTH} chars` });
+    }
+
+    if (content.length === 0) {
+      throw new HTTPException(400, { message: 'Content cannot be empty' });
+    }
+
+    if (content.length > MAX_CONTENT_LENGTH) {
+      throw new HTTPException(413, { message: `Content exceeds ${MAX_CONTENT_LENGTH} chars` });
+    }
+
+    const author = (body.author ?? 'bbki.ng').trim();
+
+    // Check database availability
+    if (!c.env?.DB) {
+      throw new HTTPException(503, { message: 'Database unavailable' });
+    }
+
+    // Insert post
+    const id = crypto.randomUUID();
+    const now = new Date().toISOString();
+
+    try {
+      await c.env.DB.prepare(
+        'INSERT INTO posts (id, title, content, author, created_at, updated_at) VALUES (?, ?, ?, ?, ?, ?)'
+      )
+        .bind(id, title, content, author, now, now)
+        .run();
+    } catch (dbError: any) {
+      if (dbError.message?.includes('UNIQUE')) {
+        throw new HTTPException(409, { message: 'Post with this title already exists' });
+      }
+      throw dbError;
+    }
+
+    return c.json(
+      {
+        status: 'success',
+        data: { id, title, content, author, createdAt: now, updatedAt: now },
+      },
+      201
+    );
+  } catch (error) {
+    if (error instanceof HTTPException) {
+      return c.json({ status: 'error', message: error.message }, error.status);
+    }
+
+    console.error('Unexpected error:', error);
+    return c.json(
+      {
+        status: 'error',
+        message: 'Internal server error',
+      },
+      500
+    );
+  }
+};

package/src/controllers/posts/get.controller.ts

@@ -0,0 +1,42 @@
+import { Context } from 'hono';
+import { HTTPException } from 'hono/http-exception';
+
+export const getPost = async (c: Context) => {
+  try {
+    const title = c.req.param('title');
+
+    if (!title) {
+      throw new HTTPException(400, { message: 'Title is required' });
+    }
+
+    const result = await c.env.DB.prepare(
+      `SELECT id, title, content, author, created_at as createdAt, updated_at as updatedAt
+       FROM posts
+       WHERE title = ?`
+    )
+      .bind(title)
+      .first();
+
+    if (!result) {
+      throw new HTTPException(404, { message: 'Post not found' });
+    }
+
+    return c.json({
+      status: 'success',
+      data: result,
+    });
+  } catch (error) {
+    if (error instanceof HTTPException) {
+      return c.json({ status: 'error', message: error.message }, error.status);
+    }
+
+    console.error('Unexpected error:', error);
+    return c.json(
+      {
+        status: 'error',
+        message: 'Internal server error',
+      },
+      500
+    );
+  }
+};

package/src/controllers/posts/list.controller.ts

@@ -0,0 +1,25 @@
+import { Context } from 'hono';
+
+export const listPosts = async (c: Context) => {
+  try {
+    const { results } = await c.env.DB.prepare(
+      `SELECT id, title, content, author, created_at as createdAt, updated_at as updatedAt
+       FROM posts
+       ORDER BY created_at DESC`
+    ).all();
+
+    return c.json({
+      status: 'success',
+      data: results,
+    });
+  } catch (error: any) {
+    return c.json(
+      {
+        status: 'error',
+        message: 'Failed to fetch posts',
+        error: error.message,
+      },
+      500
+    );
+  }
+};

package/src/controllers/posts/remove.controller.ts

@@ -0,0 +1,47 @@
+import { Context } from 'hono';
+import { HTTPException } from 'hono/http-exception';
+
+export const removePost = async (c: Context) => {
+  try {
+    const id = c.req.param('id');
+
+    if (!id) {
+      throw new HTTPException(400, { message: 'Post ID is required' });
+    }
+
+    // Check database availability
+    if (!c.env?.DB) {
+      throw new HTTPException(503, { message: 'Database unavailable' });
+    }
+
+    // Check if post exists
+    const existingPost = await c.env.DB.prepare('SELECT id FROM posts WHERE id = ?')
+      .bind(id)
+      .first();
+
+    if (!existingPost) {
+      throw new HTTPException(404, { message: 'Post not found' });
+    }
+
+    // Delete post
+    await c.env.DB.prepare('DELETE FROM posts WHERE id = ?').bind(id).run();
+
+    return c.json({
+      status: 'success',
+      message: 'Post deleted successfully',
+    });
+  } catch (error) {
+    if (error instanceof HTTPException) {
+      return c.json({ status: 'error', message: error.message }, error.status);
+    }
+
+    console.error('Unexpected error:', error);
+    return c.json(
+      {
+        status: 'error',
+        message: 'Internal server error',
+      },
+      500
+    );
+  }
+};

package/src/controllers/posts/update.controller.ts

@@ -0,0 +1,101 @@
+import { Context } from 'hono';
+import { HTTPException } from 'hono/http-exception';
+
+interface UpdatePostRequest {
+  title: string;
+  content: string;
+  author?: string;
+}
+
+const MAX_TITLE_LENGTH = 200;
+const MAX_CONTENT_LENGTH = 100000;
+
+export const updatePost = async (c: Context) => {
+  try {
+    const id = c.req.param('id');
+
+    if (!id) {
+      throw new HTTPException(400, { message: 'Post ID is required' });
+    }
+
+    // Parse and validate request body
+    const body = await c.req.json<UpdatePostRequest>();
+
+    if (!body.title || typeof body.title !== 'string') {
+      throw new HTTPException(400, { message: 'Title is required' });
+    }
+
+    if (!body.content || typeof body.content !== 'string') {
+      throw new HTTPException(400, { message: 'Content is required' });
+    }
+
+    const title = body.title.trim();
+    const content = body.content.trim();
+
+    if (title.length === 0) {
+      throw new HTTPException(400, { message: 'Title cannot be empty' });
+    }
+
+    if (title.length > MAX_TITLE_LENGTH) {
+      throw new HTTPException(413, { message: `Title exceeds ${MAX_TITLE_LENGTH} chars` });
+    }
+
+    if (content.length === 0) {
+      throw new HTTPException(400, { message: 'Content cannot be empty' });
+    }
+
+    if (content.length > MAX_CONTENT_LENGTH) {
+      throw new HTTPException(413, { message: `Content exceeds ${MAX_CONTENT_LENGTH} chars` });
+    }
+
+    const author = (body.author ?? 'bbki.ng').trim();
+
+    // Check database availability
+    if (!c.env?.DB) {
+      throw new HTTPException(503, { message: 'Database unavailable' });
+    }
+
+    // Check if post exists
+    const existingPost = await c.env.DB.prepare('SELECT id FROM posts WHERE id = ?')
+      .bind(id)
+      .first();
+
+    if (!existingPost) {
+      throw new HTTPException(404, { message: 'Post not found' });
+    }
+
+    // Update post
+    const now = new Date().toISOString();
+
+    try {
+      await c.env.DB.prepare(
+        'UPDATE posts SET title = ?, content = ?, author = ?, updated_at = ? WHERE id = ?'
+      )
+        .bind(title, content, author, now, id)
+        .run();
+    } catch (dbError: any) {
+      if (dbError.message?.includes('UNIQUE')) {
+        throw new HTTPException(409, { message: 'Post with this title already exists' });
+      }
+      throw dbError;
+    }
+
+    return c.json({
+      status: 'success',
+      data: { id, title, content, author, updatedAt: now },
+    });
+  } catch (error) {
+    if (error instanceof HTTPException) {
+      return c.json({ status: 'error', message: error.message }, error.status);
+    }
+
+    console.error('Unexpected error:', error);
+    return c.json(
+      {
+        status: 'error',
+        message: 'Internal server error',
+      },
+      500
+    );
+  }
+};

package/src/index.ts

@@ -2,9 +2,11 @@ import app from './config/app.config';
 
 import { commentRouter } from './routes/comment.routes';
 import { streamingRouter } from './routes/streaming.routes';
+import { postsRouter } from './routes/posts.routes';
 
 app.route('comment', commentRouter);
 app.route('streaming', streamingRouter);
+app.route('posts', postsRouter);
 
 app.get('/', c => {
   return c.text('Hello Hono!');

package/src/routes/posts.routes.ts

@@ -0,0 +1,20 @@
+import { Hono } from 'hono';
+import { listPosts } from '../controllers/posts/list.controller';
+import { getPost } from '../controllers/posts/get.controller';
+import { addPost } from '../controllers/posts/add.controller';
+import { updatePost } from '../controllers/posts/update.controller';
+import { removePost } from '../controllers/posts/remove.controller';
+import { requireAuth } from '../utils/auth';
+
+const postsRouter = new Hono();
+
+// Public routes
+postsRouter.get('/', listPosts);
+postsRouter.get('/:title', getPost);
+
+// Protected routes (require API key)
+postsRouter.post('/', requireAuth, addPost);
+postsRouter.put('/:id', requireAuth, updatePost);
+postsRouter.delete('/:id', requireAuth, removePost);
+
+export { postsRouter };

package/src/types/index.ts

@@ -9,7 +9,7 @@ export type Passkey = {
   userId: string;
   publicKey: string; // base64url
   counter: number;
-  deviceType: "singleDevice" | "multiDevice";
+  deviceType: 'singleDevice' | 'multiDevice';
   backedUp: boolean;
   transports?: string[]; // 存为 JSON 字符串
 };
@@ -21,3 +21,12 @@ export type Streaming = {
   type?: string;
   createdAt: string;
 };
+
+export type Post = {
+  id: string;
+  title: string;
+  content: string;
+  author: string;
+  createdAt: string;
+  updatedAt: string;
+};

package/src/utils/auth.ts

@@ -0,0 +1,40 @@
+import { Context } from 'hono';
+import { HTTPException } from 'hono/http-exception';
+
+/**
+ * Timing-safe string comparison to prevent timing attacks
+ */
+export const timingSafeEqual = (a: string, b: string): boolean => {
+  if (a.length !== b.length) return false;
+  let result = 0;
+  for (let i = 0; i < a.length; i++) {
+    result |= a.charCodeAt(i) ^ b.charCodeAt(i);
+  }
+  return result === 0;
+};
+
+/**
+ * Validate API Key from request header
+ * Returns true if valid, false otherwise
+ */
+export const validateApiKey = (c: Context): boolean => {
+  const apiKey = c.req.header('x-api-key');
+  const streamApiKey = c.env?.STREAM_API_KEY;
+
+  if (!apiKey || !streamApiKey) {
+    return false;
+  }
+
+  return timingSafeEqual(apiKey, streamApiKey);
+};
+
+/**
+ * Middleware to require API Key authentication
+ * Throws HTTPException 401 if invalid
+ */
+export const requireAuth = async (c: Context, next: () => Promise<void>) => {
+  if (!validateApiKey(c)) {
+    throw new HTTPException(401, { message: 'Invalid API key' });
+  }
+  await next();
+};