@commonpub/layer 0.8.7 → 0.8.9

package/components/views/ArticleView.vue

@@ -275,7 +275,8 @@ useJsonLd({
           class="cpub-related-card"
         >
           <div class="cpub-related-card-thumb">
-            <i class="fa-solid fa-newspaper"></i>
+            <img v-if="(item as any).coverImageUrl" :src="(item as any).coverImageUrl" :alt="item.title" class="cpub-related-card-img" />
+            <i v-else class="fa-solid fa-newspaper"></i>
           </div>
           <div class="cpub-related-card-body">
             <div class="cpub-related-card-type">{{ item.type }}</div>
@@ -911,6 +912,14 @@ useJsonLd({
   opacity: 0.3;
 }
 
+.cpub-related-card-img {
+  width: 100%;
+  height: 100%;
+  object-fit: cover;
+  position: relative;
+  z-index: 1;
+}
+
 .cpub-related-card-thumb i {
   font-size: 22px;
   color: var(--text-faint);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@commonpub/layer",
-  "version": "0.8.7",
+  "version": "0.8.9",
   "type": "module",
   "main": "./nuxt.config.ts",
   "files": [
@@ -53,13 +53,13 @@
     "vue": "^3.4.0",
     "vue-router": "^4.3.0",
     "zod": "^4.3.6",
+    "@commonpub/config": "0.9.1",
+    "@commonpub/auth": "0.5.1",
     "@commonpub/docs": "0.6.2",
-    "@commonpub/learning": "0.5.0",
     "@commonpub/editor": "0.7.9",
-    "@commonpub/auth": "0.5.1",
+    "@commonpub/ui": "0.8.5",
     "@commonpub/protocol": "0.9.9",
-    "@commonpub/config": "0.9.1",
-    "@commonpub/ui": "0.8.5"
+    "@commonpub/learning": "0.5.0"
   },
   "devDependencies": {
     "@testing-library/jest-dom": "^6.9.1",

package/pages/explore.vue

@@ -539,9 +539,12 @@ const sortOptions = [
   padding: 24px 0;
 }
 
+@media (max-width: 1024px) {
+  .cpub-explore-hub-grid { grid-template-columns: 1fr; }
+}
+
 @media (max-width: 768px) {
   .cpub-explore-grid { grid-template-columns: 1fr; }
-  .cpub-explore-hub-grid { grid-template-columns: 1fr; }
   .cpub-explore-filters { flex-wrap: wrap; }
 }
 </style>

package/server/api/auth/sign-in-username.post.ts

@@ -33,13 +33,18 @@ export default defineEventHandler(async (event) => {
   }
 
   // Proxy to Better Auth's email sign-in (internal server-side call)
-  const origin = getRequestURL(event).origin;
+  // Forward Origin + Referer so Better Auth's CSRF protection accepts the request
+  const requestUrl = getRequestURL(event);
+  const origin = requestUrl.origin;
+  const clientOrigin = getRequestHeader(event, 'origin') || origin;
   const response = await $fetch.raw(`${origin}/api/auth/sign-in/email`, {
     method: 'POST',
     body: { email, password: body.password },
     headers: {
       'Content-Type': 'application/json',
       Cookie: getRequestHeader(event, 'cookie') ?? '',
+      Origin: clientOrigin,
+      Referer: getRequestHeader(event, 'referer') || `${clientOrigin}/auth/login`,
     },
   });
 

package/server/middleware/auth.ts

@@ -110,10 +110,13 @@ export default defineEventHandler(async (event) => {
     return;
   }
 
-  // Handle auth API routes — skip our custom federated/oauth2 routes (Nitro handles those)
-  const isBetterAuthRoute = pathname.startsWith('/api/auth')
-    && !pathname.startsWith('/api/auth/federated/')
-    && !pathname.startsWith('/api/auth/oauth2/');
+  // Handle auth API routes — skip custom routes that Nitro handles directly
+  const isCustomAuthRoute = pathname.startsWith('/api/auth/federated/')
+    || pathname.startsWith('/api/auth/oauth2/')
+    || pathname === '/api/auth/sign-in-username'
+    || pathname === '/api/auth/delete-user'
+    || pathname === '/api/auth/export-data';
+  const isBetterAuthRoute = pathname.startsWith('/api/auth') && !isCustomAuthRoute;
 
   if (isBetterAuthRoute) {
     try {