@emdash-cms/cloudflare 0.0.1

package/dist/do-class-DY2Ba2RJ.mjs

@@ -0,0 +1,174 @@
+import { DurableObject } from "cloudflare:workers";
+
+//#region src/db/do-class.ts
+/**
+* EmDashPreviewDB — Durable Object for preview databases
+*
+* Each preview session gets its own DO with isolated SQLite storage.
+* The DO is populated from a snapshot of the source EmDash site
+* and serves read-only queries until its TTL expires.
+*
+* Not used in production — preview only.
+*/
+/** Default TTL for preview data (1 hour) */
+const DEFAULT_TTL_MS = 3600 * 1e3;
+/** Valid identifier pattern for snapshot table/column names */
+const SAFE_IDENTIFIER = /^[a-z_][a-z0-9_]*$/;
+/** SQL command prefixes that indicate read-only statements */
+const READ_PREFIXES = [
+	"SELECT",
+	"PRAGMA",
+	"EXPLAIN",
+	"WITH"
+];
+var EmDashPreviewDB = class extends DurableObject {
+	/**
+	* Execute a single SQL statement.
+	*
+	* Called via RPC from the Kysely driver connection.
+	*/
+	query(sql, params) {
+		const cursor = params?.length ? this.ctx.storage.sql.exec(sql, ...params) : this.ctx.storage.sql.exec(sql);
+		const rows = [];
+		for (const row of cursor) rows.push(row);
+		return {
+			rows,
+			changes: READ_PREFIXES.some((p) => sql.trimStart().toUpperCase().startsWith(p)) ? void 0 : cursor.rowsWritten
+		};
+	}
+	/**
+	* Execute multiple statements in a single synchronous transaction.
+	*
+	* Used for snapshot import.
+	*/
+	batch(statements) {
+		this.ctx.storage.transactionSync(() => {
+			for (const stmt of statements) if (stmt.params?.length) this.ctx.storage.sql.exec(stmt.sql, ...stmt.params);
+			else this.ctx.storage.sql.exec(stmt.sql);
+		});
+	}
+	/**
+	* Invalidate the cached snapshot so the next populateFromSnapshot call
+	* re-fetches from the source site.
+	*/
+	invalidateSnapshot() {
+		try {
+			this.ctx.storage.sql.exec("DELETE FROM _emdash_do_meta WHERE key = 'snapshot_fetched_at'");
+		} catch {}
+	}
+	/**
+	* Get snapshot metadata (generated-at timestamp).
+	* Returns null if the DO has no snapshot loaded.
+	*/
+	getSnapshotMeta() {
+		try {
+			const value = this.ctx.storage.sql.exec("SELECT value FROM _emdash_do_meta WHERE key = 'snapshot_generated_at'").one().value;
+			if (typeof value !== "string") return null;
+			return { generatedAt: value };
+		} catch {
+			return null;
+		}
+	}
+	/**
+	* Populate from a snapshot (preview mode).
+	*
+	* Fetches content from a source EmDash site and loads it into
+	* this DO's SQLite. Sets a TTL alarm for cleanup.
+	*/
+	async populateFromSnapshot(sourceUrl, signature, options) {
+		const ttlMs = (options?.ttl ?? DEFAULT_TTL_MS / 1e3) * 1e3;
+		try {
+			const meta = this.ctx.storage.sql.exec("SELECT value FROM _emdash_do_meta WHERE key = 'snapshot_fetched_at'").one();
+			const fetchedAt = Number(meta.value);
+			if (Date.now() - fetchedAt < ttlMs) {
+				this.ctx.storage.setAlarm(Date.now() + ttlMs);
+				const gen = this.ctx.storage.sql.exec("SELECT value FROM _emdash_do_meta WHERE key = 'snapshot_generated_at'").one();
+				return { generatedAt: String(gen.value) };
+			}
+		} catch (error) {
+			if (!(error instanceof Error) || !error.message.includes("no such table")) throw error;
+		}
+		const url = `${sourceUrl}/_emdash/api/snapshot${options?.drafts ? "?drafts=true" : ""}`;
+		const response = await fetch(url, {
+			headers: { "X-Preview-Signature": signature },
+			signal: AbortSignal.timeout(1e4)
+		});
+		if (!response.ok) {
+			const body = await response.text().catch(() => "");
+			throw new Error(`Snapshot fetch failed: ${response.status} ${response.statusText}${body ? ` — ${body}` : ""}`);
+		}
+		const snapshot = await response.json();
+		this.ctx.storage.transactionSync(() => {
+			this.dropAllTables();
+			this.applySnapshot(snapshot);
+		});
+		this.ctx.storage.setAlarm(Date.now() + ttlMs);
+		return { generatedAt: snapshot.generatedAt };
+	}
+	/**
+	* Set a cleanup alarm after the given number of seconds.
+	*
+	* Used by the playground middleware to set TTL after initialization
+	* is complete (initialization runs on the Worker side via RPC).
+	*/
+	setTtlAlarm(ttlSeconds) {
+		this.ctx.storage.setAlarm(Date.now() + ttlSeconds * 1e3);
+	}
+	/**
+	* Alarm handler — clean up expired preview/playground data.
+	*
+	* Drops all user tables to reclaim storage.
+	*/
+	alarm() {
+		this.dropAllTables();
+	}
+	/**
+	* Drop all user tables in the DO's SQLite database.
+	* Preserves SQLite and Cloudflare internal tables.
+	*/
+	dropAllTables() {
+		const tables = [...this.ctx.storage.sql.exec("SELECT name FROM sqlite_master WHERE type = 'table' AND name NOT LIKE 'sqlite_%' AND name NOT LIKE '_cf_%'")];
+		for (const row of tables) {
+			const name = String(row.name);
+			if (!SAFE_IDENTIFIER.test(name)) continue;
+			this.ctx.storage.sql.exec(`DROP TABLE IF EXISTS "${name}"`);
+		}
+	}
+	applySnapshot(snapshot) {
+		const validateSnapshotIdentifier = (name, context) => {
+			if (!SAFE_IDENTIFIER.test(name)) throw new Error(`Invalid ${context} in snapshot: ${JSON.stringify(name)}`);
+		};
+		this.ctx.storage.sql.exec(`
+			CREATE TABLE IF NOT EXISTS _emdash_do_meta (key TEXT PRIMARY KEY, value TEXT)
+		`);
+		for (const [tableName, rows] of Object.entries(snapshot.tables)) {
+			if (tableName === "_emdash_do_meta") continue;
+			if (!rows.length) continue;
+			validateSnapshotIdentifier(tableName, "table name");
+			const schemaInfo = snapshot.schema?.[tableName];
+			const columns = schemaInfo?.columns ?? Object.keys(rows[0]);
+			columns.forEach((c) => validateSnapshotIdentifier(c, `column name in ${tableName}`));
+			const colDefs = columns.map((c) => {
+				const colType = schemaInfo?.types?.[c] ?? "TEXT";
+				return `"${c}" ${[
+					"TEXT",
+					"INTEGER",
+					"REAL",
+					"BLOB",
+					"JSON"
+				].includes(colType.toUpperCase()) ? colType.toUpperCase() : "TEXT"}`;
+			}).join(", ");
+			this.ctx.storage.sql.exec(`CREATE TABLE IF NOT EXISTS "${tableName}" (${colDefs})`);
+			const placeholders = columns.map(() => "?").join(", ");
+			const insertSql = `INSERT INTO "${tableName}" (${columns.map((c) => `"${c}"`).join(", ")}) VALUES (${placeholders})`;
+			for (const row of rows) {
+				const values = columns.map((c) => row[c] ?? null);
+				this.ctx.storage.sql.exec(insertSql, ...values);
+			}
+		}
+		this.ctx.storage.sql.exec(`INSERT OR REPLACE INTO _emdash_do_meta VALUES ('snapshot_fetched_at', ?), ('snapshot_generated_at', ?)`, String(Date.now()), snapshot.generatedAt);
+	}
+};
+
+//#endregion
+export { EmDashPreviewDB as t };

package/dist/do-class-x5Xh_G62.d.mts

@@ -0,0 +1,73 @@
+import { DurableObject } from "cloudflare:workers";
+
+//#region src/db/do-class.d.ts
+/** Result shape returned by query() */
+interface QueryResult {
+  rows: Record<string, unknown>[];
+  /** Number of rows written. Undefined for read-only queries. */
+  changes?: number;
+}
+/** A single statement for batch execution */
+interface BatchStatement {
+  sql: string;
+  params?: unknown[];
+}
+declare class EmDashPreviewDB extends DurableObject {
+  /**
+   * Execute a single SQL statement.
+   *
+   * Called via RPC from the Kysely driver connection.
+   */
+  query(sql: string, params?: unknown[]): QueryResult;
+  /**
+   * Execute multiple statements in a single synchronous transaction.
+   *
+   * Used for snapshot import.
+   */
+  batch(statements: BatchStatement[]): void;
+  /**
+   * Invalidate the cached snapshot so the next populateFromSnapshot call
+   * re-fetches from the source site.
+   */
+  invalidateSnapshot(): void;
+  /**
+   * Get snapshot metadata (generated-at timestamp).
+   * Returns null if the DO has no snapshot loaded.
+   */
+  getSnapshotMeta(): {
+    generatedAt: string;
+  } | null;
+  /**
+   * Populate from a snapshot (preview mode).
+   *
+   * Fetches content from a source EmDash site and loads it into
+   * this DO's SQLite. Sets a TTL alarm for cleanup.
+   */
+  populateFromSnapshot(sourceUrl: string, signature: string, options?: {
+    drafts?: boolean;
+    ttl?: number;
+  }): Promise<{
+    generatedAt: string;
+  }>;
+  /**
+   * Set a cleanup alarm after the given number of seconds.
+   *
+   * Used by the playground middleware to set TTL after initialization
+   * is complete (initialization runs on the Worker side via RPC).
+   */
+  setTtlAlarm(ttlSeconds: number): void;
+  /**
+   * Alarm handler — clean up expired preview/playground data.
+   *
+   * Drops all user tables to reclaim storage.
+   */
+  alarm(): void;
+  /**
+   * Drop all user tables in the DO's SQLite database.
+   * Preserves SQLite and Cloudflare internal tables.
+   */
+  private dropAllTables;
+  private applySnapshot;
+}
+//#endregion
+export { EmDashPreviewDB as t };

package/dist/do-dialect-BhFcRSFQ.mjs

@@ -0,0 +1,58 @@
+import { t as D1Introspector } from "./d1-introspector-bZf0_ylK.mjs";
+import { SqliteAdapter, SqliteQueryCompiler } from "kysely";
+
+//#region src/db/do-dialect.ts
+var PreviewDODialect = class {
+	#config;
+	constructor(config) {
+		this.#config = config;
+	}
+	createAdapter() {
+		return new SqliteAdapter();
+	}
+	createDriver() {
+		return new PreviewDODriver(this.#config);
+	}
+	createQueryCompiler() {
+		return new SqliteQueryCompiler();
+	}
+	createIntrospector(db) {
+		return new D1Introspector(db);
+	}
+};
+var PreviewDODriver = class {
+	#config;
+	constructor(config) {
+		this.#config = config;
+	}
+	async init() {}
+	async acquireConnection() {
+		return new PreviewDOConnection(this.#config.getStub());
+	}
+	async beginTransaction() {}
+	async commitTransaction() {}
+	async rollbackTransaction() {}
+	async releaseConnection() {}
+	async destroy() {}
+};
+var PreviewDOConnection = class {
+	#stub;
+	constructor(stub) {
+		this.#stub = stub;
+	}
+	async executeQuery(compiledQuery) {
+		const sqlText = compiledQuery.sql;
+		const params = compiledQuery.parameters;
+		const result = await this.#stub.query(sqlText, params);
+		return {
+			rows: result.rows,
+			numAffectedRows: result.changes !== void 0 ? BigInt(result.changes) : void 0
+		};
+	}
+	async *streamQuery() {
+		throw new Error("Preview DO dialect does not support streaming");
+	}
+};
+
+//#endregion
+export { PreviewDODialect as t };

package/dist/do-playground-routes-CmwFeGwJ.mjs

@@ -0,0 +1,49 @@
+//#region src/db/do-playground-routes.ts
+/**
+* Playground mode route gating.
+*
+* Unlike preview mode (which blocks everything except read-only API routes),
+* playground mode allows most routes including the admin UI and write APIs.
+* Only auth, setup, and abuse-prone routes are blocked.
+*
+* Pure function -- no Worker or Cloudflare dependencies.
+*/
+/**
+* Routes blocked in playground mode.
+*
+* These are either security-sensitive (auth, setup, tokens, OAuth),
+* abuse-prone (media upload, plugin install), or pointless in a
+* temporary playground (snapshot export, user management).
+*/
+/**
+* Auth routes that ARE allowed in playground mode.
+* /auth/me is needed by the admin UI to identify the current user.
+*/
+const AUTH_ALLOWLIST = new Set(["/_emdash/api/auth/me"]);
+const BLOCKED_PREFIXES = [
+	"/_emdash/api/auth/",
+	"/_emdash/api/setup/",
+	"/_emdash/api/oauth/",
+	"/_emdash/api/tokens/",
+	"/_emdash/api/users/invite",
+	"/_emdash/api/plugins/install",
+	"/_emdash/api/plugins/marketplace",
+	"/_emdash/api/media/upload",
+	"/_emdash/api/snapshot"
+];
+/**
+* Check whether a request should be blocked in playground mode.
+*
+* Playground allows most CMS functionality: content CRUD, schema editing,
+* taxonomies, menus, widgets, search, settings, and the full admin UI.
+* Only auth, setup, user management, media uploads, and plugin
+* installation are blocked.
+*/
+function isBlockedInPlayground(pathname) {
+	if (AUTH_ALLOWLIST.has(pathname)) return false;
+	for (const prefix of BLOCKED_PREFIXES) if (pathname === prefix || pathname.startsWith(prefix)) return true;
+	return false;
+}
+
+//#endregion
+export { isBlockedInPlayground as t };

package/dist/do-types-CY0G0oyh.d.mts

@@ -0,0 +1,14 @@
+//#region src/db/do-types.d.ts
+/**
+ * Shared Durable Object config types (preview-only)
+ *
+ * Imported by both the config-time entry (index.ts) and the runtime entry (do.ts).
+ * This module must NOT import from cloudflare:workers so it stays safe at config time.
+ */
+/** Durable Object preview database configuration */
+interface PreviewDOConfig {
+  /** Wrangler binding name for the DO namespace */
+  binding: string;
+}
+//#endregion
+export { PreviewDOConfig as t };

package/dist/images-4RT9Ag8_.d.mts

@@ -0,0 +1,76 @@
+import { MediaProviderDescriptor } from "emdash/media";
+
+//#region src/media/images.d.ts
+/**
+ * Cloudflare Images configuration
+ */
+interface CloudflareImagesConfig {
+  /**
+   * Cloudflare Account ID (for API calls)
+   * If not provided, reads from accountIdEnvVar at runtime
+   */
+  accountId?: string;
+  /**
+   * Environment variable name containing the Account ID
+   * @default "CF_ACCOUNT_ID"
+   */
+  accountIdEnvVar?: string;
+  /**
+   * Cloudflare Images Account Hash (for delivery URLs)
+   * This is different from the Account ID - find it in the Cloudflare dashboard
+   * under Images > Overview > "Account Hash"
+   * If not provided, reads from accountHashEnvVar at runtime
+   */
+  accountHash?: string;
+  /**
+   * Environment variable name containing the Account Hash
+   * @default "CF_IMAGES_ACCOUNT_HASH"
+   */
+  accountHashEnvVar?: string;
+  /**
+   * API Token with Images permissions
+   * If not provided, reads from apiTokenEnvVar at runtime
+   * Should have "Cloudflare Images: Read" and "Cloudflare Images: Edit" permissions
+   */
+  apiToken?: string;
+  /**
+   * Environment variable name containing the API token
+   * @default "CF_IMAGES_TOKEN"
+   */
+  apiTokenEnvVar?: string;
+  /**
+   * Custom delivery domain (optional)
+   * If not specified, uses imagedelivery.net
+   * @example "images.example.com"
+   */
+  deliveryDomain?: string;
+  /**
+   * Default variant to use for display
+   * @default "public"
+   */
+  defaultVariant?: string;
+}
+/**
+ * Cloudflare Images media provider
+ *
+ * @example
+ * ```ts
+ * import { cloudflareImages } from "@emdash-cms/cloudflare";
+ *
+ * emdash({
+ *   mediaProviders: [
+ *     // Uses CF_ACCOUNT_ID and CF_IMAGES_TOKEN env vars by default
+ *     cloudflareImages({}),
+ *
+ *     // Or with custom env var names
+ *     cloudflareImages({
+ *       accountIdEnvVar: "MY_CF_ACCOUNT",
+ *       apiTokenEnvVar: "MY_CF_IMAGES_KEY",
+ *     }),
+ *   ],
+ * })
+ * ```
+ */
+declare function cloudflareImages(config: CloudflareImagesConfig): MediaProviderDescriptor<CloudflareImagesConfig>;
+//#endregion
+export { cloudflareImages as n, CloudflareImagesConfig as t };

package/dist/index.d.mts

@@ -0,0 +1,200 @@
+import { CloudflareCacheConfig } from "./cache/runtime.mjs";
+import { cloudflareCache } from "./cache/config.mjs";
+import { t as PreviewDOConfig } from "./do-types-CY0G0oyh.mjs";
+import { n as cloudflareImages, t as CloudflareImagesConfig } from "./images-4RT9Ag8_.mjs";
+import { n as cloudflareStream, t as CloudflareStreamConfig } from "./stream-DdbcvKi0.mjs";
+import { AuthDescriptor, DatabaseDescriptor, StorageDescriptor } from "emdash";
+
+//#region src/index.d.ts
+/**
+ * D1 configuration
+ */
+interface D1Config {
+  /**
+   * Name of the D1 binding in wrangler.toml
+   */
+  binding: string;
+  /**
+   * Read replication session mode.
+   *
+   * - `"disabled"` — No sessions. All queries go to primary. (default)
+   * - `"auto"` — Automatic session management. Anonymous requests use
+   *   `"first-unconstrained"` (nearest replica). Authenticated requests
+   *   use bookmark cookies for read-your-writes consistency.
+   * - `"primary-first"` — Like `"auto"`, but the first query in every
+   *   session goes to the primary. Use this if your site has very
+   *   frequent writes and you need stronger consistency guarantees
+   *   at the cost of higher read latency.
+   *
+   * Read replication must also be enabled on the D1 database itself
+   * (via dashboard or REST API).
+   */
+  session?: "disabled" | "auto" | "primary-first";
+  /**
+   * Cookie name for storing the session bookmark.
+   * Only used when session is `"auto"` or `"primary-first"`.
+   *
+   * @default "__ec_d1_bookmark"
+   */
+  bookmarkCookie?: string;
+}
+/**
+ * R2 storage configuration
+ */
+interface R2StorageConfig {
+  /**
+   * Name of the R2 binding in wrangler.toml
+   */
+  binding: string;
+  /**
+   * Public URL for accessing files (optional CDN)
+   */
+  publicUrl?: string;
+}
+/**
+ * Configuration for Cloudflare Access authentication
+ */
+interface AccessConfig {
+  /**
+   * Your Cloudflare Access team domain
+   * @example "myteam.cloudflareaccess.com"
+   */
+  teamDomain: string;
+  /**
+   * Application Audience (AUD) tag from Access application settings.
+   * For Cloudflare Workers, use `audienceEnvVar` instead to read at runtime.
+   */
+  audience?: string;
+  /**
+   * Environment variable name containing the audience tag.
+   * Read at runtime from environment.
+   * @default "CF_ACCESS_AUDIENCE"
+   */
+  audienceEnvVar?: string;
+  /**
+   * Automatically create EmDash users on first login
+   * @default true
+   */
+  autoProvision?: boolean;
+  /**
+   * Role level for users not matching any group in roleMapping
+   * @default 30 (Editor)
+   */
+  defaultRole?: number;
+  /**
+   * Update user's role on each login based on current IdP groups
+   * When false, role is only set on first provisioning
+   * @default false
+   */
+  syncRoles?: boolean;
+  /**
+   * Map IdP group names to EmDash role levels
+   * First match wins if user is in multiple groups
+   *
+   * @example
+   * ```ts
+   * roleMapping: {
+   *   "Admins": 50,        // Admin
+   *   "Developers": 40,    // Developer
+   *   "Content Team": 30,  // Editor
+   * }
+   * ```
+   */
+  roleMapping?: Record<string, number>;
+}
+/**
+ * Cloudflare D1 database adapter
+ *
+ * For Cloudflare Workers with D1 binding.
+ * Migrations run automatically at setup time - no need for manual SQL files.
+ *
+ * Uses a custom introspector that works around D1's restriction on
+ * cross-joins with pragma_table_info().
+ *
+ * @example
+ * ```ts
+ * database: d1({ binding: "DB" })
+ * ```
+ */
+declare function d1(config: D1Config): DatabaseDescriptor;
+/**
+ * Durable Object preview database adapter
+ *
+ * Each preview session gets an isolated SQLite database inside a DO,
+ * populated from a snapshot of the source EmDash site.
+ *
+ * Not for production use — preview only.
+ *
+ * @example
+ * ```ts
+ * database: previewDatabase({ binding: "PREVIEW_DB" })
+ * ```
+ */
+declare function previewDatabase(config: PreviewDOConfig): DatabaseDescriptor;
+/**
+ * Durable Object playground database adapter
+ *
+ * Each playground session gets an isolated SQLite database inside a DO,
+ * populated from a seed file with migrations run at init time.
+ * Unlike preview, playground is writable and has admin access.
+ *
+ * Not for production use -- playground/demo only.
+ *
+ * @example
+ * ```ts
+ * database: playgroundDatabase({ binding: "PLAYGROUND_DB" })
+ * ```
+ */
+declare function playgroundDatabase(config: PreviewDOConfig): DatabaseDescriptor;
+/**
+ * Cloudflare R2 binding adapter
+ *
+ * Uses R2 bindings directly when running on Cloudflare Workers.
+ * Does NOT support signed upload URLs (use s3() with R2 credentials instead).
+ *
+ * Requires R2 binding in wrangler.toml:
+ * ```toml
+ * [[r2_buckets]]
+ * binding = "MEDIA"
+ * bucket_name = "my-media-bucket"
+ * ```
+ *
+ * @example
+ * ```ts
+ * storage: r2({ binding: "MEDIA" })
+ * ```
+ */
+declare function r2(config: R2StorageConfig): StorageDescriptor;
+/**
+ * Cloudflare Access authentication adapter
+ *
+ * Use this to configure EmDash to authenticate via Cloudflare Access.
+ * When Access is configured, passkey auth is disabled.
+ *
+ * @example
+ * ```ts
+ * auth: access({
+ *   teamDomain: "myteam.cloudflareaccess.com",
+ *   audience: "abc123...",
+ *   roleMapping: {
+ *     "Admins": 50,
+ *     "Editors": 30,
+ *   },
+ * })
+ * ```
+ */
+declare function access(config: AccessConfig): AuthDescriptor;
+/**
+ * Cloudflare Worker Loader sandbox adapter
+ *
+ * Returns the module path for the Cloudflare sandbox runner.
+ * Use this in the `sandboxRunner` config option.
+ *
+ * @example
+ * ```ts
+ * sandboxRunner: sandbox()
+ * ```
+ */
+declare function sandbox(): string;
+//#endregion
+export { AccessConfig, type CloudflareCacheConfig, type CloudflareImagesConfig, type CloudflareStreamConfig, D1Config, type PreviewDOConfig, R2StorageConfig, access, cloudflareCache, cloudflareImages, cloudflareStream, d1, playgroundDatabase, previewDatabase, r2, sandbox };