@fydemy/cms 1.0.0

package/dist/index.js

@@ -0,0 +1,934 @@
+"use strict";
+var __create = Object.create;
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __esm = (fn, res) => function __init() {
+  return fn && (res = (0, fn[__getOwnPropNames(fn)[0]])(fn = 0)), res;
+};
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/utils/rate-limit.ts
+var rate_limit_exports = {};
+__export(rate_limit_exports, {
+  checkRateLimit: () => checkRateLimit,
+  cleanupRateLimitStore: () => cleanupRateLimitStore,
+  incrementRateLimit: () => incrementRateLimit,
+  resetRateLimit: () => resetRateLimit
+});
+function checkRateLimit(identifier) {
+  const now = Date.now();
+  const entry = rateLimitStore.get(identifier);
+  if (!entry || now > entry.resetTime) {
+    rateLimitStore.set(identifier, {
+      count: 0,
+      resetTime: now + WINDOW_MS
+    });
+    return {
+      isLimited: false,
+      remaining: MAX_ATTEMPTS,
+      resetTime: now + WINDOW_MS
+    };
+  }
+  if (entry.count >= MAX_ATTEMPTS) {
+    return {
+      isLimited: true,
+      remaining: 0,
+      resetTime: entry.resetTime
+    };
+  }
+  return {
+    isLimited: false,
+    remaining: MAX_ATTEMPTS - entry.count,
+    resetTime: entry.resetTime
+  };
+}
+function incrementRateLimit(identifier) {
+  const now = Date.now();
+  const entry = rateLimitStore.get(identifier);
+  if (!entry || now > entry.resetTime) {
+    rateLimitStore.set(identifier, {
+      count: 1,
+      resetTime: now + WINDOW_MS
+    });
+  } else {
+    entry.count++;
+  }
+}
+function resetRateLimit(identifier) {
+  rateLimitStore.delete(identifier);
+}
+function cleanupRateLimitStore() {
+  const now = Date.now();
+  for (const [identifier, entry] of rateLimitStore.entries()) {
+    if (now > entry.resetTime) {
+      rateLimitStore.delete(identifier);
+    }
+  }
+}
+var rateLimitStore, MAX_ATTEMPTS, WINDOW_MS;
+var init_rate_limit = __esm({
+  "src/utils/rate-limit.ts"() {
+    "use strict";
+    rateLimitStore = /* @__PURE__ */ new Map();
+    MAX_ATTEMPTS = 5;
+    WINDOW_MS = 15 * 60 * 1e3;
+    if (typeof setInterval !== "undefined") {
+      setInterval(cleanupRateLimitStore, 5 * 60 * 1e3);
+    }
+  }
+});
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  GitHubStorage: () => GitHubStorage,
+  LocalStorage: () => LocalStorage,
+  MAX_FILE_SIZE: () => MAX_FILE_SIZE,
+  MAX_PASSWORD_LENGTH: () => MAX_PASSWORD_LENGTH,
+  MAX_USERNAME_LENGTH: () => MAX_USERNAME_LENGTH,
+  checkRateLimit: () => checkRateLimit,
+  clearSessionCookie: () => clearSessionCookie,
+  createAuthMiddleware: () => createAuthMiddleware,
+  createContentApiHandlers: () => createContentApiHandlers,
+  createListApiHandlers: () => createListApiHandlers,
+  createSession: () => createSession,
+  deleteMarkdownContent: () => deleteMarkdownContent,
+  getCollectionItem: () => getCollectionItem,
+  getCollectionItems: () => getCollectionItems,
+  getCollections: () => getCollections,
+  getMarkdownContent: () => getMarkdownContent,
+  getSessionFromCookies: () => getSessionFromCookies,
+  getStorageProvider: () => getStorageProvider,
+  handleDeleteContent: () => handleDeleteContent,
+  handleGetContent: () => handleGetContent,
+  handleListFiles: () => handleListFiles,
+  handleLogin: () => handleLogin,
+  handleLogout: () => handleLogout,
+  handleSaveContent: () => handleSaveContent,
+  handleUpload: () => handleUpload,
+  incrementRateLimit: () => incrementRateLimit,
+  initCMS: () => initCMS,
+  listDirectory: () => listDirectory,
+  listMarkdownFiles: () => listMarkdownFiles,
+  markdownFileExists: () => markdownFileExists,
+  parseMarkdown: () => parseMarkdown,
+  resetRateLimit: () => resetRateLimit,
+  sanitizeFrontmatter: () => sanitizeFrontmatter,
+  saveMarkdownContent: () => saveMarkdownContent,
+  setSessionCookie: () => setSessionCookie,
+  stringifyMarkdown: () => stringifyMarkdown,
+  uploadFile: () => uploadFile,
+  validateCredentials: () => validateCredentials,
+  validateFilePath: () => validateFilePath,
+  validateFileSize: () => validateFileSize,
+  validatePassword: () => validatePassword,
+  validateUsername: () => validateUsername,
+  verifySession: () => verifySession
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/content/markdown.ts
+var import_gray_matter = __toESM(require("gray-matter"));
+
+// src/content/storage.ts
+var import_promises = __toESM(require("fs/promises"));
+var import_path = __toESM(require("path"));
+var import_rest = require("@octokit/rest");
+var LocalStorage = class {
+  constructor(baseDir = "public/content") {
+    this.baseDir = baseDir;
+  }
+  getFullPath(filePath) {
+    return import_path.default.join(process.cwd(), this.baseDir, filePath);
+  }
+  async readFile(filePath) {
+    const fullPath = this.getFullPath(filePath);
+    return import_promises.default.readFile(fullPath, "utf-8");
+  }
+  async writeFile(filePath, content) {
+    const fullPath = this.getFullPath(filePath);
+    await import_promises.default.mkdir(import_path.default.dirname(fullPath), { recursive: true });
+    await import_promises.default.writeFile(fullPath, content, "utf-8");
+  }
+  async deleteFile(filePath) {
+    const fullPath = this.getFullPath(filePath);
+    await import_promises.default.unlink(fullPath);
+  }
+  async listFiles(directory) {
+    const fullPath = this.getFullPath(directory);
+    try {
+      const entries = await import_promises.default.readdir(fullPath, { withFileTypes: true });
+      return entries.map((entry) => ({
+        path: import_path.default.join(directory, entry.name),
+        name: entry.name,
+        type: entry.isDirectory() ? "directory" : "file"
+      })).filter(
+        (entry) => entry.type === "directory" || entry.name.endsWith(".md")
+      );
+    } catch (error) {
+      return [];
+    }
+  }
+  async exists(filePath) {
+    try {
+      const fullPath = this.getFullPath(filePath);
+      await import_promises.default.access(fullPath);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  async uploadFile(filePath, buffer) {
+    const uploadPath = import_path.default.join(process.cwd(), "public", "uploads", filePath);
+    await import_promises.default.mkdir(import_path.default.dirname(uploadPath), { recursive: true });
+    await import_promises.default.writeFile(uploadPath, buffer);
+    return `/uploads/${filePath}`;
+  }
+};
+var GitHubStorage = class {
+  constructor() {
+    const token = process.env.GITHUB_TOKEN;
+    const repoInfo = process.env.GITHUB_REPO;
+    if (!token || !repoInfo) {
+      throw new Error(
+        "GITHUB_TOKEN and GITHUB_REPO must be set for production"
+      );
+    }
+    const [owner, repo] = repoInfo.split("/");
+    if (!owner || !repo) {
+      throw new Error('GITHUB_REPO must be in format "owner/repo"');
+    }
+    this.octokit = new import_rest.Octokit({ auth: token });
+    this.owner = owner;
+    this.repo = repo;
+    this.branch = process.env.GITHUB_BRANCH || "main";
+    this.baseDir = "public/content";
+  }
+  getGitHubPath(filePath) {
+    return `${this.baseDir}/${filePath}`;
+  }
+  async readFile(filePath) {
+    const { data } = await this.octokit.repos.getContent({
+      owner: this.owner,
+      repo: this.repo,
+      path: this.getGitHubPath(filePath),
+      ref: this.branch
+    });
+    if ("content" in data) {
+      return Buffer.from(data.content, "base64").toString("utf-8");
+    }
+    throw new Error("File not found");
+  }
+  async writeFile(filePath, content) {
+    const githubPath = this.getGitHubPath(filePath);
+    let sha;
+    try {
+      const { data } = await this.octokit.repos.getContent({
+        owner: this.owner,
+        repo: this.repo,
+        path: githubPath,
+        ref: this.branch
+      });
+      if ("sha" in data) {
+        sha = data.sha;
+      }
+    } catch (error) {
+    }
+    await this.octokit.repos.createOrUpdateFileContents({
+      owner: this.owner,
+      repo: this.repo,
+      path: githubPath,
+      message: `Update ${filePath}`,
+      content: Buffer.from(content).toString("base64"),
+      branch: this.branch,
+      sha
+    });
+  }
+  async deleteFile(filePath) {
+    const githubPath = this.getGitHubPath(filePath);
+    const { data } = await this.octokit.repos.getContent({
+      owner: this.owner,
+      repo: this.repo,
+      path: githubPath,
+      ref: this.branch
+    });
+    if ("sha" in data) {
+      await this.octokit.repos.deleteFile({
+        owner: this.owner,
+        repo: this.repo,
+        path: githubPath,
+        message: `Delete ${filePath}`,
+        sha: data.sha,
+        branch: this.branch
+      });
+    }
+  }
+  async listFiles(directory) {
+    const githubPath = this.getGitHubPath(directory);
+    try {
+      const { data } = await this.octokit.repos.getContent({
+        owner: this.owner,
+        repo: this.repo,
+        path: githubPath,
+        ref: this.branch
+      });
+      if (Array.isArray(data)) {
+        return data.map((item) => ({
+          path: import_path.default.join(directory, item.name),
+          name: item.name,
+          type: item.type === "dir" ? "directory" : "file"
+        })).filter(
+          (entry) => entry.type === "directory" || entry.name.endsWith(".md")
+        );
+      }
+    } catch (error) {
+    }
+    return [];
+  }
+  async exists(filePath) {
+    try {
+      await this.octokit.repos.getContent({
+        owner: this.owner,
+        repo: this.repo,
+        path: this.getGitHubPath(filePath),
+        ref: this.branch
+      });
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  async uploadFile(filePath, buffer) {
+    const uploadPath = `public/uploads/${filePath}`;
+    await this.octokit.repos.createOrUpdateFileContents({
+      owner: this.owner,
+      repo: this.repo,
+      path: uploadPath,
+      message: `Upload file: ${filePath}`,
+      content: buffer.toString("base64"),
+      branch: this.branch
+    });
+    return `/uploads/${filePath}`;
+  }
+};
+function getStorageProvider() {
+  if (process.env.NODE_ENV === "production" && process.env.GITHUB_TOKEN) {
+    return new GitHubStorage();
+  }
+  return new LocalStorage();
+}
+
+// src/utils/validation.ts
+var import_path2 = __toESM(require("path"));
+var MAX_USERNAME_LENGTH = 100;
+var MAX_PASSWORD_LENGTH = 1e3;
+var MAX_FILE_SIZE = 10 * 1024 * 1024;
+function validateFilePath(filePath) {
+  if (!filePath || typeof filePath !== "string") {
+    throw new Error("Invalid file path");
+  }
+  if (filePath.includes("\0")) {
+    throw new Error("Invalid file path: null byte detected");
+  }
+  if (filePath.includes("..")) {
+    throw new Error("Invalid file path: directory traversal detected");
+  }
+  const normalized = import_path2.default.normalize(filePath).replace(/^(\.\.(\/|\\|$))+/, "");
+  if (normalized.startsWith("/") || normalized.startsWith("\\")) {
+    throw new Error("Invalid file path: directory traversal detected");
+  }
+  const dangerousPatterns = [
+    /\.\./,
+    /^[/\\]/,
+    /[<>:"|?*]/,
+    /\x00/,
+    /^(con|prn|aux|nul|com[0-9]|lpt[0-9])(\..*)?$/i
+    // Windows reserved names
+  ];
+  for (const pattern of dangerousPatterns) {
+    if (pattern.test(normalized)) {
+      throw new Error("Invalid file path: contains dangerous characters");
+    }
+  }
+  return normalized;
+}
+function validateUsername(username) {
+  if (!username || typeof username !== "string") {
+    throw new Error("Username is required");
+  }
+  if (username.length > MAX_USERNAME_LENGTH) {
+    throw new Error(
+      `Username must be ${MAX_USERNAME_LENGTH} characters or less`
+    );
+  }
+  if (!/^[a-zA-Z0-9_-]+$/.test(username)) {
+    throw new Error(
+      "Username must contain only letters, numbers, underscores, and hyphens"
+    );
+  }
+  return true;
+}
+function validatePassword(password) {
+  if (!password || typeof password !== "string") {
+    throw new Error("Password is required");
+  }
+  if (password.length > MAX_PASSWORD_LENGTH) {
+    throw new Error(
+      `Password must be ${MAX_PASSWORD_LENGTH} characters or less`
+    );
+  }
+  return true;
+}
+function validateFileSize(size) {
+  if (size > MAX_FILE_SIZE) {
+    throw new Error(
+      `File size exceeds maximum allowed size of ${MAX_FILE_SIZE / 1024 / 1024}MB`
+    );
+  }
+  return true;
+}
+function sanitizeFrontmatter(data) {
+  const sanitized = {};
+  for (const [key, value] of Object.entries(data)) {
+    if (!/^[a-zA-Z0-9_-]+$/.test(key)) {
+      continue;
+    }
+    if (typeof value === "string") {
+      sanitized[key] = value.replace(/\x00/g, "");
+    } else if (typeof value === "number" || typeof value === "boolean" || value === null) {
+      sanitized[key] = value;
+    } else if (Array.isArray(value)) {
+      sanitized[key] = value.map(
+        (item) => typeof item === "string" ? item.replace(/\x00/g, "") : item
+      );
+    } else if (typeof value === "object") {
+      sanitized[key] = sanitizeFrontmatter(value);
+    }
+  }
+  return sanitized;
+}
+
+// src/content/markdown.ts
+function parseMarkdown(rawContent) {
+  const { data, content } = (0, import_gray_matter.default)(rawContent);
+  return { data, content };
+}
+function stringifyMarkdown(data, content) {
+  return import_gray_matter.default.stringify(content, data);
+}
+async function getMarkdownContent(filePath) {
+  const validatedPath = validateFilePath(filePath);
+  const storage = getStorageProvider();
+  const rawContent = await storage.readFile(validatedPath);
+  const size = Buffer.byteLength(rawContent, "utf-8");
+  if (size > MAX_FILE_SIZE) {
+    throw new Error(
+      `File size (${size} bytes) exceeds maximum allowed size (${MAX_FILE_SIZE} bytes)`
+    );
+  }
+  return parseMarkdown(rawContent);
+}
+async function saveMarkdownContent(filePath, data, content) {
+  const validatedPath = validateFilePath(filePath);
+  const sanitizedData = sanitizeFrontmatter(data);
+  const markdown = stringifyMarkdown(sanitizedData, content);
+  const size = Buffer.byteLength(markdown, "utf-8");
+  if (size > MAX_FILE_SIZE) {
+    throw new Error(
+      `Content size (${size} bytes) exceeds maximum allowed size (${MAX_FILE_SIZE} bytes)`
+    );
+  }
+  const storage = getStorageProvider();
+  await storage.writeFile(validatedPath, markdown);
+}
+async function deleteMarkdownContent(filePath) {
+  const validatedPath = validateFilePath(filePath);
+  const storage = getStorageProvider();
+  await storage.deleteFile(validatedPath);
+}
+async function listMarkdownFiles(directory = "") {
+  const validatedDir = directory ? validateFilePath(directory) : "";
+  const storage = getStorageProvider();
+  const entries = await storage.listFiles(validatedDir);
+  return entries.filter((entry) => entry.type === "file").map((entry) => entry.path);
+}
+async function markdownFileExists(filePath) {
+  const validatedPath = validateFilePath(filePath);
+  const storage = getStorageProvider();
+  return storage.exists(validatedPath);
+}
+
+// src/content/directory.ts
+async function listDirectory(directory = "") {
+  const storage = getStorageProvider();
+  return storage.listFiles(directory);
+}
+
+// src/content/collection.ts
+async function getCollectionItems(folderName) {
+  const storage = getStorageProvider();
+  const entries = await storage.listFiles(folderName);
+  const mdFiles = entries.filter(
+    (entry) => entry.type === "file" && entry.path.endsWith(".md")
+  );
+  const items = await Promise.all(
+    mdFiles.map(async (file) => {
+      const rawContent = await storage.readFile(file.path);
+      const { data, content } = parseMarkdown(rawContent);
+      const slug = file.path.split("/").pop().replace(/\.md$/, "");
+      return {
+        content,
+        data,
+        slug
+      };
+    })
+  );
+  return items;
+}
+async function getCollectionItem(folderName, slug) {
+  const storage = getStorageProvider();
+  const filePath = `${folderName}/${slug}.md`;
+  try {
+    const exists = await storage.exists(filePath);
+    if (!exists) {
+      return null;
+    }
+    const rawContent = await storage.readFile(filePath);
+    const { data, content } = parseMarkdown(rawContent);
+    return {
+      content,
+      data,
+      slug
+    };
+  } catch (error) {
+    return null;
+  }
+}
+async function getCollections(baseDir = "") {
+  const storage = getStorageProvider();
+  const entries = await storage.listFiles(baseDir);
+  return entries.filter((entry) => entry.type === "directory").map((entry) => entry.path.split("/").pop()).filter(Boolean);
+}
+
+// src/content/upload.ts
+async function uploadFile(fileName, buffer) {
+  const storage = getStorageProvider();
+  const timestamp = Date.now();
+  const ext = fileName.split(".").pop();
+  const nameWithoutExt = fileName.replace(`.${ext}`, "");
+  const uniqueFileName = `${nameWithoutExt}-${timestamp}.${ext}`;
+  return storage.uploadFile(uniqueFileName, buffer);
+}
+
+// src/auth/session.ts
+var import_jose = require("jose");
+var import_headers = require("next/headers");
+var SESSION_COOKIE_NAME = "cms-session";
+var SESSION_DURATION = 60 * 60 * 24 * 7;
+function getSecretKey() {
+  const secret = process.env.CMS_SESSION_SECRET;
+  if (!secret || secret.length < 32) {
+    throw new Error("CMS_SESSION_SECRET must be at least 32 characters");
+  }
+  return new TextEncoder().encode(secret);
+}
+async function createSession(username) {
+  const payload = {
+    username,
+    exp: Math.floor(Date.now() / 1e3) + SESSION_DURATION
+  };
+  const token = await new import_jose.SignJWT(payload).setProtectedHeader({ alg: "HS256" }).setExpirationTime("7d").sign(getSecretKey());
+  return token;
+}
+async function verifySession(token) {
+  try {
+    const { payload } = await (0, import_jose.jwtVerify)(token, getSecretKey());
+    if (typeof payload.username === "string" && typeof payload.exp === "number") {
+      return payload;
+    }
+    return null;
+  } catch (error) {
+    return null;
+  }
+}
+async function getSessionFromCookies() {
+  const cookieStore = await (0, import_headers.cookies)();
+  const token = cookieStore.get(SESSION_COOKIE_NAME)?.value;
+  if (!token) {
+    return null;
+  }
+  return verifySession(token);
+}
+async function setSessionCookie(token) {
+  const cookieStore = await (0, import_headers.cookies)();
+  cookieStore.set(SESSION_COOKIE_NAME, token, {
+    httpOnly: true,
+    secure: process.env.NODE_ENV === "production",
+    sameSite: "lax",
+    maxAge: SESSION_DURATION,
+    path: "/"
+  });
+}
+async function clearSessionCookie() {
+  const cookieStore = await (0, import_headers.cookies)();
+  cookieStore.delete(SESSION_COOKIE_NAME);
+}
+
+// src/auth/login.ts
+var import_crypto = __toESM(require("crypto"));
+function validateCredentials(username, password) {
+  try {
+    validateUsername(username);
+    validatePassword(password);
+  } catch (error) {
+    return false;
+  }
+  const envUsername = process.env.CMS_ADMIN_USERNAME;
+  const envPassword = process.env.CMS_ADMIN_PASSWORD;
+  if (!envUsername || !envPassword) {
+    throw new Error(
+      "CMS_ADMIN_USERNAME and CMS_ADMIN_PASSWORD must be set in environment variables"
+    );
+  }
+  const usernameMatch = timingSafeEqual(username, envUsername);
+  const passwordMatch = timingSafeEqual(password, envPassword);
+  return usernameMatch && passwordMatch;
+}
+function timingSafeEqual(a, b) {
+  try {
+    const bufferA = Buffer.from(a, "utf-8");
+    const bufferB = Buffer.from(b, "utf-8");
+    if (bufferA.length !== bufferB.length) {
+      const dummyBuffer = Buffer.alloc(bufferA.length);
+      import_crypto.default.timingSafeEqual(bufferA, dummyBuffer);
+      return false;
+    }
+    return import_crypto.default.timingSafeEqual(bufferA, bufferB);
+  } catch {
+    return false;
+  }
+}
+
+// src/api/handlers.ts
+var import_server = require("next/server");
+async function handleLogin(request) {
+  try {
+    const ip = request.headers.get("x-forwarded-for")?.split(",")[0] || request.headers.get("x-real-ip") || "unknown";
+    const { checkRateLimit: checkRateLimit2, incrementRateLimit: incrementRateLimit2, resetRateLimit: resetRateLimit2 } = await Promise.resolve().then(() => (init_rate_limit(), rate_limit_exports));
+    const rateLimit = checkRateLimit2(ip);
+    if (rateLimit.isLimited) {
+      const retryAfter = Math.ceil((rateLimit.resetTime - Date.now()) / 1e3);
+      return import_server.NextResponse.json(
+        {
+          error: "Too many login attempts. Please try again later.",
+          retryAfter
+        },
+        {
+          status: 429,
+          headers: {
+            "Retry-After": retryAfter.toString()
+          }
+        }
+      );
+    }
+    const body = await request.json();
+    const { username, password } = body;
+    if (!username || !password) {
+      return import_server.NextResponse.json(
+        { error: "Username and password are required" },
+        { status: 400 }
+      );
+    }
+    const isValid = validateCredentials(username, password);
+    if (!isValid) {
+      incrementRateLimit2(ip);
+      return import_server.NextResponse.json(
+        { error: "Invalid credentials" },
+        { status: 401 }
+      );
+    }
+    resetRateLimit2(ip);
+    const token = await createSession(username);
+    const response = import_server.NextResponse.json({ success: true });
+    response.cookies.set("cms-session", token, {
+      httpOnly: true,
+      secure: process.env.NODE_ENV === "production",
+      sameSite: "lax",
+      maxAge: 60 * 60 * 24 * 7,
+      // 7 days
+      path: "/"
+    });
+    return response;
+  } catch (error) {
+    console.error("Login error:", error);
+    return import_server.NextResponse.json(
+      { error: "Authentication service temporarily unavailable" },
+      { status: 500 }
+    );
+  }
+}
+async function handleLogout() {
+  const response = import_server.NextResponse.json({ success: true });
+  response.cookies.delete("cms-session");
+  return response;
+}
+async function handleGetContent(_request, filePath) {
+  try {
+    const session = await getSessionFromCookies();
+    if (!session) {
+      return import_server.NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+    }
+    const content = await getMarkdownContent(filePath);
+    return import_server.NextResponse.json(content);
+  } catch (error) {
+    console.error("Get content error:", error);
+    return import_server.NextResponse.json(
+      { error: "Failed to read content" },
+      { status: 500 }
+    );
+  }
+}
+async function handleSaveContent(request, filePath) {
+  try {
+    const session = await getSessionFromCookies();
+    if (!session) {
+      return import_server.NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+    }
+    const body = await request.json();
+    const { data, content } = body;
+    await saveMarkdownContent(filePath, data || {}, content || "");
+    return import_server.NextResponse.json({ success: true });
+  } catch (error) {
+    console.error("Save content error:", error);
+    return import_server.NextResponse.json(
+      { error: "Failed to save content" },
+      { status: 500 }
+    );
+  }
+}
+async function handleDeleteContent(_request, filePath) {
+  try {
+    const session = await getSessionFromCookies();
+    if (!session) {
+      return import_server.NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+    }
+    await deleteMarkdownContent(filePath);
+    return import_server.NextResponse.json({ success: true });
+  } catch (error) {
+    console.error("Delete content error:", error);
+    return import_server.NextResponse.json(
+      { error: "Failed to delete content" },
+      { status: 500 }
+    );
+  }
+}
+async function handleListFiles(directory = "") {
+  try {
+    const session = await getSessionFromCookies();
+    if (!session) {
+      return import_server.NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+    }
+    const entries = await listDirectory(directory);
+    return import_server.NextResponse.json({ entries });
+  } catch (error) {
+    console.error("List files error:", error);
+    return import_server.NextResponse.json(
+      { error: "Failed to list files" },
+      { status: 500 }
+    );
+  }
+}
+function createContentApiHandlers() {
+  return {
+    async GET(request, { params }) {
+      const filePath = params.path.join("/");
+      return handleGetContent(request, filePath);
+    },
+    async POST(request, { params }) {
+      const filePath = params.path.join("/");
+      return handleSaveContent(request, filePath);
+    },
+    async DELETE(request, { params }) {
+      const filePath = params.path.join("/");
+      return handleDeleteContent(request, filePath);
+    }
+  };
+}
+function createListApiHandlers() {
+  return {
+    async GET(_request, { params }) {
+      const directory = params?.path?.join("/") || "";
+      return handleListFiles(directory);
+    }
+  };
+}
+
+// src/api/upload.ts
+var import_server2 = require("next/server");
+async function handleUpload(request) {
+  try {
+    const session = await getSessionFromCookies();
+    if (!session) {
+      return import_server2.NextResponse.json({ error: "Unauthorized" }, { status: 401 });
+    }
+    const formData = await request.formData();
+    const file = formData.get("file");
+    if (!file) {
+      return import_server2.NextResponse.json({ error: "No file provided" }, { status: 400 });
+    }
+    const bytes = await file.arrayBuffer();
+    const buffer = Buffer.from(bytes);
+    const publicUrl = await uploadFile(file.name, buffer);
+    return import_server2.NextResponse.json({
+      success: true,
+      url: publicUrl,
+      filename: file.name
+    });
+  } catch (error) {
+    console.error("Upload error:", error);
+    return import_server2.NextResponse.json(
+      { error: "Failed to upload file" },
+      { status: 500 }
+    );
+  }
+}
+
+// src/middleware/auth.ts
+var import_server3 = require("next/server");
+function createAuthMiddleware(options = {}) {
+  const loginPath = options.loginPath || "/admin/login";
+  const protectedPaths = options.protectedPaths || ["/admin"];
+  return async function middleware(request) {
+    const { pathname } = request.nextUrl;
+    const isProtected = protectedPaths.some(
+      (path4) => pathname.startsWith(path4)
+    );
+    if (!isProtected) {
+      return import_server3.NextResponse.next();
+    }
+    if (pathname === loginPath) {
+      return import_server3.NextResponse.next();
+    }
+    const session = await getSessionFromCookies();
+    if (!session) {
+      const url = request.nextUrl.clone();
+      url.pathname = loginPath;
+      url.searchParams.set("from", pathname);
+      return import_server3.NextResponse.redirect(url);
+    }
+    return import_server3.NextResponse.next();
+  };
+}
+
+// src/init/setup.ts
+var import_promises2 = __toESM(require("fs/promises"));
+var import_path3 = __toESM(require("path"));
+async function initCMS(config = {}) {
+  const contentDir = config.contentDir || "public/content";
+  const fullPath = import_path3.default.join(process.cwd(), contentDir);
+  await import_promises2.default.mkdir(fullPath, { recursive: true });
+  const exampleContent = `---
+title: Example Post
+description: This is an example markdown file
+date: ${(/* @__PURE__ */ new Date()).toISOString()}
+---
+
+# Welcome to your CMS!
+
+This is an example markdown file. You can edit or delete it from the admin dashboard.
+
+## Features
+
+- File-based content storage
+- Markdown with frontmatter
+- GitHub integration for production
+- Simple authentication
+- No database required
+`;
+  const examplePath = import_path3.default.join(fullPath, "example.md");
+  await import_promises2.default.writeFile(examplePath, exampleContent, "utf-8");
+  console.log("\u2705 CMS initialized successfully!");
+  console.log(`\u{1F4C1} Content directory: ${contentDir}`);
+  console.log(`\u{1F4DD} Example file created: ${contentDir}/example.md`);
+  console.log("");
+  console.log("Next steps:");
+  console.log("1. Set up environment variables in .env.local:");
+  console.log("   - CMS_ADMIN_USERNAME");
+  console.log("   - CMS_ADMIN_PASSWORD");
+  console.log("   - CMS_SESSION_SECRET (min 32 characters)");
+  console.log("2. For production: GITHUB_TOKEN, GITHUB_REPO, GITHUB_BRANCH");
+  console.log("3. Import and use the CMS utilities in your Next.js app");
+}
+
+// src/index.ts
+init_rate_limit();
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  GitHubStorage,
+  LocalStorage,
+  MAX_FILE_SIZE,
+  MAX_PASSWORD_LENGTH,
+  MAX_USERNAME_LENGTH,
+  checkRateLimit,
+  clearSessionCookie,
+  createAuthMiddleware,
+  createContentApiHandlers,
+  createListApiHandlers,
+  createSession,
+  deleteMarkdownContent,
+  getCollectionItem,
+  getCollectionItems,
+  getCollections,
+  getMarkdownContent,
+  getSessionFromCookies,
+  getStorageProvider,
+  handleDeleteContent,
+  handleGetContent,
+  handleListFiles,
+  handleLogin,
+  handleLogout,
+  handleSaveContent,
+  handleUpload,
+  incrementRateLimit,
+  initCMS,
+  listDirectory,
+  listMarkdownFiles,
+  markdownFileExists,
+  parseMarkdown,
+  resetRateLimit,
+  sanitizeFrontmatter,
+  saveMarkdownContent,
+  setSessionCookie,
+  stringifyMarkdown,
+  uploadFile,
+  validateCredentials,
+  validateFilePath,
+  validateFileSize,
+  validatePassword,
+  validateUsername,
+  verifySession
+});
+//# sourceMappingURL=index.js.map