@hasna/shortlinks 0.1.9 → 0.1.11

package/dist/index.js

@@ -0,0 +1,1199 @@
+// @bun
+var __require = import.meta.require;
+
+// src/database.ts
+import { Database } from "bun:sqlite";
+import { mkdirSync as mkdirSync2 } from "fs";
+import { dirname as dirname2 } from "path";
+
+// src/config.ts
+import { existsSync, mkdirSync, readFileSync, writeFileSync } from "fs";
+import { homedir } from "os";
+import { dirname, join, resolve } from "path";
+var SERVICE_NAME = "shortlinks";
+var DEFAULT_DATA_DIR = join(homedir(), ".hasna", SERVICE_NAME);
+function getDataDir() {
+  return resolve(process.env.SHORTLINKS_HOME || DEFAULT_DATA_DIR);
+}
+function ensureDataDir() {
+  const dir = getDataDir();
+  mkdirSync(dir, { recursive: true });
+  return dir;
+}
+function getConfigPath() {
+  return join(ensureDataDir(), "config.json");
+}
+function getDatabasePath(explicitPath) {
+  if (explicitPath)
+    return resolve(explicitPath);
+  if (process.env.SHORTLINKS_DB)
+    return resolve(process.env.SHORTLINKS_DB);
+  return join(ensureDataDir(), `${SERVICE_NAME}.db`);
+}
+function loadConfig() {
+  const path = getConfigPath();
+  if (!existsSync(path))
+    return {};
+  try {
+    const parsed = JSON.parse(readFileSync(path, "utf-8"));
+    return parsed && typeof parsed === "object" ? parsed : {};
+  } catch {
+    return {};
+  }
+}
+function saveConfig(config) {
+  const path = getConfigPath();
+  mkdirSync(dirname(path), { recursive: true });
+  writeFileSync(path, `${JSON.stringify(config, null, 2)}
+`);
+}
+function updateConfig(patch) {
+  const next = {
+    ...loadConfig(),
+    ...patch,
+    cloudflare: {
+      ...loadConfig().cloudflare,
+      ...patch.cloudflare
+    }
+  };
+  saveConfig(next);
+  return next;
+}
+function normalizeHostname(input) {
+  const raw = input.trim().toLowerCase();
+  if (!raw)
+    throw new Error("Domain is required.");
+  const withProtocol = raw.includes("://") ? raw : `https://${raw}`;
+  let hostname;
+  try {
+    hostname = new URL(withProtocol).hostname;
+  } catch {
+    throw new Error(`Invalid domain: ${input}`);
+  }
+  hostname = hostname.replace(/\.$/, "");
+  if (!/^[a-z0-9.-]+$/.test(hostname) || hostname.includes("..")) {
+    throw new Error(`Invalid domain: ${input}`);
+  }
+  return hostname;
+}
+function formatShortUrl(hostname, slug, publicBaseUrl) {
+  if (publicBaseUrl) {
+    const base = publicBaseUrl.endsWith("/") ? publicBaseUrl : `${publicBaseUrl}/`;
+    return new URL(slug, base).toString();
+  }
+  return `https://${hostname}/${slug}`;
+}
+
+// src/database.ts
+function now() {
+  return new Date().toISOString();
+}
+function makeId(prefix) {
+  const bytes = crypto.getRandomValues(new Uint8Array(12));
+  const hex = [...bytes].map((b) => b.toString(16).padStart(2, "0")).join("");
+  return `${prefix}_${hex}`;
+}
+var SQLITE_MIGRATIONS = [
+  `
+  CREATE TABLE IF NOT EXISTS domains (
+    id TEXT PRIMARY KEY,
+    hostname TEXT NOT NULL UNIQUE,
+    provider TEXT NOT NULL DEFAULT 'manual',
+    default_domain INTEGER NOT NULL DEFAULT 0,
+    cloudflare_zone_id TEXT,
+    cloudflare_account_id TEXT,
+    cloudflare_worker_name TEXT,
+    origin_url TEXT,
+    notes TEXT,
+    metadata TEXT NOT NULL DEFAULT '{}',
+    machine_id TEXT,
+    synced_at TEXT,
+    created_at TEXT NOT NULL,
+    updated_at TEXT NOT NULL
+  );
+
+  CREATE TABLE IF NOT EXISTS links (
+    id TEXT PRIMARY KEY,
+    domain_id TEXT NOT NULL REFERENCES domains(id) ON DELETE CASCADE,
+    slug TEXT NOT NULL,
+    destination_url TEXT NOT NULL,
+    title TEXT,
+    active INTEGER NOT NULL DEFAULT 1,
+    expires_at TEXT,
+    metadata TEXT NOT NULL DEFAULT '{}',
+    machine_id TEXT,
+    synced_at TEXT,
+    created_at TEXT NOT NULL,
+    updated_at TEXT NOT NULL,
+    UNIQUE(domain_id, slug)
+  );
+
+  CREATE TABLE IF NOT EXISTS clicks (
+    id TEXT PRIMARY KEY,
+    link_id TEXT NOT NULL REFERENCES links(id) ON DELETE CASCADE,
+    domain_id TEXT NOT NULL REFERENCES domains(id) ON DELETE CASCADE,
+    slug TEXT NOT NULL,
+    clicked_at TEXT NOT NULL,
+    ip_hash TEXT,
+    user_agent TEXT,
+    referer TEXT,
+    country TEXT,
+    city TEXT,
+    metadata TEXT NOT NULL DEFAULT '{}',
+    machine_id TEXT,
+    synced_at TEXT,
+    created_at TEXT NOT NULL,
+    updated_at TEXT NOT NULL
+  );
+
+  CREATE INDEX IF NOT EXISTS idx_domains_hostname ON domains(hostname);
+  CREATE INDEX IF NOT EXISTS idx_domains_default ON domains(default_domain);
+  CREATE INDEX IF NOT EXISTS idx_links_domain_slug ON links(domain_id, slug);
+  CREATE INDEX IF NOT EXISTS idx_links_active ON links(active);
+  CREATE INDEX IF NOT EXISTS idx_links_updated ON links(updated_at);
+  CREATE INDEX IF NOT EXISTS idx_clicks_link ON clicks(link_id);
+  CREATE INDEX IF NOT EXISTS idx_clicks_domain ON clicks(domain_id);
+  CREATE INDEX IF NOT EXISTS idx_clicks_clicked_at ON clicks(clicked_at);
+  CREATE INDEX IF NOT EXISTS idx_clicks_updated ON clicks(updated_at);
+  `
+];
+
+class ShortlinksDatabase {
+  db;
+  path;
+  constructor(path) {
+    this.path = getDatabasePath(path);
+    mkdirSync2(dirname2(this.path), { recursive: true });
+    this.db = new Database(this.path);
+    this.db.exec("PRAGMA foreign_keys = ON;");
+    this.applyMigrations();
+  }
+  close() {
+    this.db.close();
+  }
+  applyMigrations() {
+    this.db.exec(`
+      CREATE TABLE IF NOT EXISTS _migrations (
+        id INTEGER PRIMARY KEY,
+        applied_at TEXT NOT NULL
+      );
+    `);
+    for (let i = 0;i < SQLITE_MIGRATIONS.length; i += 1) {
+      const id = i + 1;
+      const applied = this.db.query("SELECT id FROM _migrations WHERE id = ?").get(id);
+      if (applied)
+        continue;
+      const migration = SQLITE_MIGRATIONS[i];
+      const apply = this.db.transaction(() => {
+        this.db.exec(migration);
+        this.db.query("INSERT INTO _migrations (id, applied_at) VALUES (?, ?)").run(id, now());
+      });
+      apply();
+    }
+  }
+}
+// src/store.ts
+import { createHash } from "crypto";
+
+// src/machine.ts
+import { existsSync as existsSync2, readFileSync as readFileSync2, writeFileSync as writeFileSync2 } from "fs";
+import { hostname } from "os";
+import { join as join2 } from "path";
+
+// src/slug.ts
+import { randomBytes } from "crypto";
+var SLUG_ALPHABET = "0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
+var DEFAULT_SLUG_LENGTH = 7;
+function randomToken(length = DEFAULT_SLUG_LENGTH) {
+  if (length < 1 || length > 128)
+    throw new Error("Token length must be between 1 and 128.");
+  const bytes = randomBytes(length);
+  let out = "";
+  for (let i = 0;i < length; i += 1) {
+    out += SLUG_ALPHABET[bytes[i] % SLUG_ALPHABET.length];
+  }
+  return out;
+}
+function normalizeSlug(slug) {
+  const normalized = slug.trim().replace(/^\/+/, "").replace(/\/+$/, "");
+  if (!normalized)
+    throw new Error("Slug is required.");
+  if (!/^[A-Za-z0-9_-]{1,96}$/.test(normalized)) {
+    throw new Error("Slug can only contain letters, numbers, underscores, and dashes.");
+  }
+  return normalized;
+}
+
+// src/machine.ts
+function getMachineId() {
+  const path = join2(ensureDataDir(), "machine-id");
+  if (existsSync2(path)) {
+    const existing = readFileSync2(path, "utf-8").trim();
+    if (existing)
+      return existing;
+  }
+  const safeHost = hostname().toLowerCase().replace(/[^a-z0-9]+/g, "-").replace(/^-|-$/g, "");
+  const id = `${safeHost || "machine"}-${randomToken(8).toLowerCase()}`;
+  writeFileSync2(path, `${id}
+`);
+  return id;
+}
+
+// src/store.ts
+function parseJsonObject(value) {
+  if (!value)
+    return {};
+  try {
+    const parsed = JSON.parse(value);
+    return parsed && typeof parsed === "object" && !Array.isArray(parsed) ? parsed : {};
+  } catch {
+    return {};
+  }
+}
+function domainFromRow(row) {
+  return {
+    ...row,
+    default_domain: Boolean(row.default_domain),
+    metadata: parseJsonObject(row.metadata)
+  };
+}
+function linkFromRow(row) {
+  const config = loadConfig();
+  const publicBaseUrl = config.defaultDomain === row.hostname ? config.publicBaseUrl : undefined;
+  return {
+    ...row,
+    active: Boolean(row.active),
+    metadata: parseJsonObject(row.metadata),
+    short_url: formatShortUrl(row.hostname, row.slug, publicBaseUrl)
+  };
+}
+function clickFromRow(row) {
+  return {
+    ...row,
+    metadata: parseJsonObject(row.metadata)
+  };
+}
+function validateDestinationUrl(url) {
+  let parsed;
+  try {
+    parsed = new URL(url);
+  } catch {
+    throw new Error(`Invalid destination URL: ${url}`);
+  }
+  if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+    throw new Error("Destination URL must start with http:// or https://.");
+  }
+  return parsed.toString();
+}
+function isoOrNull(input) {
+  if (!input)
+    return null;
+  const date = new Date(input);
+  if (Number.isNaN(date.getTime()))
+    throw new Error(`Invalid date: ${input}`);
+  return date.toISOString();
+}
+
+class ShortlinksStore {
+  database;
+  constructor(dbPath) {
+    this.database = new ShortlinksDatabase(dbPath);
+  }
+  close() {
+    this.database.close();
+  }
+  addDomain(input) {
+    const hostname2 = normalizeHostname(input.hostname);
+    const timestamp = now();
+    const machineId = getMachineId();
+    const existing = this.getDomain(hostname2);
+    const id = existing?.id || makeId("dom");
+    if (input.defaultDomain) {
+      this.database.db.query("UPDATE domains SET default_domain = 0, updated_at = ?, synced_at = NULL").run(timestamp);
+      updateConfig({ defaultDomain: hostname2, publicBaseUrl: `https://${hostname2}` });
+    }
+    this.database.db.query(`
+      INSERT INTO domains (
+        id, hostname, provider, default_domain, cloudflare_zone_id, cloudflare_account_id,
+        cloudflare_worker_name, origin_url, notes, metadata, machine_id, synced_at, created_at, updated_at
+      )
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NULL, ?, ?)
+      ON CONFLICT(hostname) DO UPDATE SET
+        provider = excluded.provider,
+        default_domain = excluded.default_domain,
+        cloudflare_zone_id = COALESCE(excluded.cloudflare_zone_id, domains.cloudflare_zone_id),
+        cloudflare_account_id = COALESCE(excluded.cloudflare_account_id, domains.cloudflare_account_id),
+        cloudflare_worker_name = COALESCE(excluded.cloudflare_worker_name, domains.cloudflare_worker_name),
+        origin_url = COALESCE(excluded.origin_url, domains.origin_url),
+        notes = COALESCE(excluded.notes, domains.notes),
+        metadata = excluded.metadata,
+        machine_id = excluded.machine_id,
+        synced_at = NULL,
+        updated_at = excluded.updated_at
+    `).run(id, hostname2, input.provider || existing?.provider || "manual", input.defaultDomain ?? existing?.default_domain ? 1 : 0, input.cloudflareZoneId || existing?.cloudflare_zone_id || null, input.cloudflareAccountId || existing?.cloudflare_account_id || null, input.cloudflareWorkerName || existing?.cloudflare_worker_name || null, input.originUrl || existing?.origin_url || null, input.notes || existing?.notes || null, JSON.stringify(input.metadata || existing?.metadata || {}), machineId, existing?.created_at || timestamp, timestamp);
+    return this.getDomain(hostname2);
+  }
+  listDomains() {
+    const rows = this.database.db.query(`
+      SELECT * FROM domains
+      ORDER BY default_domain DESC, hostname ASC
+    `).all();
+    return rows.map(domainFromRow);
+  }
+  getDomain(hostnameOrId) {
+    const normalized = hostnameOrId.includes(".") || hostnameOrId.includes("://") ? normalizeHostname(hostnameOrId) : hostnameOrId;
+    const row = this.database.db.query(`
+      SELECT * FROM domains WHERE hostname = ? OR id = ? LIMIT 1
+    `).get(normalized, hostnameOrId);
+    return row ? domainFromRow(row) : null;
+  }
+  getDefaultDomain() {
+    const config = loadConfig();
+    if (config.defaultDomain) {
+      const configured = this.getDomain(config.defaultDomain);
+      if (configured)
+        return configured;
+    }
+    const row = this.database.db.query(`
+      SELECT * FROM domains ORDER BY default_domain DESC, created_at ASC LIMIT 1
+    `).get();
+    return row ? domainFromRow(row) : null;
+  }
+  createLink(input) {
+    const domain = input.domain ? this.getDomain(input.domain) : this.getDefaultDomain();
+    if (!domain) {
+      throw new Error("No domain configured. Run `shortlinks domain add <domain> --default` first.");
+    }
+    const destinationUrl = validateDestinationUrl(input.destinationUrl);
+    const timestamp = now();
+    const machineId = getMachineId();
+    const expiresAt = isoOrNull(input.expiresAt);
+    const slug = input.slug ? normalizeSlug(input.slug) : this.generateAvailableSlug(domain.id, input.slugLength || DEFAULT_SLUG_LENGTH);
+    try {
+      this.database.db.query(`
+        INSERT INTO links (
+          id, domain_id, slug, destination_url, title, active, expires_at, metadata,
+          machine_id, synced_at, created_at, updated_at
+        )
+        VALUES (?, ?, ?, ?, ?, 1, ?, ?, ?, NULL, ?, ?)
+      `).run(makeId("lnk"), domain.id, slug, destinationUrl, input.title || null, expiresAt, JSON.stringify(input.metadata || {}), machineId, timestamp, timestamp);
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      if (message.includes("UNIQUE")) {
+        throw new Error(`Slug already exists for ${domain.hostname}: ${slug}`);
+      }
+      throw error;
+    }
+    return this.getLink(domain.hostname, slug);
+  }
+  listLinks(options = {}) {
+    const params = [];
+    let where = "WHERE 1 = 1";
+    if (options.domain) {
+      where += " AND d.hostname = ?";
+      params.push(normalizeHostname(options.domain));
+    }
+    if (options.activeOnly) {
+      where += " AND l.active = 1";
+    }
+    params.push(options.limit || 100);
+    const rows = this.database.db.query(`
+      SELECT l.*, d.hostname
+      FROM links l
+      JOIN domains d ON d.id = l.domain_id
+      ${where}
+      ORDER BY l.created_at DESC
+      LIMIT ?
+    `).all(...params);
+    return rows.map(linkFromRow);
+  }
+  getLink(domainOrSlug, maybeSlug) {
+    const slug = normalizeSlug(maybeSlug || domainOrSlug);
+    const params = [slug];
+    let domainClause = "";
+    if (maybeSlug) {
+      domainClause = "AND d.hostname = ?";
+      params.push(normalizeHostname(domainOrSlug));
+    }
+    const row = this.database.db.query(`
+      SELECT l.*, d.hostname
+      FROM links l
+      JOIN domains d ON d.id = l.domain_id
+      WHERE l.slug = ? ${domainClause}
+      ORDER BY d.default_domain DESC, l.created_at ASC
+      LIMIT 1
+    `).get(...params);
+    return row ? linkFromRow(row) : null;
+  }
+  resolve(hostname2, slug) {
+    const normalizedSlug = normalizeSlug(slug);
+    const normalizedHost = normalizeHostname(hostname2);
+    const row = this.database.db.query(`
+      SELECT l.*, d.hostname
+      FROM links l
+      JOIN domains d ON d.id = l.domain_id
+      WHERE d.hostname = ? AND l.slug = ?
+      LIMIT 1
+    `).get(normalizedHost, normalizedSlug);
+    if (row)
+      return linkFromRow(row);
+    const fallback = this.getDefaultDomain();
+    if (!fallback || fallback.hostname === normalizedHost)
+      return null;
+    return this.getLink(fallback.hostname, normalizedSlug);
+  }
+  setLinkActive(domainOrSlug, maybeSlugOrActive, maybeActive) {
+    const active = typeof maybeSlugOrActive === "boolean" ? maybeSlugOrActive : Boolean(maybeActive);
+    const link = typeof maybeSlugOrActive === "boolean" ? this.getLink(domainOrSlug) : this.getLink(domainOrSlug, maybeSlugOrActive);
+    if (!link)
+      throw new Error("Link not found.");
+    const timestamp = now();
+    this.database.db.query(`
+      UPDATE links SET active = ?, updated_at = ?, synced_at = NULL WHERE id = ?
+    `).run(active ? 1 : 0, timestamp, link.id);
+    return this.getLink(link.hostname, link.slug);
+  }
+  deleteLink(domainOrSlug, maybeSlug) {
+    const link = maybeSlug ? this.getLink(domainOrSlug, maybeSlug) : this.getLink(domainOrSlug);
+    if (!link)
+      throw new Error("Link not found.");
+    this.database.db.query("DELETE FROM links WHERE id = ?").run(link.id);
+    return link;
+  }
+  recordClick(link, input = {}) {
+    const timestamp = now();
+    const machineId = getMachineId();
+    const ipHash = input.ip ? this.hashIp(input.ip) : null;
+    const id = makeId("clk");
+    this.database.db.query(`
+      INSERT INTO clicks (
+        id, link_id, domain_id, slug, clicked_at, ip_hash, user_agent, referer,
+        country, city, metadata, machine_id, synced_at, created_at, updated_at
+      )
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NULL, ?, ?)
+    `).run(id, link.id, link.domain_id, link.slug, timestamp, ipHash, input.userAgent || null, input.referer || null, input.country || null, input.city || null, JSON.stringify(input.metadata || {}), machineId, timestamp, timestamp);
+    const row = this.database.db.query("SELECT * FROM clicks WHERE id = ?").get(id);
+    return clickFromRow(row);
+  }
+  getStats(domainOrSlug, maybeSlug) {
+    const link = maybeSlug ? this.getLink(domainOrSlug, maybeSlug) : this.getLink(domainOrSlug);
+    if (!link)
+      throw new Error("Link not found.");
+    const summary = this.database.db.query(`
+      SELECT COUNT(*) AS clicks, MAX(clicked_at) AS last_clicked_at FROM clicks WHERE link_id = ?
+    `).get(link.id);
+    const topReferrers = this.database.db.query(`
+      SELECT referer, COUNT(*) AS clicks
+      FROM clicks
+      WHERE link_id = ?
+      GROUP BY referer
+      ORDER BY clicks DESC
+      LIMIT 10
+    `).all(link.id);
+    const topUserAgents = this.database.db.query(`
+      SELECT user_agent, COUNT(*) AS clicks
+      FROM clicks
+      WHERE link_id = ?
+      GROUP BY user_agent
+      ORDER BY clicks DESC
+      LIMIT 10
+    `).all(link.id);
+    return {
+      link,
+      clicks: summary.clicks,
+      last_clicked_at: summary.last_clicked_at,
+      top_referrers: topReferrers,
+      top_user_agents: topUserAgents
+    };
+  }
+  totalStats() {
+    const row = this.database.db.query(`
+      SELECT
+        (SELECT COUNT(*) FROM domains) AS domains,
+        (SELECT COUNT(*) FROM links) AS links,
+        (SELECT COUNT(*) FROM clicks) AS clicks
+    `).get();
+    return row;
+  }
+  generateAvailableSlug(domainId, length) {
+    for (let attempt = 0;attempt < 32; attempt += 1) {
+      const slug = randomToken(length);
+      const exists = this.database.db.query(`
+        SELECT 1 FROM links WHERE domain_id = ? AND slug = ? LIMIT 1
+      `).get(domainId, slug);
+      if (!exists)
+        return slug;
+    }
+    throw new Error("Could not generate an unused slug after 32 attempts.");
+  }
+  hashIp(ip) {
+    const salt = process.env.SHORTLINKS_CLICK_SALT || "shortlinks-local";
+    return createHash("sha256").update(`${salt}:${ip}`).digest("hex");
+  }
+}
+// src/pg-store.ts
+import { createHash as createHash2 } from "crypto";
+function parseJsonObject2(value) {
+  if (!value)
+    return {};
+  if (typeof value === "object" && !Array.isArray(value))
+    return value;
+  try {
+    const parsed = JSON.parse(String(value));
+    return parsed && typeof parsed === "object" && !Array.isArray(parsed) ? parsed : {};
+  } catch {
+    return {};
+  }
+}
+function toIsoString(value) {
+  if (value instanceof Date)
+    return value.toISOString();
+  return String(value);
+}
+function nullableIso(value) {
+  if (value === null || value === undefined)
+    return null;
+  return toIsoString(value);
+}
+function domainFromRow2(row) {
+  return {
+    ...row,
+    default_domain: Boolean(row.default_domain),
+    synced_at: nullableIso(row.synced_at),
+    created_at: toIsoString(row.created_at),
+    updated_at: toIsoString(row.updated_at),
+    metadata: parseJsonObject2(row.metadata)
+  };
+}
+function linkFromRow2(row) {
+  return {
+    ...row,
+    active: Boolean(row.active),
+    expires_at: nullableIso(row.expires_at),
+    synced_at: nullableIso(row.synced_at),
+    created_at: toIsoString(row.created_at),
+    updated_at: toIsoString(row.updated_at),
+    metadata: parseJsonObject2(row.metadata),
+    short_url: formatShortUrl(row.hostname, row.slug)
+  };
+}
+function validateDestinationUrl2(url) {
+  let parsed;
+  try {
+    parsed = new URL(url);
+  } catch {
+    throw new Error(`Invalid destination URL: ${url}`);
+  }
+  if (parsed.protocol !== "http:" && parsed.protocol !== "https:") {
+    throw new Error("Destination URL must start with http:// or https://.");
+  }
+  return parsed.toString();
+}
+function isoOrNull2(input) {
+  if (!input)
+    return null;
+  const date = new Date(input);
+  if (Number.isNaN(date.getTime()))
+    throw new Error(`Invalid date: ${input}`);
+  return date.toISOString();
+}
+function clickFromRow2(row) {
+  return {
+    ...row,
+    clicked_at: toIsoString(row.clicked_at),
+    synced_at: nullableIso(row.synced_at),
+    created_at: toIsoString(row.created_at),
+    updated_at: toIsoString(row.updated_at),
+    metadata: parseJsonObject2(row.metadata)
+  };
+}
+
+class PgShortlinksStore {
+  pg;
+  constructor(pg) {
+    this.pg = pg;
+  }
+  static async fromConnectionString(connectionString) {
+    const { PgAdapterAsync } = await import("@hasna/cloud");
+    return new PgShortlinksStore(new PgAdapterAsync(connectionString));
+  }
+  static async fromCloud(service = "shortlinks") {
+    const { getConnectionString } = await import("@hasna/cloud");
+    return PgShortlinksStore.fromConnectionString(getConnectionString(service));
+  }
+  async close() {
+    await this.pg.close?.();
+  }
+  async addDomain(input) {
+    const hostname2 = normalizeHostname(input.hostname);
+    const timestamp = now();
+    const machineId = getMachineId();
+    const existing = await this.getDomain(hostname2);
+    const id = existing?.id || makeId("dom");
+    if (input.defaultDomain) {
+      await this.pg.run("UPDATE domains SET default_domain = 0, updated_at = ? WHERE default_domain = 1", timestamp);
+    }
+    await this.pg.run(`
+      INSERT INTO domains (
+        id, hostname, provider, default_domain, cloudflare_zone_id, cloudflare_account_id,
+        cloudflare_worker_name, origin_url, notes, metadata, machine_id, synced_at, created_at, updated_at
+      )
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NULL, ?, ?)
+      ON CONFLICT(hostname) DO UPDATE SET
+        provider = excluded.provider,
+        default_domain = excluded.default_domain,
+        cloudflare_zone_id = COALESCE(excluded.cloudflare_zone_id, domains.cloudflare_zone_id),
+        cloudflare_account_id = COALESCE(excluded.cloudflare_account_id, domains.cloudflare_account_id),
+        cloudflare_worker_name = COALESCE(excluded.cloudflare_worker_name, domains.cloudflare_worker_name),
+        origin_url = COALESCE(excluded.origin_url, domains.origin_url),
+        notes = COALESCE(excluded.notes, domains.notes),
+        metadata = excluded.metadata,
+        machine_id = excluded.machine_id,
+        synced_at = NULL,
+        updated_at = excluded.updated_at
+    `, id, hostname2, input.provider || existing?.provider || "manual", input.defaultDomain ?? existing?.default_domain ? 1 : 0, input.cloudflareZoneId || existing?.cloudflare_zone_id || null, input.cloudflareAccountId || existing?.cloudflare_account_id || null, input.cloudflareWorkerName || existing?.cloudflare_worker_name || null, input.originUrl || existing?.origin_url || null, input.notes || existing?.notes || null, JSON.stringify(input.metadata || existing?.metadata || {}), machineId, existing?.created_at || timestamp, timestamp);
+    return await this.getDomain(hostname2);
+  }
+  async listDomains() {
+    const rows = await this.pg.all(`
+      SELECT * FROM domains
+      ORDER BY default_domain DESC, hostname ASC
+    `);
+    return rows.map(domainFromRow2);
+  }
+  async getDomain(hostnameOrId) {
+    const normalized = hostnameOrId.includes(".") || hostnameOrId.includes("://") ? normalizeHostname(hostnameOrId) : hostnameOrId;
+    const row = await this.pg.get(`
+      SELECT * FROM domains WHERE hostname = ? OR id = ? LIMIT 1
+    `, normalized, hostnameOrId);
+    return row ? domainFromRow2(row) : null;
+  }
+  async getDefaultDomain() {
+    const row = await this.pg.get(`
+      SELECT * FROM domains ORDER BY default_domain DESC, created_at ASC LIMIT 1
+    `);
+    return row ? domainFromRow2(row) : null;
+  }
+  async createLink(input) {
+    const domain = input.domain ? await this.getDomain(input.domain) : await this.getDefaultDomain();
+    if (!domain) {
+      throw new Error("No domain configured. Run `shortlinks domain add <domain> --default` first.");
+    }
+    const destinationUrl = validateDestinationUrl2(input.destinationUrl);
+    const timestamp = now();
+    const machineId = getMachineId();
+    const expiresAt = isoOrNull2(input.expiresAt);
+    const slug = input.slug ? normalizeSlug(input.slug) : await this.generateAvailableSlug(domain.id, input.slugLength || DEFAULT_SLUG_LENGTH);
+    try {
+      await this.pg.run(`
+        INSERT INTO links (
+          id, domain_id, slug, destination_url, title, active, expires_at, metadata,
+          machine_id, synced_at, created_at, updated_at
+        )
+        VALUES (?, ?, ?, ?, ?, 1, ?, ?, ?, NULL, ?, ?)
+      `, makeId("lnk"), domain.id, slug, destinationUrl, input.title || null, expiresAt, JSON.stringify(input.metadata || {}), machineId, timestamp, timestamp);
+    } catch (error) {
+      const message = error instanceof Error ? error.message : String(error);
+      if (message.includes("unique") || message.includes("duplicate")) {
+        throw new Error(`Slug already exists for ${domain.hostname}: ${slug}`);
+      }
+      throw error;
+    }
+    return await this.getLink(domain.hostname, slug);
+  }
+  async listLinks(options = {}) {
+    const params = [];
+    let where = "WHERE 1 = 1";
+    if (options.domain) {
+      where += " AND d.hostname = ?";
+      params.push(normalizeHostname(options.domain));
+    }
+    if (options.activeOnly)
+      where += " AND l.active = 1";
+    params.push(options.limit || 100);
+    const rows = await this.pg.all(`
+      SELECT l.*, d.hostname
+      FROM links l
+      JOIN domains d ON d.id = l.domain_id
+      ${where}
+      ORDER BY l.created_at DESC
+      LIMIT ?
+    `, ...params);
+    return rows.map(linkFromRow2);
+  }
+  async getLink(domainOrSlug, maybeSlug) {
+    const slug = normalizeSlug(maybeSlug || domainOrSlug);
+    const params = [slug];
+    let domainClause = "";
+    if (maybeSlug) {
+      domainClause = "AND d.hostname = ?";
+      params.push(normalizeHostname(domainOrSlug));
+    }
+    const row = await this.pg.get(`
+      SELECT l.*, d.hostname
+      FROM links l
+      JOIN domains d ON d.id = l.domain_id
+      WHERE l.slug = ? ${domainClause}
+      ORDER BY d.default_domain DESC, l.created_at ASC
+      LIMIT 1
+    `, ...params);
+    return row ? linkFromRow2(row) : null;
+  }
+  async totalStats() {
+    const row = await this.pg.get(`
+      SELECT
+        (SELECT COUNT(*)::int FROM domains) AS domains,
+        (SELECT COUNT(*)::int FROM links) AS links,
+        (SELECT COUNT(*)::int FROM clicks) AS clicks
+    `);
+    return row;
+  }
+  async resolve(hostname2, slug) {
+    const normalizedHost = normalizeHostname(hostname2);
+    const normalizedSlug = normalizeSlug(slug);
+    const row = await this.pg.get(`
+      SELECT l.*, d.hostname
+      FROM links l
+      JOIN domains d ON d.id = l.domain_id
+      WHERE d.hostname = ? AND l.slug = ?
+      LIMIT 1
+    `, normalizedHost, normalizedSlug);
+    if (row)
+      return linkFromRow2(row);
+    const fallback = await this.pg.get(`
+      SELECT l.*, d.hostname
+      FROM links l
+      JOIN domains d ON d.id = l.domain_id
+      WHERE d.default_domain = 1 AND l.slug = ?
+      ORDER BY d.created_at ASC
+      LIMIT 1
+    `, normalizedSlug);
+    return fallback ? linkFromRow2(fallback) : null;
+  }
+  async setLinkActive(domainOrSlug, maybeSlugOrActive, maybeActive) {
+    const active = typeof maybeSlugOrActive === "boolean" ? maybeSlugOrActive : Boolean(maybeActive);
+    const link = typeof maybeSlugOrActive === "boolean" ? await this.getLink(domainOrSlug) : await this.getLink(domainOrSlug, maybeSlugOrActive);
+    if (!link)
+      throw new Error("Link not found.");
+    const timestamp = now();
+    await this.pg.run(`
+      UPDATE links SET active = ?, updated_at = ?, synced_at = NULL WHERE id = ?
+    `, active ? 1 : 0, timestamp, link.id);
+    return await this.getLink(link.hostname, link.slug);
+  }
+  async deleteLink(domainOrSlug, maybeSlug) {
+    const link = maybeSlug ? await this.getLink(domainOrSlug, maybeSlug) : await this.getLink(domainOrSlug);
+    if (!link)
+      throw new Error("Link not found.");
+    await this.pg.run("DELETE FROM links WHERE id = ?", link.id);
+    return link;
+  }
+  async recordClick(link, input = {}) {
+    const timestamp = now();
+    const machineId = getMachineId();
+    const ipHash = input.ip ? this.hashIp(input.ip) : null;
+    const id = makeId("clk");
+    await this.pg.run(`
+      INSERT INTO clicks (
+        id, link_id, domain_id, slug, clicked_at, ip_hash, user_agent, referer,
+        country, city, metadata, machine_id, synced_at, created_at, updated_at
+      )
+      VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, NULL, ?, ?)
+    `, id, link.id, link.domain_id, link.slug, timestamp, ipHash, input.userAgent || null, input.referer || null, input.country || null, input.city || null, JSON.stringify(input.metadata || {}), machineId, timestamp, timestamp);
+    const row = await this.pg.get("SELECT * FROM clicks WHERE id = ?", id);
+    return clickFromRow2(row);
+  }
+  async getStats(domainOrSlug, maybeSlug) {
+    const link = maybeSlug ? await this.getLink(domainOrSlug, maybeSlug) : await this.getLink(domainOrSlug);
+    if (!link)
+      throw new Error("Link not found.");
+    const summary = await this.pg.get(`
+      SELECT COUNT(*)::int AS clicks, MAX(clicked_at) AS last_clicked_at FROM clicks WHERE link_id = ?
+    `, link.id);
+    const topReferrers = await this.pg.all(`
+      SELECT referer, COUNT(*)::int AS clicks
+      FROM clicks
+      WHERE link_id = ?
+      GROUP BY referer
+      ORDER BY clicks DESC
+      LIMIT 10
+    `, link.id);
+    const topUserAgents = await this.pg.all(`
+      SELECT user_agent, COUNT(*)::int AS clicks
+      FROM clicks
+      WHERE link_id = ?
+      GROUP BY user_agent
+      ORDER BY clicks DESC
+      LIMIT 10
+    `, link.id);
+    return {
+      link,
+      clicks: summary.clicks,
+      last_clicked_at: nullableIso(summary.last_clicked_at),
+      top_referrers: topReferrers,
+      top_user_agents: topUserAgents
+    };
+  }
+  hashIp(ip) {
+    const salt = process.env.SHORTLINKS_CLICK_SALT || "shortlinks-cloud";
+    return createHash2("sha256").update(`${salt}:${ip}`).digest("hex");
+  }
+  async generateAvailableSlug(domainId, length) {
+    for (let attempt = 0;attempt < 32; attempt += 1) {
+      const slug = randomToken(length);
+      const exists = await this.pg.get(`
+        SELECT 1 FROM links WHERE domain_id = ? AND slug = ? LIMIT 1
+      `, domainId, slug);
+      if (!exists)
+        return slug;
+    }
+    throw new Error("Could not generate an unused slug after 32 attempts.");
+  }
+}
+// src/server.ts
+function json(data, status = 200) {
+  return new Response(JSON.stringify(data, null, 2), {
+    status,
+    headers: { "content-type": "application/json; charset=utf-8" }
+  });
+}
+function getHost(request, fallback) {
+  const forwarded = request.headers.get("x-forwarded-host");
+  const host = forwarded || request.headers.get("host") || fallback || "";
+  return host.split(",")[0].trim().split(":")[0];
+}
+function getClientIp(request) {
+  const forwarded = request.headers.get("x-forwarded-for");
+  if (forwarded)
+    return forwarded.split(",")[0].trim();
+  return request.headers.get("cf-connecting-ip") || request.headers.get("x-real-ip");
+}
+function isExpired(link) {
+  return Boolean(link.expires_at && new Date(link.expires_at).getTime() <= Date.now());
+}
+function createShortlinksHandler(options = {}) {
+  const store = options.store || new ShortlinksStore(options.dbPath);
+  const redirectStatus = options.redirectStatus || 302;
+  return async (request) => {
+    const url = new URL(request.url);
+    if (url.pathname === "/healthz") {
+      return json({ ok: true, service: "shortlinks", stats: await store.totalStats() });
+    }
+    if (url.pathname === "/" || url.pathname === "") {
+      return json({ service: "shortlinks", ok: true });
+    }
+    let slug = "";
+    try {
+      slug = decodeURIComponent(url.pathname.replace(/^\/+/, "").split("/")[0] || "");
+    } catch {
+      return json({ error: "Invalid slug." }, 400);
+    }
+    if (!slug)
+      return json({ error: "Missing slug." }, 404);
+    const host = getHost(request, options.defaultHost);
+    if (!host)
+      return json({ error: "Missing Host header." }, 400);
+    let link = null;
+    try {
+      link = await store.resolve(host, slug);
+    } catch {
+      return json({ error: "Shortlink not found.", slug, host }, 404);
+    }
+    if (!link)
+      return json({ error: "Shortlink not found.", slug, host }, 404);
+    if (!link.active)
+      return json({ error: "Shortlink is disabled.", slug, host }, 410);
+    if (isExpired(link))
+      return json({ error: "Shortlink is expired.", slug, host }, 410);
+    await store.recordClick(link, {
+      ip: getClientIp(request),
+      userAgent: request.headers.get("user-agent"),
+      referer: request.headers.get("referer"),
+      country: request.headers.get("cf-ipcountry"),
+      metadata: {
+        path: url.pathname,
+        query: url.search
+      }
+    });
+    return Response.redirect(link.destination_url, redirectStatus);
+  };
+}
+function serveShortlinks(options = {}) {
+  const host = options.host || "127.0.0.1";
+  const port = options.port || 8787;
+  const fetch2 = createShortlinksHandler(options);
+  return Bun.serve({ hostname: host, port, fetch: fetch2 });
+}
+// src/cloudflare.ts
+import { mkdirSync as mkdirSync3, writeFileSync as writeFileSync3 } from "fs";
+import { join as join3 } from "path";
+function createCloudflarePlan(input) {
+  const hostname2 = normalizeHostname(input.hostname);
+  const target = normalizeHostname(input.target);
+  const workerName = input.workerName || "shortlinks";
+  const proxied = input.proxied ?? true;
+  return {
+    hostname: hostname2,
+    target,
+    proxied,
+    workerName,
+    origin: input.origin,
+    dnsRecord: {
+      type: "CNAME",
+      name: hostname2,
+      content: target,
+      proxied
+    },
+    wranglerCommand: `wrangler deploy cloudflare/${workerName}.js --name ${workerName}`
+  };
+}
+function generateWorkerScript() {
+  return `export default {
+  async fetch(request, env) {
+    const origin = env.SHORTLINKS_ORIGIN;
+    if (!origin) {
+      return new Response("SHORTLINKS_ORIGIN is not configured", { status: 500 });
+    }
+
+    const incoming = new URL(request.url);
+    const upstream = new URL(incoming.pathname + incoming.search, origin);
+    const headers = new Headers(request.headers);
+    headers.set("x-forwarded-host", incoming.host);
+    headers.set("x-shortlinks-worker", "cloudflare");
+
+    return fetch(upstream.toString(), {
+      method: request.method,
+      headers,
+      body: request.method === "GET" || request.method === "HEAD" ? undefined : request.body,
+      redirect: "manual"
+    });
+  }
+};
+`;
+}
+function writeWorkerFiles(options = {}) {
+  const outDir = options.outDir || "cloudflare";
+  const workerName = options.workerName || "shortlinks";
+  mkdirSync3(outDir, { recursive: true });
+  const workerPath = join3(outDir, `${workerName}.js`);
+  const wranglerPath = join3(outDir, "wrangler.example.toml");
+  writeFileSync3(workerPath, generateWorkerScript());
+  writeFileSync3(wranglerPath, `name = "${workerName}"
+main = "${workerName}.js"
+compatibility_date = "2026-05-01"
+
+[vars]
+SHORTLINKS_ORIGIN = "${options.origin || "https://shortlinks.example.com"}"
+`);
+  return { workerPath, wranglerPath };
+}
+function cloudflareAuthHeaders(token) {
+  const apiToken = token || process.env.CLOUDFLARE_API_TOKEN;
+  if (apiToken)
+    return { authorization: `Bearer ${apiToken}` };
+  const apiKey = process.env.CLOUDFLARE_API_KEY;
+  const email = process.env.CLOUDFLARE_EMAIL;
+  if (apiKey && email) {
+    return {
+      "x-auth-key": apiKey,
+      "x-auth-email": email
+    };
+  }
+  throw new Error("Cloudflare auth is required: set CLOUDFLARE_API_TOKEN, or CLOUDFLARE_API_KEY plus CLOUDFLARE_EMAIL.");
+}
+async function cloudflareRequest(token, path, init = {}) {
+  const response = await fetch(`https://api.cloudflare.com/client/v4${path}`, {
+    ...init,
+    headers: {
+      ...cloudflareAuthHeaders(token),
+      "content-type": "application/json",
+      ...init.headers || {}
+    }
+  });
+  const body = await response.json();
+  if (!response.ok || body.success === false) {
+    const message = body.errors?.map((e) => e.message).join("; ") || response.statusText;
+    throw new Error(`Cloudflare API failed: ${message}`);
+  }
+  return body.result;
+}
+function candidateZones(hostname2) {
+  const parts = normalizeHostname(hostname2).split(".");
+  const candidates = [];
+  for (let i = 0;i < parts.length - 1; i += 1) {
+    candidates.push(parts.slice(i).join("."));
+  }
+  return candidates;
+}
+async function findCloudflareZoneId(hostname2, token) {
+  for (const zone of candidateZones(hostname2)) {
+    const result = await cloudflareRequest(token, `/zones?name=${encodeURIComponent(zone)}`);
+    if (result[0]?.id)
+      return result[0].id;
+  }
+  throw new Error(`Could not find a Cloudflare zone for ${hostname2}. Pass --zone-id explicitly.`);
+}
+async function upsertCloudflareDnsRecord(options) {
+  const token = options.token || process.env.CLOUDFLARE_API_TOKEN;
+  const plan = createCloudflarePlan({
+    hostname: options.hostname,
+    target: options.target,
+    origin: process.env.SHORTLINKS_ORIGIN || "https://shortlinks.example.com",
+    proxied: options.proxied
+  });
+  if (options.dryRun)
+    return plan;
+  const zoneId = options.zoneId || await findCloudflareZoneId(plan.hostname, token);
+  const existing = await cloudflareRequest(token, `/zones/${zoneId}/dns_records?type=CNAME&name=${encodeURIComponent(plan.hostname)}`);
+  const payload = JSON.stringify(plan.dnsRecord);
+  if (existing[0]?.id) {
+    const updated = await cloudflareRequest(token, `/zones/${zoneId}/dns_records/${existing[0].id}`, {
+      method: "PUT",
+      body: payload
+    });
+    return { id: updated.id, action: "updated" };
+  }
+  const created = await cloudflareRequest(token, `/zones/${zoneId}/dns_records`, {
+    method: "POST",
+    body: payload
+  });
+  return { id: created.id, action: "created" };
+}
+// src/local.ts
+import { spawnSync } from "child_process";
+import { homedir as homedir2 } from "os";
+import { join as join4 } from "path";
+function createLocalSetupPlan(input) {
+  const domain = normalizeHostname(input.domain);
+  const targetHost = input.targetHost || "127.0.0.1";
+  const port = input.port || 8787;
+  const certDir = input.certDir || join4(homedir2(), ".hasna", "machines", "certs");
+  const certPath = join4(certDir, `${domain}.pem`);
+  const keyPath = join4(certDir, `${domain}-key.pem`);
+  return {
+    domain,
+    targetHost,
+    port,
+    hostsEntry: `${targetHost} ${domain}`,
+    caddySnippet: `${domain} {
+  reverse_proxy ${targetHost}:${port}
+  tls ${certPath} ${keyPath}
+}`,
+    certPath,
+    keyPath,
+    machinesCommand: `machines dns add --domain ${domain} --target-host ${targetHost} --port ${port} --json`,
+    sudoRequired: true
+  };
+}
+function registerMachinesDns(input) {
+  const plan = createLocalSetupPlan(input);
+  const args = [
+    "dns",
+    "add",
+    "--domain",
+    plan.domain,
+    "--target-host",
+    plan.targetHost,
+    "--port",
+    String(plan.port),
+    "--json"
+  ];
+  const result = spawnSync("machines", args, { encoding: "utf-8" });
+  return {
+    command: `machines ${args.join(" ")}`,
+    status: result.status,
+    stdout: result.stdout || "",
+    stderr: result.stderr || ""
+  };
+}
+// src/pg-migrations.ts
+var PG_MIGRATIONS = [
+  `
+  CREATE TABLE IF NOT EXISTS domains (
+    id TEXT PRIMARY KEY,
+    hostname TEXT NOT NULL UNIQUE,
+    provider TEXT NOT NULL DEFAULT 'manual',
+    default_domain INTEGER NOT NULL DEFAULT 0,
+    cloudflare_zone_id TEXT,
+    cloudflare_account_id TEXT,
+    cloudflare_worker_name TEXT,
+    origin_url TEXT,
+    notes TEXT,
+    metadata TEXT NOT NULL DEFAULT '{}',
+    machine_id TEXT,
+    synced_at TIMESTAMPTZ,
+    created_at TIMESTAMPTZ NOT NULL,
+    updated_at TIMESTAMPTZ NOT NULL
+  );
+
+  CREATE TABLE IF NOT EXISTS links (
+    id TEXT PRIMARY KEY,
+    domain_id TEXT NOT NULL REFERENCES domains(id) ON DELETE CASCADE,
+    slug TEXT NOT NULL,
+    destination_url TEXT NOT NULL,
+    title TEXT,
+    active INTEGER NOT NULL DEFAULT 1,
+    expires_at TIMESTAMPTZ,
+    metadata TEXT NOT NULL DEFAULT '{}',
+    machine_id TEXT,
+    synced_at TIMESTAMPTZ,
+    created_at TIMESTAMPTZ NOT NULL,
+    updated_at TIMESTAMPTZ NOT NULL,
+    UNIQUE(domain_id, slug)
+  );
+
+  CREATE TABLE IF NOT EXISTS clicks (
+    id TEXT PRIMARY KEY,
+    link_id TEXT NOT NULL REFERENCES links(id) ON DELETE CASCADE,
+    domain_id TEXT NOT NULL REFERENCES domains(id) ON DELETE CASCADE,
+    slug TEXT NOT NULL,
+    clicked_at TIMESTAMPTZ NOT NULL,
+    ip_hash TEXT,
+    user_agent TEXT,
+    referer TEXT,
+    country TEXT,
+    city TEXT,
+    metadata TEXT NOT NULL DEFAULT '{}',
+    machine_id TEXT,
+    synced_at TIMESTAMPTZ,
+    created_at TIMESTAMPTZ NOT NULL,
+    updated_at TIMESTAMPTZ NOT NULL
+  );
+
+  CREATE INDEX IF NOT EXISTS idx_domains_hostname ON domains(hostname);
+  CREATE INDEX IF NOT EXISTS idx_domains_default ON domains(default_domain);
+  CREATE INDEX IF NOT EXISTS idx_links_domain_slug ON links(domain_id, slug);
+  CREATE INDEX IF NOT EXISTS idx_links_active ON links(active);
+  CREATE INDEX IF NOT EXISTS idx_links_updated ON links(updated_at);
+  CREATE INDEX IF NOT EXISTS idx_clicks_link ON clicks(link_id);
+  CREATE INDEX IF NOT EXISTS idx_clicks_domain ON clicks(domain_id);
+  CREATE INDEX IF NOT EXISTS idx_clicks_clicked_at ON clicks(clicked_at);
+  CREATE INDEX IF NOT EXISTS idx_clicks_updated ON clicks(updated_at);
+  `
+];
+export {
+  writeWorkerFiles,
+  upsertCloudflareDnsRecord,
+  serveShortlinks,
+  saveConfig,
+  registerMachinesDns,
+  randomToken,
+  now,
+  normalizeSlug,
+  normalizeHostname,
+  makeId,
+  loadConfig,
+  getDatabasePath,
+  getDataDir,
+  getConfigPath,
+  generateWorkerScript,
+  formatShortUrl,
+  createShortlinksHandler,
+  createLocalSetupPlan,
+  createCloudflarePlan,
+  ShortlinksStore,
+  ShortlinksDatabase,
+  SQLITE_MIGRATIONS,
+  PgShortlinksStore,
+  PG_MIGRATIONS
+};