@jant/core 0.2.2 → 0.2.3

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jant/core",
-  "version": "0.2.2",
+  "version": "0.2.3",
   "description": "A modern, open-source microblogging platform built on Cloudflare Workers",
   "type": "module",
   "bin": {
@@ -24,9 +24,7 @@
     "dist",
     "static",
     "migrations",
-    "src/preset.css",
-    "src/styles",
-    "src/client.ts"
+    "src"
   ],
   "publishConfig": {
     "access": "public"

package/src/app.tsx

@@ -0,0 +1,377 @@
+/**
+ * Jant App Factory
+ */
+
+import { Hono } from "hono";
+import type { FC } from "hono/jsx";
+import { createDatabase } from "./db/index.js";
+import { createServices, type Services } from "./services/index.js";
+import { createAuth, type Auth } from "./auth.js";
+import { i18nMiddleware, useLingui } from "./i18n/index.js";
+import type { Bindings, JantConfig } from "./types.js";
+
+// Routes - Pages
+import { homeRoutes } from "./routes/pages/home.js";
+import { postRoutes } from "./routes/pages/post.js";
+import { pageRoutes } from "./routes/pages/page.js";
+import { collectionRoutes } from "./routes/pages/collection.js";
+import { archiveRoutes } from "./routes/pages/archive.js";
+import { searchRoutes } from "./routes/pages/search.js";
+
+// Routes - Dashboard
+import { dashIndexRoutes } from "./routes/dash/index.js";
+import { postsRoutes as dashPostsRoutes } from "./routes/dash/posts.js";
+import { pagesRoutes as dashPagesRoutes } from "./routes/dash/pages.js";
+import { mediaRoutes as dashMediaRoutes } from "./routes/dash/media.js";
+import { settingsRoutes as dashSettingsRoutes } from "./routes/dash/settings.js";
+import { redirectsRoutes as dashRedirectsRoutes } from "./routes/dash/redirects.js";
+import { collectionsRoutes as dashCollectionsRoutes } from "./routes/dash/collections.js";
+
+// Routes - API
+import { postsApiRoutes } from "./routes/api/posts.js";
+import { uploadApiRoutes } from "./routes/api/upload.js";
+import { searchApiRoutes } from "./routes/api/search.js";
+
+// Routes - Feed
+import { rssRoutes } from "./routes/feed/rss.js";
+import { sitemapRoutes } from "./routes/feed/sitemap.js";
+
+// Middleware
+import { requireAuth } from "./middleware/auth.js";
+
+// Layouts for auth pages
+import { BaseLayout } from "./theme/layouts/index.js";
+
+// Extend Hono's context variables
+export interface AppVariables {
+  services: Services;
+  auth: Auth;
+  config: JantConfig;
+}
+
+export type App = Hono<{ Bindings: Bindings; Variables: AppVariables }>;
+
+/**
+ * Create a Jant application
+ *
+ * @param config - Optional configuration
+ * @returns Hono app instance
+ *
+ * @example
+ * ```typescript
+ * import { createApp } from "@jant/core";
+ *
+ * export default createApp({
+ *   site: { name: "My Blog" },
+ *   theme: { components: { PostCard: MyPostCard } },
+ * });
+ * ```
+ */
+export function createApp(config: JantConfig = {}): App {
+  const app = new Hono<{ Bindings: Bindings; Variables: AppVariables }>();
+
+  // Initialize services, auth, and config middleware
+  app.use("*", async (c, next) => {
+    const db = createDatabase(c.env.DB);
+    const services = createServices(db, c.env.DB);
+    c.set("services", services);
+    c.set("config", config);
+
+    if (c.env.AUTH_SECRET) {
+      const auth = createAuth(c.env.DB, {
+        secret: c.env.AUTH_SECRET,
+        baseURL: c.env.SITE_URL,
+      });
+      c.set("auth", auth);
+    }
+
+    await next();
+  });
+
+  // i18n middleware
+  app.use("*", i18nMiddleware());
+
+  // Trailing slash redirect (redirect /foo/ to /foo)
+  app.use("*", async (c, next) => {
+    const url = new URL(c.req.url);
+    if (url.pathname !== "/" && url.pathname.endsWith("/")) {
+      const newUrl = url.pathname.slice(0, -1) + url.search;
+      return c.redirect(newUrl, 301);
+    }
+    await next();
+  });
+
+  // Redirect middleware
+  app.use("*", async (c, next) => {
+    const path = new URL(c.req.url).pathname;
+    // Skip redirect check for API routes and static assets
+    if (path.startsWith("/api/") || path.startsWith("/assets/")) {
+      return next();
+    }
+
+    const redirect = await c.var.services.redirects.getByPath(path);
+    if (redirect) {
+      return c.redirect(redirect.toPath, redirect.type);
+    }
+
+    await next();
+  });
+
+  // Health check
+  app.get("/health", (c) =>
+    c.json({
+      status: "ok",
+      auth: c.env.AUTH_SECRET ? "configured" : "missing",
+      authSecretLength: c.env.AUTH_SECRET?.length ?? 0,
+    })
+  );
+
+  // better-auth handler
+  app.all("/api/auth/*", async (c) => {
+    if (!c.var.auth) {
+      return c.json({ error: "Auth not configured. Set AUTH_SECRET." }, 500);
+    }
+    return c.var.auth.handler(c.req.raw);
+  });
+
+  // API Routes
+  app.route("/api/posts", postsApiRoutes);
+
+  // Setup page component
+  const SetupContent: FC<{ error?: string }> = ({ error }) => {
+    const { t } = useLingui();
+
+    return (
+      <div class="min-h-screen flex items-center justify-center">
+        <div class="card max-w-md w-full">
+          <header>
+            <h2>{t({ message: "Welcome to Jant", comment: "@context: Setup page welcome heading" })}</h2>
+            <p>{t({ message: "Let's set up your site.", comment: "@context: Setup page description" })}</p>
+          </header>
+          <section>
+            {error && <p class="text-destructive text-sm mb-4">{error}</p>}
+            <form method="post" action="/setup" class="flex flex-col gap-4">
+              <div class="field">
+                <label class="label">{t({ message: "Site Name", comment: "@context: Setup form field - site name" })}</label>
+                <input type="text" name="siteName" class="input" required placeholder={t({ message: "My Blog", comment: "@context: Setup site name placeholder" })} />
+              </div>
+              <div class="field">
+                <label class="label">{t({ message: "Your Name", comment: "@context: Setup form field - user name" })}</label>
+                <input type="text" name="name" class="input" required placeholder="John Doe" />
+              </div>
+              <div class="field">
+                <label class="label">{t({ message: "Email", comment: "@context: Setup/signin form field - email" })}</label>
+                <input type="email" name="email" class="input" required placeholder="you@example.com" />
+              </div>
+              <div class="field">
+                <label class="label">{t({ message: "Password", comment: "@context: Setup/signin form field - password" })}</label>
+                <input type="password" name="password" class="input" required minLength={8} />
+              </div>
+              <button type="submit" class="btn">{t({ message: "Complete Setup", comment: "@context: Setup form submit button" })}</button>
+            </form>
+          </section>
+        </div>
+      </div>
+    );
+  };
+
+  // Setup page
+  app.get("/setup", async (c) => {
+    const isComplete = await c.var.services.settings.isOnboardingComplete();
+    if (isComplete) return c.redirect("/");
+
+    const error = c.req.query("error");
+
+    return c.html(
+      <BaseLayout title="Setup - Jant" c={c}>
+        <SetupContent error={error} />
+      </BaseLayout>
+    );
+  });
+
+  app.post("/setup", async (c) => {
+    const isComplete = await c.var.services.settings.isOnboardingComplete();
+    if (isComplete) return c.redirect("/");
+
+    const formData = await c.req.formData();
+    const siteName = formData.get("siteName") as string;
+    const name = formData.get("name") as string;
+    const email = formData.get("email") as string;
+    const password = formData.get("password") as string;
+
+    if (!siteName || !name || !email || !password) {
+      return c.redirect("/setup?error=All fields are required");
+    }
+
+    if (password.length < 8) {
+      return c.redirect("/setup?error=Password must be at least 8 characters");
+    }
+
+    if (!c.var.auth) {
+      return c.redirect("/setup?error=AUTH_SECRET not configured");
+    }
+
+    try {
+      const signUpResponse = await c.var.auth.api.signUpEmail({
+        body: { name, email, password },
+      });
+
+      if (!signUpResponse || "error" in signUpResponse) {
+        return c.redirect("/setup?error=Failed to create account");
+      }
+
+      await c.var.services.settings.setMany({
+        SITE_NAME: siteName,
+        SITE_LANGUAGE: "en",
+      });
+      await c.var.services.settings.completeOnboarding();
+
+      return c.redirect("/signin");
+    } catch (err) {
+      // eslint-disable-next-line no-console -- Error logging is intentional
+      console.error("Setup error:", err);
+      return c.redirect("/setup?error=Failed to create account");
+    }
+  });
+
+  // Signin page component
+  const SigninContent: FC<{ error?: string }> = ({ error }) => {
+    const { t } = useLingui();
+
+    return (
+      <div class="min-h-screen flex items-center justify-center">
+        <div class="card max-w-md w-full">
+          <header>
+            <h2>{t({ message: "Sign In", comment: "@context: Sign in page heading" })}</h2>
+          </header>
+          <section>
+            {error && <p class="text-destructive text-sm mb-4">{error}</p>}
+            <form method="post" action="/signin" class="flex flex-col gap-4">
+              <div class="field">
+                <label class="label">{t({ message: "Email", comment: "@context: Setup/signin form field - email" })}</label>
+                <input type="email" name="email" class="input" required />
+              </div>
+              <div class="field">
+                <label class="label">{t({ message: "Password", comment: "@context: Setup/signin form field - password" })}</label>
+                <input type="password" name="password" class="input" required />
+              </div>
+              <button type="submit" class="btn">{t({ message: "Sign In", comment: "@context: Sign in form submit button" })}</button>
+            </form>
+          </section>
+        </div>
+      </div>
+    );
+  };
+
+  // Signin page
+  app.get("/signin", async (c) => {
+    const error = c.req.query("error");
+
+    return c.html(
+      <BaseLayout title="Sign In - Jant" c={c}>
+        <SigninContent error={error} />
+      </BaseLayout>
+    );
+  });
+
+  app.post("/signin", async (c) => {
+    if (!c.var.auth) {
+      return c.redirect("/signin?error=Auth not configured");
+    }
+
+    const formData = await c.req.formData();
+    const email = formData.get("email") as string;
+    const password = formData.get("password") as string;
+
+    try {
+      const signInRequest = new Request(`${c.env.SITE_URL}/api/auth/sign-in/email`, {
+        method: "POST",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ email, password }),
+      });
+
+      const response = await c.var.auth.handler(signInRequest);
+
+      if (!response.ok) {
+        return c.redirect("/signin?error=Invalid email or password");
+      }
+
+      const headers = new Headers(response.headers);
+      headers.set("Location", "/dash");
+
+      return new Response(null, { status: 302, headers });
+    } catch (err) {
+      // eslint-disable-next-line no-console -- Error logging is intentional
+      console.error("Signin error:", err);
+      return c.redirect("/signin?error=Invalid email or password");
+    }
+  });
+
+  app.get("/signout", async (c) => {
+    if (c.var.auth) {
+      try {
+        await c.var.auth.api.signOut({ headers: c.req.raw.headers });
+      } catch {
+        // Ignore signout errors
+      }
+    }
+    return c.redirect("/");
+  });
+
+  // Dashboard routes (protected)
+  app.use("/dash/*", requireAuth());
+  app.route("/dash", dashIndexRoutes);
+  app.route("/dash/posts", dashPostsRoutes);
+  app.route("/dash/pages", dashPagesRoutes);
+  app.route("/dash/media", dashMediaRoutes);
+  app.route("/dash/settings", dashSettingsRoutes);
+  app.route("/dash/redirects", dashRedirectsRoutes);
+  app.route("/dash/collections", dashCollectionsRoutes);
+
+  // API routes
+  app.route("/api/upload", uploadApiRoutes);
+  app.route("/api/search", searchApiRoutes);
+
+  // Media files from R2 (UUIDv7-based URLs with extension)
+  app.get("/media/:idWithExt", async (c) => {
+    if (!c.env.R2) {
+      return c.notFound();
+    }
+
+    // Extract ID from "uuid.ext" format
+    const idWithExt = c.req.param("idWithExt");
+    const mediaId = idWithExt.replace(/\.[^.]+$/, "");
+
+    const media = await c.var.services.media.getById(mediaId);
+    if (!media) {
+      return c.notFound();
+    }
+
+    const object = await c.env.R2.get(media.r2Key);
+    if (!object) {
+      return c.notFound();
+    }
+
+    const headers = new Headers();
+    headers.set("Content-Type", object.httpMetadata?.contentType || media.mimeType);
+    headers.set("Cache-Control", "public, max-age=31536000, immutable");
+
+    return new Response(object.body, { headers });
+  });
+
+  // Feed routes
+  app.route("/feed", rssRoutes);
+  app.route("/", sitemapRoutes);
+
+  // Frontend routes
+  app.route("/search", searchRoutes);
+  app.route("/archive", archiveRoutes);
+  app.route("/c", collectionRoutes);
+  app.route("/p", postRoutes);
+  app.route("/", homeRoutes);
+
+  // Custom page catch-all (must be last)
+  app.route("/", pageRoutes);
+
+  return app;
+}

package/src/auth.ts

@@ -0,0 +1,38 @@
+/**
+ * Authentication with better-auth
+ */
+
+import { betterAuth } from "better-auth";
+import { drizzleAdapter } from "better-auth/adapters/drizzle";
+import { drizzle } from "drizzle-orm/d1";
+import * as schema from "./db/schema.js";
+
+export function createAuth(d1: D1Database, options: { secret: string; baseURL: string }) {
+  const db = drizzle(d1, { schema });
+
+  return betterAuth({
+    database: drizzleAdapter(db, {
+      provider: "sqlite",
+      schema: {
+        user: schema.user,
+        session: schema.session,
+        account: schema.account,
+        verification: schema.verification,
+      },
+    }),
+    secret: options.secret,
+    baseURL: options.baseURL,
+    emailAndPassword: {
+      enabled: true,
+      autoSignIn: true,
+    },
+    session: {
+      cookieCache: {
+        enabled: true,
+        maxAge: 60 * 5, // 5 minutes
+      },
+    },
+  });
+}
+
+export type Auth = ReturnType<typeof createAuth>;

package/src/db/index.ts

@@ -0,0 +1,14 @@
+/**
+ * Database utilities
+ */
+
+import { drizzle } from "drizzle-orm/d1";
+import * as schema from "./schema.js";
+
+export type Database = ReturnType<typeof createDatabase>;
+
+export function createDatabase(d1: D1Database) {
+  return drizzle(d1, { schema });
+}
+
+export { schema };

package/src/db/migrations/0000_solid_moon_knight.sql

@@ -0,0 +1,118 @@
+CREATE TABLE `account` (
+	`id` text PRIMARY KEY NOT NULL,
+	`account_id` text NOT NULL,
+	`provider_id` text NOT NULL,
+	`user_id` text NOT NULL,
+	`access_token` text,
+	`refresh_token` text,
+	`id_token` text,
+	`access_token_expires_at` integer,
+	`refresh_token_expires_at` integer,
+	`scope` text,
+	`password` text,
+	`created_at` integer NOT NULL,
+	`updated_at` integer NOT NULL,
+	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`) ON UPDATE no action ON DELETE no action
+);
+--> statement-breakpoint
+CREATE TABLE `collections` (
+	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
+	`slug` text NOT NULL,
+	`title` text NOT NULL,
+	`description` text,
+	`created_at` integer NOT NULL,
+	`updated_at` integer NOT NULL
+);
+--> statement-breakpoint
+CREATE UNIQUE INDEX `collections_slug_unique` ON `collections` (`slug`);--> statement-breakpoint
+CREATE TABLE `media` (
+	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
+	`post_id` integer,
+	`filename` text NOT NULL,
+	`original_name` text NOT NULL,
+	`mime_type` text NOT NULL,
+	`size` integer NOT NULL,
+	`r2_key` text NOT NULL,
+	`width` integer,
+	`height` integer,
+	`alt` text,
+	`created_at` integer NOT NULL,
+	FOREIGN KEY (`post_id`) REFERENCES `posts`(`id`) ON UPDATE no action ON DELETE no action
+);
+--> statement-breakpoint
+CREATE TABLE `post_collections` (
+	`post_id` integer NOT NULL,
+	`collection_id` integer NOT NULL,
+	`added_at` integer NOT NULL,
+	PRIMARY KEY(`post_id`, `collection_id`),
+	FOREIGN KEY (`post_id`) REFERENCES `posts`(`id`) ON UPDATE no action ON DELETE no action,
+	FOREIGN KEY (`collection_id`) REFERENCES `collections`(`id`) ON UPDATE no action ON DELETE no action
+);
+--> statement-breakpoint
+CREATE TABLE `posts` (
+	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
+	`type` text NOT NULL,
+	`visibility` text DEFAULT 'quiet' NOT NULL,
+	`title` text,
+	`path` text,
+	`content` text,
+	`content_html` text,
+	`source_url` text,
+	`source_name` text,
+	`source_domain` text,
+	`reply_to_id` integer,
+	`thread_id` integer,
+	`deleted_at` integer,
+	`published_at` integer NOT NULL,
+	`created_at` integer NOT NULL,
+	`updated_at` integer NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE `redirects` (
+	`id` integer PRIMARY KEY AUTOINCREMENT NOT NULL,
+	`from_path` text NOT NULL,
+	`to_path` text NOT NULL,
+	`type` integer DEFAULT 301 NOT NULL,
+	`created_at` integer NOT NULL
+);
+--> statement-breakpoint
+CREATE UNIQUE INDEX `redirects_from_path_unique` ON `redirects` (`from_path`);--> statement-breakpoint
+CREATE TABLE `session` (
+	`id` text PRIMARY KEY NOT NULL,
+	`expires_at` integer NOT NULL,
+	`token` text NOT NULL,
+	`created_at` integer NOT NULL,
+	`updated_at` integer NOT NULL,
+	`ip_address` text,
+	`user_agent` text,
+	`user_id` text NOT NULL,
+	FOREIGN KEY (`user_id`) REFERENCES `user`(`id`) ON UPDATE no action ON DELETE no action
+);
+--> statement-breakpoint
+CREATE UNIQUE INDEX `session_token_unique` ON `session` (`token`);--> statement-breakpoint
+CREATE TABLE `settings` (
+	`key` text PRIMARY KEY NOT NULL,
+	`value` text NOT NULL,
+	`updated_at` integer NOT NULL
+);
+--> statement-breakpoint
+CREATE TABLE `user` (
+	`id` text PRIMARY KEY NOT NULL,
+	`name` text NOT NULL,
+	`email` text NOT NULL,
+	`email_verified` integer DEFAULT false NOT NULL,
+	`image` text,
+	`role` text DEFAULT 'admin',
+	`created_at` integer NOT NULL,
+	`updated_at` integer NOT NULL
+);
+--> statement-breakpoint
+CREATE UNIQUE INDEX `user_email_unique` ON `user` (`email`);--> statement-breakpoint
+CREATE TABLE `verification` (
+	`id` text PRIMARY KEY NOT NULL,
+	`identifier` text NOT NULL,
+	`value` text NOT NULL,
+	`expires_at` integer NOT NULL,
+	`created_at` integer,
+	`updated_at` integer
+);

package/src/db/migrations/0001_add_search_fts.sql

@@ -0,0 +1,40 @@
+-- FTS5 Full-Text Search for posts
+-- This creates a virtual table that indexes post titles and content
+
+CREATE VIRTUAL TABLE IF NOT EXISTS posts_fts USING fts5(
+  title,
+  content,
+  content='posts',
+  content_rowid='id'
+);
+--> statement-breakpoint
+
+-- Populate FTS table with existing posts
+INSERT INTO posts_fts(rowid, title, content)
+SELECT id, COALESCE(title, ''), COALESCE(content, '') FROM posts WHERE deleted_at IS NULL;
+--> statement-breakpoint
+
+-- Trigger to keep FTS in sync on INSERT
+CREATE TRIGGER posts_fts_insert AFTER INSERT ON posts
+WHEN NEW.deleted_at IS NULL
+BEGIN
+  INSERT INTO posts_fts(rowid, title, content)
+  VALUES (NEW.id, COALESCE(NEW.title, ''), COALESCE(NEW.content, ''));
+END;
+--> statement-breakpoint
+
+-- Trigger to keep FTS in sync on UPDATE
+CREATE TRIGGER posts_fts_update AFTER UPDATE ON posts
+BEGIN
+  DELETE FROM posts_fts WHERE rowid = OLD.id;
+  INSERT INTO posts_fts(rowid, title, content)
+  SELECT NEW.id, COALESCE(NEW.title, ''), COALESCE(NEW.content, '')
+  WHERE NEW.deleted_at IS NULL;
+END;
+--> statement-breakpoint
+
+-- Trigger to remove from FTS on DELETE
+CREATE TRIGGER posts_fts_delete AFTER DELETE ON posts
+BEGIN
+  DELETE FROM posts_fts WHERE rowid = OLD.id;
+END;

package/src/db/migrations/0002_collection_path.sql

@@ -0,0 +1,2 @@
+-- Rename slug to path in collections table
+ALTER TABLE collections RENAME COLUMN slug TO path;

package/src/db/migrations/0003_collection_path_nullable.sql

@@ -0,0 +1,21 @@
+-- Make collections.path nullable
+-- SQLite doesn't support ALTER COLUMN, so we need to recreate the table
+
+PRAGMA foreign_keys=OFF;
+
+CREATE TABLE collections_new (
+  id INTEGER PRIMARY KEY AUTOINCREMENT NOT NULL,
+  path TEXT UNIQUE,
+  title TEXT NOT NULL,
+  description TEXT,
+  created_at INTEGER NOT NULL,
+  updated_at INTEGER NOT NULL
+);
+
+INSERT INTO collections_new SELECT * FROM collections;
+
+DROP TABLE collections;
+
+ALTER TABLE collections_new RENAME TO collections;
+
+PRAGMA foreign_keys=ON;

package/src/db/migrations/0004_media_uuid.sql

@@ -0,0 +1,35 @@
+-- Migration: Change media.id from integer to UUIDv7 (text)
+-- SQLite doesn't support altering primary key types, so we recreate the table
+
+-- Create new table with text id
+CREATE TABLE media_new (
+  id TEXT PRIMARY KEY NOT NULL,
+  post_id INTEGER REFERENCES posts(id),
+  filename TEXT NOT NULL,
+  original_name TEXT NOT NULL,
+  mime_type TEXT NOT NULL,
+  size INTEGER NOT NULL,
+  r2_key TEXT NOT NULL,
+  width INTEGER,
+  height INTEGER,
+  alt TEXT,
+  created_at INTEGER NOT NULL
+);
+
+-- Migrate existing data (generate UUIDv7-like ids from old integer ids)
+-- For existing data, we use a deterministic format based on timestamp + old id
+INSERT INTO media_new (id, post_id, filename, original_name, mime_type, size, r2_key, width, height, alt, created_at)
+SELECT
+  printf('%08x-%04x-7%03x-%04x-%012x',
+    created_at,
+    (id >> 16) & 0xFFFF,
+    id & 0x0FFF,
+    0x8000 | (RANDOM() & 0x3FFF),
+    ABS(RANDOM())
+  ) as id,
+  post_id, filename, original_name, mime_type, size, r2_key, width, height, alt, created_at
+FROM media;
+
+-- Drop old table and rename new one
+DROP TABLE media;
+ALTER TABLE media_new RENAME TO media;