@jant/core 0.3.23 → 0.3.25

package/src/routes/api/nav-items.ts

@@ -0,0 +1,115 @@
+/**
+ * Nav Items API Routes
+ */
+
+import { Hono } from "hono";
+import type { Bindings, NavItemType } from "../../types.js";
+import type { AppVariables } from "../../app.js";
+import { requireAuthApi } from "../../middleware/auth.js";
+import { z } from "zod";
+
+type Env = { Bindings: Bindings; Variables: AppVariables };
+
+export const navItemsApiRoutes = new Hono<Env>();
+
+const NavItemTypeSchema = z.enum(["link", "page"]);
+
+const CreateNavItemSchema = z.object({
+  type: NavItemTypeSchema,
+  label: z.string().min(1),
+  url: z.string().min(1),
+  pageId: z.number().int().positive().optional(),
+  position: z.number().int().min(0).optional(),
+});
+
+const UpdateNavItemSchema = z.object({
+  type: NavItemTypeSchema.optional(),
+  label: z.string().min(1).optional(),
+  url: z.string().min(1).optional(),
+  pageId: z.number().int().positive().nullable().optional(),
+  position: z.number().int().min(0).optional(),
+});
+
+const ReorderSchema = z.object({
+  ids: z.array(z.number().int().positive()),
+});
+
+// List nav items
+navItemsApiRoutes.get("/", async (c) => {
+  const items = await c.var.services.navItems.list();
+  return c.json({ navItems: items });
+});
+
+// Reorder nav items (requires auth) — must be before /:id
+navItemsApiRoutes.put("/reorder", requireAuthApi(), async (c) => {
+  const rawBody = await c.req.json();
+
+  const parseResult = ReorderSchema.safeParse(rawBody);
+  if (!parseResult.success) {
+    return c.json(
+      { error: "Validation failed", details: parseResult.error.flatten() },
+      400,
+    );
+  }
+
+  await c.var.services.navItems.reorder(parseResult.data.ids);
+  const items = await c.var.services.navItems.list();
+  return c.json({ navItems: items });
+});
+
+// Create nav item (requires auth)
+navItemsApiRoutes.post("/", requireAuthApi(), async (c) => {
+  const rawBody = await c.req.json();
+
+  const parseResult = CreateNavItemSchema.safeParse(rawBody);
+  if (!parseResult.success) {
+    return c.json(
+      { error: "Validation failed", details: parseResult.error.flatten() },
+      400,
+    );
+  }
+
+  const body = parseResult.data;
+
+  const item = await c.var.services.navItems.create({
+    type: body.type as NavItemType,
+    label: body.label,
+    url: body.url,
+    pageId: body.pageId,
+    position: body.position,
+  });
+
+  return c.json(item, 201);
+});
+
+// Update nav item (requires auth)
+navItemsApiRoutes.put("/:id", requireAuthApi(), async (c) => {
+  const id = parseInt(c.req.param("id"), 10);
+  if (isNaN(id)) return c.json({ error: "Invalid ID" }, 400);
+
+  const rawBody = await c.req.json();
+
+  const parseResult = UpdateNavItemSchema.safeParse(rawBody);
+  if (!parseResult.success) {
+    return c.json(
+      { error: "Validation failed", details: parseResult.error.flatten() },
+      400,
+    );
+  }
+
+  const item = await c.var.services.navItems.update(id, parseResult.data);
+  if (!item) return c.json({ error: "Not found" }, 404);
+
+  return c.json(item);
+});
+
+// Delete nav item (requires auth)
+navItemsApiRoutes.delete("/:id", requireAuthApi(), async (c) => {
+  const id = parseInt(c.req.param("id"), 10);
+  if (isNaN(id)) return c.json({ error: "Invalid ID" }, 400);
+
+  const success = await c.var.services.navItems.delete(id);
+  if (!success) return c.json({ error: "Not found" }, 404);
+
+  return c.json({ success: true });
+});

package/src/routes/api/pages.ts

@@ -0,0 +1,101 @@
+/**
+ * Pages API Routes
+ */
+
+import { Hono } from "hono";
+import type { Bindings } from "../../types.js";
+import type { AppVariables } from "../../app.js";
+import { requireAuthApi } from "../../middleware/auth.js";
+import { z } from "zod";
+import { StatusSchema } from "../../lib/schemas.js";
+
+type Env = { Bindings: Bindings; Variables: AppVariables };
+
+export const pagesApiRoutes = new Hono<Env>();
+
+const CreatePageSchema = z.object({
+  slug: z.string().min(1),
+  title: z.string().optional(),
+  body: z.string().optional(),
+  status: StatusSchema.optional(),
+});
+
+const UpdatePageSchema = z.object({
+  slug: z.string().min(1).optional(),
+  title: z.string().nullable().optional(),
+  body: z.string().nullable().optional(),
+  status: StatusSchema.optional(),
+});
+
+// List pages
+pagesApiRoutes.get("/", async (c) => {
+  const pages = await c.var.services.pages.list();
+  return c.json({ pages });
+});
+
+// Get single page
+pagesApiRoutes.get("/:id", async (c) => {
+  const id = parseInt(c.req.param("id"), 10);
+  if (isNaN(id)) return c.json({ error: "Invalid ID" }, 400);
+
+  const page = await c.var.services.pages.getById(id);
+  if (!page) return c.json({ error: "Not found" }, 404);
+
+  return c.json(page);
+});
+
+// Create page (requires auth)
+pagesApiRoutes.post("/", requireAuthApi(), async (c) => {
+  const rawBody = await c.req.json();
+
+  const parseResult = CreatePageSchema.safeParse(rawBody);
+  if (!parseResult.success) {
+    return c.json(
+      { error: "Validation failed", details: parseResult.error.flatten() },
+      400,
+    );
+  }
+
+  const body = parseResult.data;
+
+  const page = await c.var.services.pages.create({
+    slug: body.slug,
+    title: body.title,
+    body: body.body,
+    status: body.status,
+  });
+
+  return c.json(page, 201);
+});
+
+// Update page (requires auth)
+pagesApiRoutes.put("/:id", requireAuthApi(), async (c) => {
+  const id = parseInt(c.req.param("id"), 10);
+  if (isNaN(id)) return c.json({ error: "Invalid ID" }, 400);
+
+  const rawBody = await c.req.json();
+
+  const parseResult = UpdatePageSchema.safeParse(rawBody);
+  if (!parseResult.success) {
+    return c.json(
+      { error: "Validation failed", details: parseResult.error.flatten() },
+      400,
+    );
+  }
+
+  const page = await c.var.services.pages.update(id, parseResult.data);
+  if (!page) return c.json({ error: "Not found" }, 404);
+
+  return c.json(page);
+});
+
+// Delete page (requires auth)
+pagesApiRoutes.delete("/:id", requireAuthApi(), async (c) => {
+  const id = parseInt(c.req.param("id"), 10);
+  if (isNaN(id)) return c.json({ error: "Invalid ID" }, 400);
+
+  const success = await c.var.services.pages.delete(id);
+  if (!success) return c.json({ error: "Not found" }, 404);
+
+  return c.json({ success: true });
+});

package/src/routes/api/posts.ts

@@ -3,13 +3,13 @@
  */
 
 import { Hono } from "hono";
-import type { Bindings, PostType, Visibility, Media } from "../../types.js";
+import type { Bindings, Format, Status, Media } from "../../types.js";
 import type { AppVariables } from "../../app.js";
 import * as sqid from "../../lib/sqid.js";
 import {
   CreatePostSchema,
   UpdatePostSchema,
-  validateMediaForPostType,
+  validateMediaCount,
 } from "../../lib/schemas.js";
 import { requireAuthApi } from "../../middleware/auth.js";
 import {
@@ -59,14 +59,14 @@ function toMediaAttachment(
 
 // List posts
 postsApiRoutes.get("/", async (c) => {
-  const type = c.req.query("type") as PostType | undefined;
-  const visibility = c.req.query("visibility") as Visibility | undefined;
+  const format = c.req.query("format") as Format | undefined;
+  const status = c.req.query("status") as Status | undefined;
   const cursor = c.req.query("cursor");
   const limit = parseInt(c.req.query("limit") ?? "100", 10);
 
   const posts = await c.var.services.posts.list({
-    type,
-    visibility: visibility ? [visibility] : ["featured", "quiet"],
+    format,
+    status: status ?? "published",
     cursor: cursor ? (sqid.decode(cursor) ?? undefined) : undefined,
     limit,
   });
@@ -131,9 +131,9 @@ postsApiRoutes.post("/", requireAuthApi(), async (c) => {
 
   const body = parseResult.data;
 
-  // Validate media for post type
+  // Validate media count
   if (body.mediaIds) {
-    const mediaError = validateMediaForPostType(body.type, body.mediaIds);
+    const mediaError = validateMediaCount(body.mediaIds);
     if (mediaError) {
       return c.json({ error: mediaError }, 400);
     }
@@ -148,13 +148,17 @@ postsApiRoutes.post("/", requireAuthApi(), async (c) => {
   }
 
   const post = await c.var.services.posts.create({
-    type: body.type,
+    format: body.format,
     title: body.title,
-    content: body.content,
-    visibility: body.visibility,
-    sourceUrl: body.sourceUrl || undefined,
-    sourceName: body.sourceName,
+    body: body.body,
     path: body.path || undefined,
+    status: body.status,
+    featured: body.featured,
+    pinned: body.pinned,
+    url: body.url || undefined,
+    quoteText: body.quoteText,
+    rating: body.rating || undefined,
+    collectionId: body.collectionId || undefined,
     replyToId: body.replyToId
       ? (sqid.decode(body.replyToId) ?? undefined)
       : undefined,
@@ -201,17 +205,9 @@ postsApiRoutes.put("/:id", requireAuthApi(), async (c) => {
 
   const body = parseResult.data;
 
-  // Validate media for post type if mediaIds is provided
+  // Validate media count if mediaIds is provided
   if (body.mediaIds !== undefined) {
-    // Need the post type — use the new type if provided, else fetch existing
-    let postType = body.type;
-    if (!postType) {
-      const existing = await c.var.services.posts.getById(id);
-      if (!existing) return c.json({ error: "Not found" }, 404);
-      postType = existing.type;
-    }
-
-    const mediaError = validateMediaForPostType(postType, body.mediaIds);
+    const mediaError = validateMediaCount(body.mediaIds);
     if (mediaError) {
       return c.json({ error: mediaError }, 400);
     }
@@ -226,13 +222,17 @@ postsApiRoutes.put("/:id", requireAuthApi(), async (c) => {
   }
 
   const post = await c.var.services.posts.update(id, {
-    type: body.type,
+    format: body.format,
     title: body.title,
-    content: body.content,
-    visibility: body.visibility,
-    sourceUrl: body.sourceUrl,
-    sourceName: body.sourceName,
+    body: body.body,
     path: body.path,
+    status: body.status,
+    featured: body.featured,
+    pinned: body.pinned,
+    url: body.url,
+    quoteText: body.quoteText,
+    rating: body.rating || undefined,
+    collectionId: body.collectionId || undefined,
     publishedAt: body.publishedAt,
   });
 

package/src/routes/api/search.ts

@@ -29,19 +29,19 @@ searchApiRoutes.get("/", async (c) => {
   try {
     const results = await c.var.services.search.search(query, {
       limit,
-      visibility: ["featured", "quiet"],
+      status: ["published"],
     });
 
     return c.json({
       query,
       results: results.map((r) => ({
         id: sqid.encode(r.post.id),
-        type: r.post.type,
+        format: r.post.format,
         title: r.post.title,
         path: r.post.path,
         snippet: r.snippet,
         publishedAt: r.post.publishedAt,
-        url: `/p/${sqid.encode(r.post.id)}`,
+        url: r.post.path ? `/${r.post.path}` : `/p/${sqid.encode(r.post.id)}`,
       })),
       count: results.length,
     });

package/src/routes/api/settings.ts

@@ -0,0 +1,91 @@
+/**
+ * Settings API Routes
+ */
+
+import { Hono } from "hono";
+import type { Bindings } from "../../types.js";
+import type { AppVariables } from "../../app.js";
+import { requireAuthApi } from "../../middleware/auth.js";
+import { CONFIG_FIELDS, type ConfigKey } from "../../types.js";
+import { z } from "zod";
+
+type Env = { Bindings: Bindings; Variables: AppVariables };
+
+export const settingsApiRoutes = new Hono<Env>();
+
+/** Config keys that can be modified via the settings API */
+const editableKeys = Object.entries(CONFIG_FIELDS)
+  .filter(([, field]) => !field.envOnly)
+  .map(([key]) => key as ConfigKey);
+
+const UpdateSettingsSchema = z.record(z.string(), z.string());
+
+// Get all settings (requires auth)
+settingsApiRoutes.get("/", requireAuthApi(), async (c) => {
+  const allSettings = await c.var.services.settings.getAll();
+
+  // Include default values for editable keys not yet stored in DB
+  const result: Record<string, string> = {};
+  for (const key of editableKeys) {
+    result[key] = allSettings[key] ?? CONFIG_FIELDS[key].defaultValue;
+  }
+
+  return c.json({ settings: result });
+});
+
+// Update settings (requires auth)
+settingsApiRoutes.put("/", requireAuthApi(), async (c) => {
+  const rawBody = await c.req.json();
+
+  const parseResult = UpdateSettingsSchema.safeParse(rawBody);
+  if (!parseResult.success) {
+    return c.json(
+      { error: "Validation failed", details: parseResult.error.flatten() },
+      400,
+    );
+  }
+
+  const updates = parseResult.data;
+
+  // Filter to only editable keys
+  const filteredUpdates: Partial<Record<ConfigKey, string>> = {};
+  const rejectedKeys: string[] = [];
+
+  for (const [key, value] of Object.entries(updates)) {
+    if (editableKeys.includes(key as ConfigKey)) {
+      filteredUpdates[key as ConfigKey] = value;
+    } else {
+      rejectedKeys.push(key);
+    }
+  }
+
+  if (rejectedKeys.length > 0 && Object.keys(filteredUpdates).length === 0) {
+    return c.json(
+      {
+        error: "None of the provided keys are editable",
+        rejectedKeys,
+      },
+      400,
+    );
+  }
+
+  if (Object.keys(filteredUpdates).length > 0) {
+    // Settings service expects SettingsKey, but our ConfigKeys that are
+    // editable (SITE_NAME, SITE_DESCRIPTION, SITE_LANGUAGE) are valid SettingsKeys
+    for (const [key, value] of Object.entries(filteredUpdates)) {
+      await c.var.services.settings.set(key as never, value as string);
+    }
+  }
+
+  // Return updated state
+  const allSettings = await c.var.services.settings.getAll();
+  const result: Record<string, string> = {};
+  for (const key of editableKeys) {
+    result[key] = allSettings[key] ?? CONFIG_FIELDS[key].defaultValue;
+  }
+
+  return c.json({
+    settings: result,
+    ...(rejectedKeys.length > 0 && { rejectedKeys }),
+  });
+});

package/src/routes/api/upload.ts

@@ -5,7 +5,7 @@
  * Supports both JSON and SSE (Datastar) responses.
  */
 
-import { Hono } from "hono";
+import { Hono, type Context } from "hono";
 import { html } from "hono/html";
 import { uuidv7 } from "uuidv7";
 import type { Bindings } from "../../types.js";
@@ -16,7 +16,7 @@ import {
   getImageUrl,
   getPublicUrlForProvider,
 } from "../../lib/image.js";
-import { sse, dsSignals } from "../../lib/sse.js";
+import { sse } from "../../lib/sse.js";
 
 type Env = { Bindings: Bindings; Variables: AppVariables };
 
@@ -118,12 +118,22 @@ function wantsSSE(c: {
   return accept.includes("text/event-stream");
 }
 
+/**
+ * Return an SSE error response that removes the upload placeholder and shows a toast
+ */
+function sseUploadError(c: Context<Env>, message: string): Response {
+  return sse(c, async (stream) => {
+    await stream.remove("#upload-placeholder");
+    await stream.toast(message, "error");
+  });
+}
+
 // Upload a file
 uploadApiRoutes.post("/", async (c) => {
   const storage = c.var.storage;
   if (!storage) {
     if (wantsSSE(c)) {
-      return dsSignals({ _uploadError: "Storage not configured" });
+      return sseUploadError(c, "Storage not configured");
     }
     return c.json({ error: "Storage not configured" }, 500);
   }
@@ -133,7 +143,7 @@ uploadApiRoutes.post("/", async (c) => {
 
   if (!file) {
     if (wantsSSE(c)) {
-      return dsSignals({ _uploadError: "No file provided" });
+      return sseUploadError(c, "No file provided");
     }
     return c.json({ error: "No file provided" }, 400);
   }
@@ -148,7 +158,7 @@ uploadApiRoutes.post("/", async (c) => {
   ];
   if (!allowedTypes.includes(file.type)) {
     if (wantsSSE(c)) {
-      return dsSignals({ _uploadError: "File type not allowed" });
+      return sseUploadError(c, "File type not allowed");
     }
     return c.json({ error: "File type not allowed" }, 400);
   }
@@ -157,7 +167,7 @@ uploadApiRoutes.post("/", async (c) => {
   const maxSize = 10 * 1024 * 1024;
   if (file.size > maxSize) {
     if (wantsSSE(c)) {
-      return dsSignals({ _uploadError: "File too large (max 10MB)" });
+      return sseUploadError(c, "File too large (max 10MB)");
     }
     return c.json({ error: "File too large (max 10MB)" }, 400);
   }

package/src/routes/compose.ts

@@ -0,0 +1,63 @@
+/**
+ * Compose Route
+ *
+ * Handles post creation from the public-site compose dialog.
+ * Returns dsRedirect to the new post's permalink (Datastar form pattern).
+ */
+
+import { Hono } from "hono";
+import type { Bindings } from "../types.js";
+import type { AppVariables } from "../app.js";
+import { requireAuth } from "../middleware/auth.js";
+import { CreatePostSchema, validateMediaCount } from "../lib/schemas.js";
+import * as sqid from "../lib/sqid.js";
+import { dsRedirect, dsToast } from "../lib/sse.js";
+
+type Env = { Bindings: Bindings; Variables: AppVariables };
+
+export const composeRoutes = new Hono<Env>();
+
+// All compose routes require authentication
+composeRoutes.use("*", requireAuth());
+
+composeRoutes.post("/", async (c) => {
+  const raw = await c.req.json();
+
+  const result = CreatePostSchema.safeParse(raw);
+  if (!result.success) {
+    const firstError = result.error.issues[0]?.message ?? "Invalid input";
+    return dsToast(firstError, "error");
+  }
+
+  const data = result.data;
+
+  // Validate media count
+  if (data.mediaIds) {
+    const mediaError = validateMediaCount(data.mediaIds);
+    if (mediaError) {
+      return dsToast(mediaError, "error");
+    }
+  }
+
+  const post = await c.var.services.posts.create({
+    format: data.format,
+    title: data.title || undefined,
+    body: data.body || undefined,
+    status: data.status ?? "published",
+    featured: data.featured,
+    pinned: data.pinned,
+    url: data.url || undefined,
+    quoteText: data.quoteText || undefined,
+    rating: data.rating || undefined,
+    collectionId: data.collectionId || undefined,
+  });
+
+  // Attach media if provided
+  if (data.mediaIds && data.mediaIds.length > 0) {
+    await c.var.services.media.attachToPost(post.id, data.mediaIds);
+  }
+
+  // Redirect to the new post's permalink
+  const permalink = post.path ? `/${post.path}` : `/p/${sqid.encode(post.id)}`;
+  return dsRedirect(permalink);
+});