@jant/core 0.3.24 → 0.3.26

package/dist/app.js

@@ -1,4 +1,3 @@
-import { jsx as _jsx, jsxs as _jsxs } from "hono/jsx/jsx-runtime";
 /**
  * Jant App Factory
  */ import { Hono } from "hono";
@@ -6,10 +5,11 @@ import { createDatabase } from "./db/index.js";
 import { createServices } from "./services/index.js";
 import { createAuth } from "./auth.js";
 import { i18nMiddleware } from "./i18n/index.js";
-import { useLingui as $_useLingui } from "@jant/core/i18n";
 import { SETTINGS_KEYS } from "./lib/constants.js";
-import { theme as threadsTheme } from "./themes/threads/index.js";
-import { hashPassword } from "better-auth/crypto";
+// Routes - Auth
+import { setupRoutes } from "./routes/auth/setup.js";
+import { signinRoutes } from "./routes/auth/signin.js";
+import { resetRoutes } from "./routes/auth/reset.js";
 // Routes - Pages
 import { homeRoutes } from "./routes/pages/home.js";
 import { postRoutes } from "./routes/pages/post.js";
@@ -17,6 +17,9 @@ import { pageRoutes } from "./routes/pages/page.js";
 import { collectionRoutes } from "./routes/pages/collection.js";
 import { archiveRoutes } from "./routes/pages/archive.js";
 import { searchRoutes } from "./routes/pages/search.js";
+import { featuredRoutes } from "./routes/pages/featured.js";
+import { latestRoutes } from "./routes/pages/latest.js";
+import { collectionsPageRoutes } from "./routes/pages/collections.js";
 // Routes - Dashboard
 import { dashIndexRoutes } from "./routes/dash/index.js";
 import { postsRoutes as dashPostsRoutes } from "./routes/dash/posts.js";
@@ -25,22 +28,27 @@ import { mediaRoutes as dashMediaRoutes } from "./routes/dash/media.js";
 import { settingsRoutes as dashSettingsRoutes } from "./routes/dash/settings.js";
 import { redirectsRoutes as dashRedirectsRoutes } from "./routes/dash/redirects.js";
 import { collectionsRoutes as dashCollectionsRoutes } from "./routes/dash/collections.js";
-import { navigationRoutes as dashNavigationRoutes } from "./routes/dash/navigation.js";
 // Routes - API
 import { postsApiRoutes } from "./routes/api/posts.js";
+import { pagesApiRoutes } from "./routes/api/pages.js";
+import { navItemsApiRoutes } from "./routes/api/nav-items.js";
+import { collectionsApiRoutes } from "./routes/api/collections.js";
+import { settingsApiRoutes } from "./routes/api/settings.js";
 import { uploadApiRoutes } from "./routes/api/upload.js";
 import { searchApiRoutes } from "./routes/api/search.js";
+// Routes - Compose
+import { composeRoutes } from "./routes/compose.js";
 // Routes - Feed
 import { rssRoutes } from "./routes/feed/rss.js";
 import { sitemapRoutes } from "./routes/feed/sitemap.js";
 // Middleware
 import { requireAuth } from "./middleware/auth.js";
 import { requireOnboarding } from "./middleware/onboarding.js";
-// Layouts for auth pages
-import { BaseLayout } from "./theme/layouts/index.js";
-import { dsRedirect, dsToast } from "./lib/sse.js";
 import { getAvailableThemes, buildThemeStyle } from "./lib/theme.js";
 import { createStorageDriver } from "./lib/storage.js";
+import { BUILTIN_FONT_THEMES } from "./ui/font-themes.js";
+import { getMediaUrl, getPublicUrlForProvider } from "./lib/image.js";
+import { base64ToUint8Array } from "./lib/favicon.js";
 /**
  * Create a Jant application
  *
@@ -56,35 +64,17 @@ import { createStorageDriver } from "./lib/storage.js";
  * import { createApp } from "@jant/core";
  *
  * export default createApp({
- *   theme: { components: { PostPage: MyPostPage } },
+ *   cssVariables: { "--card-radius": "0" },
  * });
  * ```
  */ export function createApp(config = {}) {
-    // Merge with default threads theme
-    const defaultTheme = threadsTheme();
     const resolvedConfig = {
-        ...config,
-        theme: {
-            name: config.theme?.name ?? defaultTheme.name,
-            components: {
-                ...defaultTheme.components,
-                ...config.theme?.components
-            },
-            timelineMore: config.theme?.timelineMore ?? defaultTheme.timelineMore,
-            cssVariables: {
-                ...defaultTheme.cssVariables,
-                ...config.theme?.cssVariables
-            },
-            colorThemes: config.theme?.colorThemes ?? defaultTheme.colorThemes,
-            feed: config.theme?.feed
-        }
+        ...config
     };
     const app = new Hono();
     // Initialize services, auth, and config middleware
     app.use("*", async (c, next)=>{
         // Use withSession() to enable D1 Read Replication
-        // Automatically routes read queries to the nearest replica for lower latency
-        // See: https://developers.cloudflare.com/d1/best-practices/read-replication/
         const session = c.env.DB.withSession();
         // Note: Drizzle ORM doesn't officially support D1DatabaseSession yet (issue #2226)
         // but it works at runtime. We use type assertion as a temporary workaround.
@@ -93,6 +83,10 @@ import { createStorageDriver } from "./lib/storage.js";
         c.set("services", services);
         c.set("config", resolvedConfig);
         c.set("storage", createStorageDriver(c.env));
+        if (!c.env.AUTH_SECRET) {
+            // eslint-disable-next-line no-console -- Startup warning is intentional
+            console.warn("[Jant] AUTH_SECRET is not set. Authentication is disabled. Set AUTH_SECRET in .dev.vars or wrangler.toml to enable auth.");
+        }
         if (c.env.AUTH_SECRET) {
             const baseURL = c.env.SITE_URL || new URL(c.req.url).origin;
             const auth = createAuth(session, {
@@ -105,13 +99,49 @@ import { createStorageDriver } from "./lib/storage.js";
     });
     // Onboarding gate — redirect to /setup if not yet initialized
     app.use("*", requireOnboarding());
-    // Theme middleware - resolve active color theme and build CSS
+    // Theme middleware - resolve active color theme, font theme, custom CSS, and auth state
     app.use("*", async (c, next)=>{
-        const themeId = await c.var.services.settings.get(SETTINGS_KEYS.THEME);
+        const [themeId, fontThemeId, customCSS, noindexValue, avatarKey] = await Promise.all([
+            c.var.services.settings.get(SETTINGS_KEYS.THEME),
+            c.var.services.settings.get("FONT_THEME"),
+            c.var.services.settings.get(SETTINGS_KEYS.CUSTOM_CSS),
+            c.var.services.settings.get("NOINDEX"),
+            c.var.services.settings.get("SITE_AVATAR")
+        ]);
         const themes = getAvailableThemes(resolvedConfig);
         const activeTheme = themeId ? themes.find((t)=>t.id === themeId) : undefined;
-        const themeStyle = buildThemeStyle(activeTheme, resolvedConfig.theme?.cssVariables);
+        // Build font override CSS variables
+        const fontTheme = fontThemeId ? BUILTIN_FONT_THEMES.find((f)=>f.id === fontThemeId) : undefined;
+        const fontOverrides = {};
+        if (fontTheme) {
+            fontOverrides["--font-body"] = fontTheme.fontFamily;
+        }
+        const themeStyle = buildThemeStyle(activeTheme, {
+            ...resolvedConfig.cssVariables,
+            ...fontOverrides
+        });
         c.set("themeStyle", themeStyle);
+        c.set("customCSS", customCSS ?? "");
+        // Noindex
+        c.set("noindex", noindexValue === "true");
+        // Resolve favicon from avatar storage key
+        if (avatarKey) {
+            const publicUrl = getPublicUrlForProvider(c.env.STORAGE_DRIVER || "r2", c.env.R2_PUBLIC_URL, c.env.S3_PUBLIC_URL);
+            c.set("faviconUrl", getMediaUrl(avatarKey, publicUrl));
+        }
+        // Check auth state for data-authenticated attribute on <body>
+        let isAuthenticated = false;
+        if (c.var.auth) {
+            try {
+                const session = await c.var.auth.api.getSession({
+                    headers: c.req.raw.headers
+                });
+                isAuthenticated = !!session;
+            } catch  {
+            // Not authenticated
+            }
+        }
+        c.set("isAuthenticated", isAuthenticated);
         await next();
     });
     // i18n middleware
@@ -144,6 +174,27 @@ import { createStorageDriver } from "./lib/storage.js";
             auth: c.env.AUTH_SECRET ? "configured" : "missing",
             authSecretLength: c.env.AUTH_SECRET?.length ?? 0
         }));
+    // Favicon routes - serve from DB settings (small files, avoids R2 round-trip)
+    app.get("/favicon.ico", async (c)=>{
+        const data = await c.var.services.settings.get("SITE_FAVICON_ICO");
+        if (!data) return c.notFound();
+        return new Response(base64ToUint8Array(data), {
+            headers: {
+                "Content-Type": "image/x-icon",
+                "Cache-Control": "public, max-age=86400"
+            }
+        });
+    });
+    app.get("/apple-touch-icon.png", async (c)=>{
+        const data = await c.var.services.settings.get("SITE_FAVICON_APPLE_TOUCH");
+        if (!data) return c.notFound();
+        return new Response(base64ToUint8Array(data), {
+            headers: {
+                "Content-Type": "image/png",
+                "Cache-Control": "public, max-age=86400"
+            }
+        });
+    });
     // better-auth handler
     app.all("/api/auth/*", async (c)=>{
         if (!c.var.auth) {
@@ -155,534 +206,14 @@ import { createStorageDriver } from "./lib/storage.js";
     });
     // API Routes
     app.route("/api/posts", postsApiRoutes);
-    // Setup page component
-    const SetupContent = ()=>{
-        const { i18n: $__i18n, _: $__ } = $_useLingui();
-        return /*#__PURE__*/ _jsx("div", {
-            class: "min-h-screen flex items-center justify-center",
-            children: /*#__PURE__*/ _jsxs("div", {
-                class: "card max-w-md w-full",
-                children: [
-                    /*#__PURE__*/ _jsxs("header", {
-                        children: [
-                            /*#__PURE__*/ _jsx("h2", {
-                                children: $__i18n._({
-                                    id: "GorKul",
-                                    message: "Welcome to Jant"
-                                })
-                            }),
-                            /*#__PURE__*/ _jsx("p", {
-                                children: $__i18n._({
-                                    id: "GX2VMa",
-                                    message: "Create your admin account."
-                                })
-                            })
-                        ]
-                    }),
-                    /*#__PURE__*/ _jsx("section", {
-                        children: /*#__PURE__*/ _jsxs("form", {
-                            "data-signals": "{name: '', email: '', password: ''}",
-                            "data-on:submit__prevent": "@post('/setup')",
-                            "data-indicator": "_loading",
-                            class: "flex flex-col gap-4",
-                            children: [
-                                /*#__PURE__*/ _jsxs("div", {
-                                    class: "field",
-                                    children: [
-                                        /*#__PURE__*/ _jsx("label", {
-                                            class: "label",
-                                            children: $__i18n._({
-                                                id: "/Rj5P4",
-                                                message: "Your Name"
-                                            })
-                                        }),
-                                        /*#__PURE__*/ _jsx("input", {
-                                            type: "text",
-                                            "data-bind": "name",
-                                            class: "input",
-                                            required: true,
-                                            placeholder: "John Doe"
-                                        })
-                                    ]
-                                }),
-                                /*#__PURE__*/ _jsxs("div", {
-                                    class: "field",
-                                    children: [
-                                        /*#__PURE__*/ _jsx("label", {
-                                            class: "label",
-                                            children: $__i18n._({
-                                                id: "O3oNi5",
-                                                message: "Email"
-                                            })
-                                        }),
-                                        /*#__PURE__*/ _jsx("input", {
-                                            type: "email",
-                                            "data-bind": "email",
-                                            class: "input",
-                                            required: true,
-                                            placeholder: "you@example.com"
-                                        })
-                                    ]
-                                }),
-                                /*#__PURE__*/ _jsxs("div", {
-                                    class: "field",
-                                    children: [
-                                        /*#__PURE__*/ _jsx("label", {
-                                            class: "label",
-                                            children: $__i18n._({
-                                                id: "8ZsakT",
-                                                message: "Password"
-                                            })
-                                        }),
-                                        /*#__PURE__*/ _jsx("input", {
-                                            type: "password",
-                                            "data-bind": "password",
-                                            class: "input",
-                                            required: true,
-                                            minLength: 8
-                                        })
-                                    ]
-                                }),
-                                /*#__PURE__*/ _jsxs("button", {
-                                    type: "submit",
-                                    class: "btn",
-                                    "data-attr-disabled": "$_loading",
-                                    children: [
-                                        /*#__PURE__*/ _jsx("span", {
-                                            "data-show": "!$_loading",
-                                            children: $__i18n._({
-                                                id: "EGwzOK",
-                                                message: "Complete Setup"
-                                            })
-                                        }),
-                                        /*#__PURE__*/ _jsx("span", {
-                                            "data-show": "$_loading",
-                                            children: $__i18n._({
-                                                id: "k1ifdL",
-                                                message: "Processing..."
-                                            })
-                                        })
-                                    ]
-                                })
-                            ]
-                        })
-                    })
-                ]
-            })
-        });
-    };
-    // Setup page
-    app.get("/setup", async (c)=>{
-        const isComplete = await c.var.services.settings.isOnboardingComplete();
-        if (isComplete) return c.redirect("/");
-        return c.html(/*#__PURE__*/ _jsx(BaseLayout, {
-            title: "Setup - Jant",
-            c: c,
-            children: /*#__PURE__*/ _jsx(SetupContent, {})
-        }));
-    });
-    app.post("/setup", async (c)=>{
-        const isComplete = await c.var.services.settings.isOnboardingComplete();
-        if (isComplete) return c.redirect("/");
-        const body = await c.req.json();
-        const { name, email, password } = body;
-        if (!name || !email || !password) {
-            return dsToast("All fields are required", "error");
-        }
-        if (password.length < 8) {
-            return dsToast("Password must be at least 8 characters", "error");
-        }
-        if (!c.var.auth) {
-            return dsToast("AUTH_SECRET not configured", "error");
-        }
-        try {
-            const signUpResponse = await c.var.auth.api.signUpEmail({
-                body: {
-                    name,
-                    email,
-                    password
-                }
-            });
-            if (!signUpResponse || "error" in signUpResponse) {
-                return dsToast("Failed to create account", "error");
-            }
-            await c.var.services.settings.completeOnboarding();
-            return dsRedirect("/signin?setup");
-        } catch (err) {
-            // eslint-disable-next-line no-console -- Error logging is intentional
-            console.error("Setup error:", err);
-            return dsToast("Failed to create account", "error");
-        }
-    });
-    // Signin page component
-    const SigninContent = ({ demoEmail, demoPassword })=>{
-        const { i18n: $__i18n, _: $__ } = $_useLingui();
-        const signals = JSON.stringify({
-            email: demoEmail || "",
-            password: demoPassword || ""
-        }).replace(/</g, "\\u003c");
-        return /*#__PURE__*/ _jsx("div", {
-            class: "min-h-screen flex items-center justify-center",
-            children: /*#__PURE__*/ _jsxs("div", {
-                class: "card max-w-md w-full",
-                children: [
-                    /*#__PURE__*/ _jsx("header", {
-                        children: /*#__PURE__*/ _jsx("h2", {
-                            children: $__i18n._({
-                                id: "n1ekoW",
-                                message: "Sign In"
-                            })
-                        })
-                    }),
-                    /*#__PURE__*/ _jsxs("section", {
-                        children: [
-                            demoEmail && demoPassword && /*#__PURE__*/ _jsx("p", {
-                                class: "text-muted-foreground text-sm mb-4",
-                                children: $__i18n._({
-                                    id: "er8+x7",
-                                    message: "Demo account pre-filled. Just click Sign In."
-                                })
-                            }),
-                            /*#__PURE__*/ _jsxs("form", {
-                                "data-signals": signals,
-                                "data-on:submit__prevent": "@post('/signin')",
-                                "data-indicator": "_loading",
-                                class: "flex flex-col gap-4",
-                                children: [
-                                    /*#__PURE__*/ _jsxs("div", {
-                                        class: "field",
-                                        children: [
-                                            /*#__PURE__*/ _jsx("label", {
-                                                class: "label",
-                                                children: $__i18n._({
-                                                    id: "O3oNi5",
-                                                    message: "Email"
-                                                })
-                                            }),
-                                            /*#__PURE__*/ _jsx("input", {
-                                                type: "email",
-                                                "data-bind": "email",
-                                                class: "input",
-                                                required: true
-                                            })
-                                        ]
-                                    }),
-                                    /*#__PURE__*/ _jsxs("div", {
-                                        class: "field",
-                                        children: [
-                                            /*#__PURE__*/ _jsx("label", {
-                                                class: "label",
-                                                children: $__i18n._({
-                                                    id: "8ZsakT",
-                                                    message: "Password"
-                                                })
-                                            }),
-                                            /*#__PURE__*/ _jsx("input", {
-                                                type: "password",
-                                                "data-bind": "password",
-                                                class: "input",
-                                                required: true
-                                            })
-                                        ]
-                                    }),
-                                    /*#__PURE__*/ _jsxs("button", {
-                                        type: "submit",
-                                        class: "btn",
-                                        "data-attr-disabled": "$_loading",
-                                        children: [
-                                            /*#__PURE__*/ _jsx("span", {
-                                                "data-show": "!$_loading",
-                                                children: $__i18n._({
-                                                    id: "n1ekoW",
-                                                    message: "Sign In"
-                                                })
-                                            }),
-                                            /*#__PURE__*/ _jsx("span", {
-                                                "data-show": "$_loading",
-                                                children: $__i18n._({
-                                                    id: "k1ifdL",
-                                                    message: "Processing..."
-                                                })
-                                            })
-                                        ]
-                                    })
-                                ]
-                            })
-                        ]
-                    })
-                ]
-            })
-        });
-    };
-    // Signin page
-    app.get("/signin", async (c)=>{
-        const isSetup = c.req.query("setup") !== undefined;
-        const isReset = c.req.query("reset") !== undefined;
-        let toast;
-        if (isSetup) {
-            toast = {
-                message: "Account created successfully. Please sign in."
-            };
-        } else if (isReset) {
-            toast = {
-                message: "Password reset successfully. Please sign in."
-            };
-        }
-        return c.html(/*#__PURE__*/ _jsx(BaseLayout, {
-            title: "Sign In - Jant",
-            c: c,
-            toast: toast,
-            children: /*#__PURE__*/ _jsx(SigninContent, {
-                demoEmail: c.env.DEMO_EMAIL,
-                demoPassword: c.env.DEMO_PASSWORD
-            })
-        }));
-    });
-    app.post("/signin", async (c)=>{
-        if (!c.var.auth) {
-            return dsToast("Auth not configured", "error");
-        }
-        const body = await c.req.json();
-        const { email, password } = body;
-        try {
-            const { headers } = await c.var.auth.api.signInEmail({
-                returnHeaders: true,
-                body: {
-                    email,
-                    password
-                },
-                headers: c.req.raw.headers
-            });
-            return dsRedirect("/dash", {
-                headers
-            });
-        } catch  {
-            return dsToast("Invalid email or password", "error");
-        }
-    });
-    app.get("/signout", async (c)=>{
-        if (c.var.auth) {
-            try {
-                await c.var.auth.api.signOut({
-                    headers: c.req.raw.headers
-                });
-            } catch  {
-            // Ignore signout errors
-            }
-        }
-        return c.redirect("/");
-    });
-    // Password reset via one-time token
-    const ResetContent = ({ token })=>{
-        const { i18n: $__i18n, _: $__ } = $_useLingui();
-        const signals = JSON.stringify({
-            password: "",
-            confirmPassword: "",
-            token
-        }).replace(/</g, "\\u003c");
-        return /*#__PURE__*/ _jsx("div", {
-            class: "min-h-screen flex items-center justify-center",
-            children: /*#__PURE__*/ _jsxs("div", {
-                class: "card max-w-md w-full",
-                children: [
-                    /*#__PURE__*/ _jsxs("header", {
-                        children: [
-                            /*#__PURE__*/ _jsx("h2", {
-                                children: $__i18n._({
-                                    id: "KbS2K9",
-                                    message: "Reset Password"
-                                })
-                            }),
-                            /*#__PURE__*/ _jsx("p", {
-                                children: $__i18n._({
-                                    id: "hWOZIv",
-                                    message: "Enter your new password."
-                                })
-                            })
-                        ]
-                    }),
-                    /*#__PURE__*/ _jsx("section", {
-                        children: /*#__PURE__*/ _jsxs("form", {
-                            "data-signals": signals,
-                            "data-on:submit__prevent": "@post('/reset')",
-                            "data-indicator": "_loading",
-                            class: "flex flex-col gap-4",
-                            children: [
-                                /*#__PURE__*/ _jsxs("div", {
-                                    class: "field",
-                                    children: [
-                                        /*#__PURE__*/ _jsx("label", {
-                                            class: "label",
-                                            children: $__i18n._({
-                                                id: "7vhWI8",
-                                                message: "New Password"
-                                            })
-                                        }),
-                                        /*#__PURE__*/ _jsx("input", {
-                                            type: "password",
-                                            "data-bind": "password",
-                                            class: "input",
-                                            required: true,
-                                            minLength: 8,
-                                            autocomplete: "new-password"
-                                        })
-                                    ]
-                                }),
-                                /*#__PURE__*/ _jsxs("div", {
-                                    class: "field",
-                                    children: [
-                                        /*#__PURE__*/ _jsx("label", {
-                                            class: "label",
-                                            children: $__i18n._({
-                                                id: "p2/GCq",
-                                                message: "Confirm Password"
-                                            })
-                                        }),
-                                        /*#__PURE__*/ _jsx("input", {
-                                            type: "password",
-                                            "data-bind": "confirmPassword",
-                                            class: "input",
-                                            required: true,
-                                            minLength: 8,
-                                            autocomplete: "new-password"
-                                        })
-                                    ]
-                                }),
-                                /*#__PURE__*/ _jsxs("button", {
-                                    type: "submit",
-                                    class: "btn",
-                                    "data-attr-disabled": "$_loading",
-                                    children: [
-                                        /*#__PURE__*/ _jsx("span", {
-                                            "data-show": "!$_loading",
-                                            children: $__i18n._({
-                                                id: "KbS2K9",
-                                                message: "Reset Password"
-                                            })
-                                        }),
-                                        /*#__PURE__*/ _jsx("span", {
-                                            "data-show": "$_loading",
-                                            children: $__i18n._({
-                                                id: "k1ifdL",
-                                                message: "Processing..."
-                                            })
-                                        })
-                                    ]
-                                })
-                            ]
-                        })
-                    })
-                ]
-            })
-        });
-    };
-    const ResetErrorContent = ()=>{
-        const { i18n: $__i18n, _: $__ } = $_useLingui();
-        return /*#__PURE__*/ _jsx("div", {
-            class: "min-h-screen flex items-center justify-center",
-            children: /*#__PURE__*/ _jsxs("div", {
-                class: "card max-w-md w-full",
-                children: [
-                    /*#__PURE__*/ _jsx("header", {
-                        children: /*#__PURE__*/ _jsx("h2", {
-                            children: $__i18n._({
-                                id: "7aECQB",
-                                message: "Invalid or Expired Link"
-                            })
-                        })
-                    }),
-                    /*#__PURE__*/ _jsx("section", {
-                        children: /*#__PURE__*/ _jsx("p", {
-                            class: "text-muted-foreground",
-                            children: $__i18n._({
-                                id: "GbVAnd",
-                                message: "This password reset link is invalid or has expired. Please generate a new one."
-                            })
-                        })
-                    })
-                ]
-            })
-        });
-    };
-    app.get("/reset", async (c)=>{
-        const token = c.req.query("token");
-        if (!token) {
-            return c.html(/*#__PURE__*/ _jsx(BaseLayout, {
-                title: "Reset Password - Jant",
-                c: c,
-                children: /*#__PURE__*/ _jsx(ResetErrorContent, {})
-            }));
-        }
-        const stored = await c.var.services.settings.get(SETTINGS_KEYS.PASSWORD_RESET_TOKEN);
-        if (!stored) {
-            return c.html(/*#__PURE__*/ _jsx(BaseLayout, {
-                title: "Reset Password - Jant",
-                c: c,
-                children: /*#__PURE__*/ _jsx(ResetErrorContent, {})
-            }));
-        }
-        const separatorIndex = stored.lastIndexOf(":");
-        const storedToken = stored.substring(0, separatorIndex);
-        const expiry = parseInt(stored.substring(separatorIndex + 1), 10);
-        const now = Math.floor(Date.now() / 1000);
-        if (token !== storedToken || now > expiry) {
-            return c.html(/*#__PURE__*/ _jsx(BaseLayout, {
-                title: "Reset Password - Jant",
-                c: c,
-                children: /*#__PURE__*/ _jsx(ResetErrorContent, {})
-            }));
-        }
-        return c.html(/*#__PURE__*/ _jsx(BaseLayout, {
-            title: "Reset Password - Jant",
-            c: c,
-            children: /*#__PURE__*/ _jsx(ResetContent, {
-                token: token
-            })
-        }));
-    });
-    app.post("/reset", async (c)=>{
-        const body = await c.req.json();
-        const { password, confirmPassword, token } = body;
-        // Validate token
-        const stored = await c.var.services.settings.get(SETTINGS_KEYS.PASSWORD_RESET_TOKEN);
-        if (!stored) {
-            return dsToast("Invalid or expired reset link.", "error");
-        }
-        const separatorIndex = stored.lastIndexOf(":");
-        const storedToken = stored.substring(0, separatorIndex);
-        const expiry = parseInt(stored.substring(separatorIndex + 1), 10);
-        const now = Math.floor(Date.now() / 1000);
-        if (token !== storedToken || now > expiry) {
-            return dsToast("Invalid or expired reset link.", "error");
-        }
-        // Validate passwords
-        if (!password || password.length < 8) {
-            return dsToast("Password must be at least 8 characters.", "error");
-        }
-        if (password !== confirmPassword) {
-            return dsToast("Passwords do not match.", "error");
-        }
-        try {
-            const hashedPassword = await hashPassword(password);
-            const db = c.env.DB.withSession();
-            // Get admin user
-            const userResult = await db.prepare("SELECT id FROM user LIMIT 1").first();
-            if (!userResult) {
-                return dsToast("No user account found.", "error");
-            }
-            // Update password
-            await db.prepare("UPDATE account SET password = ? WHERE user_id = ? AND provider_id = 'credential'").bind(hashedPassword, userResult.id).run();
-            // Delete all sessions
-            await db.prepare("DELETE FROM session WHERE user_id = ?").bind(userResult.id).run();
-            // Delete the reset token
-            await c.var.services.settings.remove(SETTINGS_KEYS.PASSWORD_RESET_TOKEN);
-            return dsRedirect("/signin?reset");
-        } catch (err) {
-            // eslint-disable-next-line no-console -- Error logging is intentional
-            console.error("Password reset error:", err);
-            return dsToast("Failed to reset password.", "error");
-        }
-    });
+    app.route("/api/pages", pagesApiRoutes);
+    app.route("/api/nav-items", navItemsApiRoutes);
+    app.route("/api/collections", collectionsApiRoutes);
+    app.route("/api/settings", settingsApiRoutes);
+    // Auth routes
+    app.route("/", setupRoutes);
+    app.route("/", signinRoutes);
+    app.route("/", resetRoutes);
     // Dashboard routes (protected)
     app.use("/dash/*", requireAuth());
     app.route("/dash", dashIndexRoutes);
@@ -692,40 +223,39 @@ import { createStorageDriver } from "./lib/storage.js";
     app.route("/dash/settings", dashSettingsRoutes);
     app.route("/dash/redirects", dashRedirectsRoutes);
     app.route("/dash/collections", dashCollectionsRoutes);
-    app.route("/dash/navigation", dashNavigationRoutes);
     // API routes
     app.route("/api/upload", uploadApiRoutes);
     app.route("/api/search", searchApiRoutes);
-    // Media files from storage (UUIDv7-based URLs with extension)
-    app.get("/media/:idWithExt", async (c)=>{
+    // Media files from storage (path matches storage key: media/YYYY/MM/uuid.ext)
+    app.get("/media/*", async (c)=>{
         const storage = c.var.storage;
         if (!storage) {
             return c.notFound();
         }
-        // Extract ID from "uuid.ext" format
-        const idWithExt = c.req.param("idWithExt");
-        const mediaId = idWithExt.replace(/\.[^.]+$/, "");
-        const media = await c.var.services.media.getById(mediaId);
-        if (!media) {
-            return c.notFound();
-        }
-        const object = await storage.get(media.storageKey);
+        // The storage key is the full path without the leading "/"
+        const storageKey = c.req.path.slice(1);
+        const object = await storage.get(storageKey);
         if (!object) {
             return c.notFound();
         }
         const headers = new Headers();
-        headers.set("Content-Type", object.contentType || media.mimeType);
+        headers.set("Content-Type", object.contentType || "application/octet-stream");
         headers.set("Cache-Control", "public, max-age=31536000, immutable");
         return new Response(object.body, {
             headers
         });
     });
+    // Compose route (auth enforced in route middleware)
+    app.route("/compose", composeRoutes);
     // Feed routes
     app.route("/feed", rssRoutes);
     app.route("/", sitemapRoutes);
     // Frontend routes
     app.route("/search", searchRoutes);
     app.route("/archive", archiveRoutes);
+    app.route("/featured", featuredRoutes);
+    app.route("/latest", latestRoutes);
+    app.route("/collections", collectionsPageRoutes);
     app.route("/c", collectionRoutes);
     app.route("/p", postRoutes);
     app.route("/", homeRoutes);