@jant/core 0.3.24 → 0.3.26

package/src/routes/api/__tests__/settings.test.ts

@@ -0,0 +1,132 @@
+import { describe, it, expect } from "vitest";
+import { createTestApp } from "../../../__tests__/helpers/app.js";
+import { settingsApiRoutes } from "../settings.js";
+
+describe("Settings API Routes", () => {
+  describe("GET /api/settings", () => {
+    it("returns 401 when not authenticated", async () => {
+      const { app } = createTestApp({ authenticated: false });
+      app.route("/api/settings", settingsApiRoutes);
+
+      const res = await app.request("/api/settings");
+      expect(res.status).toBe(401);
+    });
+
+    it("returns default settings when none are stored", async () => {
+      const { app } = createTestApp({ authenticated: true });
+      app.route("/api/settings", settingsApiRoutes);
+
+      const res = await app.request("/api/settings");
+      expect(res.status).toBe(200);
+
+      const body = await res.json();
+      expect(body.settings).toBeDefined();
+      expect(body.settings.SITE_NAME).toBe("Jant");
+      expect(body.settings.SITE_DESCRIPTION).toBe(
+        "A microblog powered by Jant",
+      );
+      expect(body.settings.SITE_LANGUAGE).toBe("en");
+    });
+
+    it("returns stored settings overriding defaults", async () => {
+      const { app, services } = createTestApp({ authenticated: true });
+      app.route("/api/settings", settingsApiRoutes);
+
+      await services.settings.set("SITE_NAME" as never, "My Blog");
+
+      const res = await app.request("/api/settings");
+      const body = await res.json();
+
+      expect(body.settings.SITE_NAME).toBe("My Blog");
+    });
+
+    it("does not include env-only settings", async () => {
+      const { app } = createTestApp({ authenticated: true });
+      app.route("/api/settings", settingsApiRoutes);
+
+      const res = await app.request("/api/settings");
+      const body = await res.json();
+
+      // Env-only keys should not be in the response
+      expect(body.settings.AUTH_SECRET).toBeUndefined();
+      expect(body.settings.SITE_URL).toBeUndefined();
+    });
+  });
+
+  describe("PUT /api/settings", () => {
+    it("returns 401 when not authenticated", async () => {
+      const { app } = createTestApp({ authenticated: false });
+      app.route("/api/settings", settingsApiRoutes);
+
+      const res = await app.request("/api/settings", {
+        method: "PUT",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ SITE_NAME: "New Name" }),
+      });
+
+      expect(res.status).toBe(401);
+    });
+
+    it("updates editable settings", async () => {
+      const { app } = createTestApp({ authenticated: true });
+      app.route("/api/settings", settingsApiRoutes);
+
+      const res = await app.request("/api/settings", {
+        method: "PUT",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ SITE_NAME: "Updated Blog" }),
+      });
+
+      expect(res.status).toBe(200);
+      const body = await res.json();
+      expect(body.settings.SITE_NAME).toBe("Updated Blog");
+    });
+
+    it("rejects env-only keys", async () => {
+      const { app } = createTestApp({ authenticated: true });
+      app.route("/api/settings", settingsApiRoutes);
+
+      const res = await app.request("/api/settings", {
+        method: "PUT",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({ AUTH_SECRET: "should-not-work" }),
+      });
+
+      expect(res.status).toBe(400);
+      const body = await res.json();
+      expect(body.rejectedKeys).toContain("AUTH_SECRET");
+    });
+
+    it("partially applies when mixing editable and env-only keys", async () => {
+      const { app } = createTestApp({ authenticated: true });
+      app.route("/api/settings", settingsApiRoutes);
+
+      const res = await app.request("/api/settings", {
+        method: "PUT",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify({
+          SITE_NAME: "Mixed Update",
+          AUTH_SECRET: "ignored",
+        }),
+      });
+
+      expect(res.status).toBe(200);
+      const body = await res.json();
+      expect(body.settings.SITE_NAME).toBe("Mixed Update");
+      expect(body.rejectedKeys).toContain("AUTH_SECRET");
+    });
+
+    it("returns 400 for invalid body", async () => {
+      const { app } = createTestApp({ authenticated: true });
+      app.route("/api/settings", settingsApiRoutes);
+
+      const res = await app.request("/api/settings", {
+        method: "PUT",
+        headers: { "Content-Type": "application/json" },
+        body: JSON.stringify("not an object"),
+      });
+
+      expect(res.status).toBe(400);
+    });
+  });
+});

package/src/routes/api/collections.ts

@@ -0,0 +1,143 @@
+/**
+ * Collections API Routes
+ */
+
+import { Hono } from "hono";
+import type { Bindings, SortOrder } from "../../types.js";
+import type { AppVariables } from "../../app.js";
+import { requireAuthApi } from "../../middleware/auth.js";
+import { z } from "zod";
+import { SORT_ORDERS } from "../../types.js";
+
+type Env = { Bindings: Bindings; Variables: AppVariables };
+
+export const collectionsApiRoutes = new Hono<Env>();
+
+const SortOrderSchema = z.enum(SORT_ORDERS);
+
+const CreateCollectionSchema = z.object({
+  slug: z.string().min(1),
+  title: z.string().min(1),
+  description: z.string().optional(),
+  icon: z.string().optional(),
+  sortOrder: SortOrderSchema.optional(),
+  position: z.number().int().min(0).optional(),
+  showDivider: z.boolean().optional(),
+});
+
+const UpdateCollectionSchema = z.object({
+  slug: z.string().min(1).optional(),
+  title: z.string().min(1).optional(),
+  description: z.string().nullable().optional(),
+  icon: z.string().nullable().optional(),
+  sortOrder: SortOrderSchema.optional(),
+  position: z.number().int().min(0).optional(),
+  showDivider: z.boolean().optional(),
+});
+
+const ReorderSchema = z.object({
+  ids: z.array(z.number().int().positive()),
+});
+
+// List collections (includes post counts)
+collectionsApiRoutes.get("/", async (c) => {
+  const collections = await c.var.services.collections.list();
+  const postCounts = await c.var.services.collections.getPostCounts();
+
+  return c.json({
+    collections: collections.map((col) => ({
+      ...col,
+      postCount: postCounts.get(col.id) ?? 0,
+    })),
+  });
+});
+
+// Get single collection
+collectionsApiRoutes.get("/:id", async (c) => {
+  const id = parseInt(c.req.param("id"), 10);
+  if (isNaN(id)) return c.json({ error: "Invalid ID" }, 400);
+
+  const collection = await c.var.services.collections.getById(id);
+  if (!collection) return c.json({ error: "Not found" }, 404);
+
+  return c.json(collection);
+});
+
+// Reorder collections (requires auth) — must be before /:id
+collectionsApiRoutes.put("/reorder", requireAuthApi(), async (c) => {
+  const rawBody = await c.req.json();
+
+  const parseResult = ReorderSchema.safeParse(rawBody);
+  if (!parseResult.success) {
+    return c.json(
+      { error: "Validation failed", details: parseResult.error.flatten() },
+      400,
+    );
+  }
+
+  await c.var.services.collections.reorder(parseResult.data.ids);
+  const collections = await c.var.services.collections.list();
+  return c.json({ collections });
+});
+
+// Create collection (requires auth)
+collectionsApiRoutes.post("/", requireAuthApi(), async (c) => {
+  const rawBody = await c.req.json();
+
+  const parseResult = CreateCollectionSchema.safeParse(rawBody);
+  if (!parseResult.success) {
+    return c.json(
+      { error: "Validation failed", details: parseResult.error.flatten() },
+      400,
+    );
+  }
+
+  const body = parseResult.data;
+
+  const collection = await c.var.services.collections.create({
+    slug: body.slug,
+    title: body.title,
+    description: body.description,
+    icon: body.icon,
+    sortOrder: body.sortOrder as SortOrder | undefined,
+    position: body.position,
+    showDivider: body.showDivider,
+  });
+
+  return c.json(collection, 201);
+});
+
+// Update collection (requires auth)
+collectionsApiRoutes.put("/:id", requireAuthApi(), async (c) => {
+  const id = parseInt(c.req.param("id"), 10);
+  if (isNaN(id)) return c.json({ error: "Invalid ID" }, 400);
+
+  const rawBody = await c.req.json();
+
+  const parseResult = UpdateCollectionSchema.safeParse(rawBody);
+  if (!parseResult.success) {
+    return c.json(
+      { error: "Validation failed", details: parseResult.error.flatten() },
+      400,
+    );
+  }
+
+  const collection = await c.var.services.collections.update(
+    id,
+    parseResult.data,
+  );
+  if (!collection) return c.json({ error: "Not found" }, 404);
+
+  return c.json(collection);
+});
+
+// Delete collection (requires auth)
+collectionsApiRoutes.delete("/:id", requireAuthApi(), async (c) => {
+  const id = parseInt(c.req.param("id"), 10);
+  if (isNaN(id)) return c.json({ error: "Invalid ID" }, 400);
+
+  const success = await c.var.services.collections.delete(id);
+  if (!success) return c.json({ error: "Not found" }, 404);
+
+  return c.json({ success: true });
+});

package/src/routes/api/nav-items.ts

@@ -0,0 +1,115 @@
+/**
+ * Nav Items API Routes
+ */
+
+import { Hono } from "hono";
+import type { Bindings, NavItemType } from "../../types.js";
+import type { AppVariables } from "../../app.js";
+import { requireAuthApi } from "../../middleware/auth.js";
+import { z } from "zod";
+
+type Env = { Bindings: Bindings; Variables: AppVariables };
+
+export const navItemsApiRoutes = new Hono<Env>();
+
+const NavItemTypeSchema = z.enum(["link", "page"]);
+
+const CreateNavItemSchema = z.object({
+  type: NavItemTypeSchema,
+  label: z.string().min(1),
+  url: z.string().min(1),
+  pageId: z.number().int().positive().optional(),
+  position: z.number().int().min(0).optional(),
+});
+
+const UpdateNavItemSchema = z.object({
+  type: NavItemTypeSchema.optional(),
+  label: z.string().min(1).optional(),
+  url: z.string().min(1).optional(),
+  pageId: z.number().int().positive().nullable().optional(),
+  position: z.number().int().min(0).optional(),
+});
+
+const ReorderSchema = z.object({
+  ids: z.array(z.number().int().positive()),
+});
+
+// List nav items
+navItemsApiRoutes.get("/", async (c) => {
+  const items = await c.var.services.navItems.list();
+  return c.json({ navItems: items });
+});
+
+// Reorder nav items (requires auth) — must be before /:id
+navItemsApiRoutes.put("/reorder", requireAuthApi(), async (c) => {
+  const rawBody = await c.req.json();
+
+  const parseResult = ReorderSchema.safeParse(rawBody);
+  if (!parseResult.success) {
+    return c.json(
+      { error: "Validation failed", details: parseResult.error.flatten() },
+      400,
+    );
+  }
+
+  await c.var.services.navItems.reorder(parseResult.data.ids);
+  const items = await c.var.services.navItems.list();
+  return c.json({ navItems: items });
+});
+
+// Create nav item (requires auth)
+navItemsApiRoutes.post("/", requireAuthApi(), async (c) => {
+  const rawBody = await c.req.json();
+
+  const parseResult = CreateNavItemSchema.safeParse(rawBody);
+  if (!parseResult.success) {
+    return c.json(
+      { error: "Validation failed", details: parseResult.error.flatten() },
+      400,
+    );
+  }
+
+  const body = parseResult.data;
+
+  const item = await c.var.services.navItems.create({
+    type: body.type as NavItemType,
+    label: body.label,
+    url: body.url,
+    pageId: body.pageId,
+    position: body.position,
+  });
+
+  return c.json(item, 201);
+});
+
+// Update nav item (requires auth)
+navItemsApiRoutes.put("/:id", requireAuthApi(), async (c) => {
+  const id = parseInt(c.req.param("id"), 10);
+  if (isNaN(id)) return c.json({ error: "Invalid ID" }, 400);
+
+  const rawBody = await c.req.json();
+
+  const parseResult = UpdateNavItemSchema.safeParse(rawBody);
+  if (!parseResult.success) {
+    return c.json(
+      { error: "Validation failed", details: parseResult.error.flatten() },
+      400,
+    );
+  }
+
+  const item = await c.var.services.navItems.update(id, parseResult.data);
+  if (!item) return c.json({ error: "Not found" }, 404);
+
+  return c.json(item);
+});
+
+// Delete nav item (requires auth)
+navItemsApiRoutes.delete("/:id", requireAuthApi(), async (c) => {
+  const id = parseInt(c.req.param("id"), 10);
+  if (isNaN(id)) return c.json({ error: "Invalid ID" }, 400);
+
+  const success = await c.var.services.navItems.delete(id);
+  if (!success) return c.json({ error: "Not found" }, 404);
+
+  return c.json({ success: true });
+});

package/src/routes/api/pages.ts

@@ -0,0 +1,101 @@
+/**
+ * Pages API Routes
+ */
+
+import { Hono } from "hono";
+import type { Bindings } from "../../types.js";
+import type { AppVariables } from "../../app.js";
+import { requireAuthApi } from "../../middleware/auth.js";
+import { z } from "zod";
+import { StatusSchema } from "../../lib/schemas.js";
+
+type Env = { Bindings: Bindings; Variables: AppVariables };
+
+export const pagesApiRoutes = new Hono<Env>();
+
+const CreatePageSchema = z.object({
+  slug: z.string().min(1),
+  title: z.string().optional(),
+  body: z.string().optional(),
+  status: StatusSchema.optional(),
+});
+
+const UpdatePageSchema = z.object({
+  slug: z.string().min(1).optional(),
+  title: z.string().nullable().optional(),
+  body: z.string().nullable().optional(),
+  status: StatusSchema.optional(),
+});
+
+// List pages
+pagesApiRoutes.get("/", async (c) => {
+  const pages = await c.var.services.pages.list();
+  return c.json({ pages });
+});
+
+// Get single page
+pagesApiRoutes.get("/:id", async (c) => {
+  const id = parseInt(c.req.param("id"), 10);
+  if (isNaN(id)) return c.json({ error: "Invalid ID" }, 400);
+
+  const page = await c.var.services.pages.getById(id);
+  if (!page) return c.json({ error: "Not found" }, 404);
+
+  return c.json(page);
+});
+
+// Create page (requires auth)
+pagesApiRoutes.post("/", requireAuthApi(), async (c) => {
+  const rawBody = await c.req.json();
+
+  const parseResult = CreatePageSchema.safeParse(rawBody);
+  if (!parseResult.success) {
+    return c.json(
+      { error: "Validation failed", details: parseResult.error.flatten() },
+      400,
+    );
+  }
+
+  const body = parseResult.data;
+
+  const page = await c.var.services.pages.create({
+    slug: body.slug,
+    title: body.title,
+    body: body.body,
+    status: body.status,
+  });
+
+  return c.json(page, 201);
+});
+
+// Update page (requires auth)
+pagesApiRoutes.put("/:id", requireAuthApi(), async (c) => {
+  const id = parseInt(c.req.param("id"), 10);
+  if (isNaN(id)) return c.json({ error: "Invalid ID" }, 400);
+
+  const rawBody = await c.req.json();
+
+  const parseResult = UpdatePageSchema.safeParse(rawBody);
+  if (!parseResult.success) {
+    return c.json(
+      { error: "Validation failed", details: parseResult.error.flatten() },
+      400,
+    );
+  }
+
+  const page = await c.var.services.pages.update(id, parseResult.data);
+  if (!page) return c.json({ error: "Not found" }, 404);
+
+  return c.json(page);
+});
+
+// Delete page (requires auth)
+pagesApiRoutes.delete("/:id", requireAuthApi(), async (c) => {
+  const id = parseInt(c.req.param("id"), 10);
+  if (isNaN(id)) return c.json({ error: "Invalid ID" }, 400);
+
+  const success = await c.var.services.pages.delete(id);
+  if (!success) return c.json({ error: "Not found" }, 404);
+
+  return c.json({ success: true });
+});

package/src/routes/api/posts.ts

@@ -36,7 +36,7 @@ function toMediaAttachment(
     r2PublicUrl,
     s3PublicUrl,
   );
-  const url = getMediaUrl(m.id, m.storageKey, publicUrl);
+  const url = getMediaUrl(m.storageKey, publicUrl);
   const previewUrl = getImageUrl(url, imageTransformUrl, {
     width: 400,
     quality: 80,
@@ -151,7 +151,7 @@ postsApiRoutes.post("/", requireAuthApi(), async (c) => {
     format: body.format,
     title: body.title,
     body: body.body,
-    slug: body.slug || undefined,
+    path: body.path || undefined,
     status: body.status,
     featured: body.featured,
     pinned: body.pinned,
@@ -225,7 +225,7 @@ postsApiRoutes.put("/:id", requireAuthApi(), async (c) => {
     format: body.format,
     title: body.title,
     body: body.body,
-    slug: body.slug,
+    path: body.path,
     status: body.status,
     featured: body.featured,
     pinned: body.pinned,

package/src/routes/api/search.ts

@@ -38,10 +38,10 @@ searchApiRoutes.get("/", async (c) => {
         id: sqid.encode(r.post.id),
         format: r.post.format,
         title: r.post.title,
-        slug: r.post.slug,
+        path: r.post.path,
         snippet: r.snippet,
         publishedAt: r.post.publishedAt,
-        url: r.post.slug ? `/${r.post.slug}` : `/p/${sqid.encode(r.post.id)}`,
+        url: r.post.path ? `/${r.post.path}` : `/p/${sqid.encode(r.post.id)}`,
       })),
       count: results.length,
     });

package/src/routes/api/settings.ts

@@ -0,0 +1,91 @@
+/**
+ * Settings API Routes
+ */
+
+import { Hono } from "hono";
+import type { Bindings } from "../../types.js";
+import type { AppVariables } from "../../app.js";
+import { requireAuthApi } from "../../middleware/auth.js";
+import { CONFIG_FIELDS, type ConfigKey } from "../../types.js";
+import { z } from "zod";
+
+type Env = { Bindings: Bindings; Variables: AppVariables };
+
+export const settingsApiRoutes = new Hono<Env>();
+
+/** Config keys that can be modified via the settings API */
+const editableKeys = Object.entries(CONFIG_FIELDS)
+  .filter(([, field]) => !field.envOnly)
+  .map(([key]) => key as ConfigKey);
+
+const UpdateSettingsSchema = z.record(z.string(), z.string());
+
+// Get all settings (requires auth)
+settingsApiRoutes.get("/", requireAuthApi(), async (c) => {
+  const allSettings = await c.var.services.settings.getAll();
+
+  // Include default values for editable keys not yet stored in DB
+  const result: Record<string, string> = {};
+  for (const key of editableKeys) {
+    result[key] = allSettings[key] ?? CONFIG_FIELDS[key].defaultValue;
+  }
+
+  return c.json({ settings: result });
+});
+
+// Update settings (requires auth)
+settingsApiRoutes.put("/", requireAuthApi(), async (c) => {
+  const rawBody = await c.req.json();
+
+  const parseResult = UpdateSettingsSchema.safeParse(rawBody);
+  if (!parseResult.success) {
+    return c.json(
+      { error: "Validation failed", details: parseResult.error.flatten() },
+      400,
+    );
+  }
+
+  const updates = parseResult.data;
+
+  // Filter to only editable keys
+  const filteredUpdates: Partial<Record<ConfigKey, string>> = {};
+  const rejectedKeys: string[] = [];
+
+  for (const [key, value] of Object.entries(updates)) {
+    if (editableKeys.includes(key as ConfigKey)) {
+      filteredUpdates[key as ConfigKey] = value;
+    } else {
+      rejectedKeys.push(key);
+    }
+  }
+
+  if (rejectedKeys.length > 0 && Object.keys(filteredUpdates).length === 0) {
+    return c.json(
+      {
+        error: "None of the provided keys are editable",
+        rejectedKeys,
+      },
+      400,
+    );
+  }
+
+  if (Object.keys(filteredUpdates).length > 0) {
+    // Settings service expects SettingsKey, but our ConfigKeys that are
+    // editable (SITE_NAME, SITE_DESCRIPTION, SITE_LANGUAGE) are valid SettingsKeys
+    for (const [key, value] of Object.entries(filteredUpdates)) {
+      await c.var.services.settings.set(key as never, value as string);
+    }
+  }
+
+  // Return updated state
+  const allSettings = await c.var.services.settings.getAll();
+  const result: Record<string, string> = {};
+  for (const key of editableKeys) {
+    result[key] = allSettings[key] ?? CONFIG_FIELDS[key].defaultValue;
+  }
+
+  return c.json({
+    settings: result,
+    ...(rejectedKeys.length > 0 && { rejectedKeys }),
+  });
+});

package/src/routes/api/upload.ts

@@ -40,7 +40,7 @@ function renderMediaCard(
   publicUrl?: string,
   imageTransformUrl?: string,
 ): string {
-  const fullUrl = getMediaUrl(media.id, media.storageKey, publicUrl);
+  const fullUrl = getMediaUrl(media.storageKey, publicUrl);
   const thumbnailUrl = getImageUrl(fullUrl, imageTransformUrl, {
     width: 300,
     quality: 80,
@@ -229,7 +229,7 @@ uploadApiRoutes.post("/", async (c) => {
       c.env.R2_PUBLIC_URL,
       c.env.S3_PUBLIC_URL,
     );
-    const publicUrl = getMediaUrl(media.id, storageKey, mediaPublicUrl);
+    const publicUrl = getMediaUrl(storageKey, mediaPublicUrl);
     return c.json({
       id: media.id,
       filename: media.filename,
@@ -263,7 +263,6 @@ uploadApiRoutes.get("/", async (c) => {
       id: m.id,
       filename: m.filename,
       url: getMediaUrl(
-        m.id,
         m.storageKey,
         getPublicUrlForProvider(m.provider, r2PublicUrl, s3PublicUrl),
       ),