@jant/core 0.3.24 → 0.3.26

package/src/routes/auth/reset.tsx

@@ -0,0 +1,239 @@
+/**
+ * Password Reset Routes
+ *
+ * One-time token-based password reset flow.
+ */
+
+import { Hono } from "hono";
+import type { FC } from "hono/jsx";
+import { useLingui } from "@lingui/react/macro";
+import { hashPassword } from "better-auth/crypto";
+import type { Bindings } from "../../types.js";
+import type { AppVariables } from "../../app.js";
+import { BaseLayout } from "../../ui/layouts/BaseLayout.js";
+import { dsRedirect, dsToast } from "../../lib/sse.js";
+import { SETTINGS_KEYS } from "../../lib/constants.js";
+import { ResetPasswordSchema } from "../../lib/schemas.js";
+
+type Env = { Bindings: Bindings; Variables: AppVariables };
+
+const ResetContent: FC<{ token: string }> = ({ token }) => {
+  const { t } = useLingui();
+  const signals = JSON.stringify({
+    password: "",
+    confirmPassword: "",
+    token,
+  }).replace(/</g, "\\u003c");
+
+  return (
+    <div class="min-h-screen flex items-center justify-center">
+      <div class="card max-w-md w-full">
+        <header>
+          <h2>
+            {t({
+              message: "Reset Password",
+              comment: "@context: Password reset page heading",
+            })}
+          </h2>
+          <p>
+            {t({
+              message: "Enter your new password.",
+              comment: "@context: Password reset page description",
+            })}
+          </p>
+        </header>
+        <section>
+          <form
+            data-signals={signals}
+            data-on:submit__prevent="@post('/reset')"
+            data-indicator="_loading"
+            class="flex flex-col gap-4"
+          >
+            <div class="field">
+              <label class="label">
+                {t({
+                  message: "New Password",
+                  comment: "@context: Password reset form field",
+                })}
+              </label>
+              <input
+                type="password"
+                data-bind="password"
+                class="input"
+                required
+                minLength={8}
+                autocomplete="new-password"
+              />
+            </div>
+            <div class="field">
+              <label class="label">
+                {t({
+                  message: "Confirm Password",
+                  comment: "@context: Password reset form field",
+                })}
+              </label>
+              <input
+                type="password"
+                data-bind="confirmPassword"
+                class="input"
+                required
+                minLength={8}
+                autocomplete="new-password"
+              />
+            </div>
+            <button type="submit" class="btn" data-attr:disabled="$_loading">
+              <svg
+                data-show="$_loading"
+                style="display:none"
+                class="animate-spin size-4"
+                xmlns="http://www.w3.org/2000/svg"
+                viewBox="0 0 24 24"
+                fill="none"
+                stroke="currentColor"
+                stroke-width="2"
+                stroke-linecap="round"
+                stroke-linejoin="round"
+                role="status"
+              >
+                <path d="M21 12a9 9 0 1 1-6.219-8.56" />
+              </svg>
+              {t({
+                message: "Reset Password",
+                comment: "@context: Password reset form submit button",
+              })}
+            </button>
+          </form>
+        </section>
+      </div>
+    </div>
+  );
+};
+
+const ResetErrorContent: FC = () => {
+  const { t } = useLingui();
+
+  return (
+    <div class="min-h-screen flex items-center justify-center">
+      <div class="card max-w-md w-full">
+        <header>
+          <h2>
+            {t({
+              message: "Invalid or Expired Link",
+              comment: "@context: Password reset error heading",
+            })}
+          </h2>
+        </header>
+        <section>
+          <p class="text-muted-foreground">
+            {t({
+              message:
+                "This password reset link is invalid or has expired. Please generate a new one.",
+              comment: "@context: Password reset error description",
+            })}
+          </p>
+        </section>
+      </div>
+    </div>
+  );
+};
+
+/**
+ * Validate a password reset token against the stored value.
+ * Returns true if the token is valid and not expired.
+ */
+async function validateResetToken(
+  settings: { get(key: string): Promise<string | null> },
+  token: string,
+): Promise<boolean> {
+  const stored = await settings.get(SETTINGS_KEYS.PASSWORD_RESET_TOKEN);
+  if (!stored) return false;
+
+  const separatorIndex = stored.lastIndexOf(":");
+  const storedToken = stored.substring(0, separatorIndex);
+  const expiry = parseInt(stored.substring(separatorIndex + 1), 10);
+  const now = Math.floor(Date.now() / 1000);
+
+  return token === storedToken && now <= expiry;
+}
+
+export const resetRoutes = new Hono<Env>();
+
+resetRoutes.get("/reset", async (c) => {
+  const token = c.req.query("token");
+  if (!token) {
+    return c.html(
+      <BaseLayout title="Reset Password - Jant" c={c}>
+        <ResetErrorContent />
+      </BaseLayout>,
+    );
+  }
+
+  const isValid = await validateResetToken(c.var.services.settings, token);
+  if (!isValid) {
+    return c.html(
+      <BaseLayout title="Reset Password - Jant" c={c}>
+        <ResetErrorContent />
+      </BaseLayout>,
+    );
+  }
+
+  return c.html(
+    <BaseLayout title="Reset Password - Jant" c={c}>
+      <ResetContent token={token} />
+    </BaseLayout>,
+  );
+});
+
+resetRoutes.post("/reset", async (c) => {
+  const body = await c.req.json();
+  const parsed = ResetPasswordSchema.safeParse(body);
+
+  if (!parsed.success) {
+    const msg = parsed.error.errors[0]?.message ?? "Invalid input";
+    return dsToast(msg, "error");
+  }
+
+  const { password, token } = parsed.data;
+
+  // Validate token
+  const isValid = await validateResetToken(c.var.services.settings, token);
+  if (!isValid) {
+    return dsToast("Invalid or expired reset link.", "error");
+  }
+
+  try {
+    const hashedPassword = await hashPassword(password);
+    const db = c.env.DB.withSession() as unknown as D1Database;
+
+    // Get admin user
+    const userResult = await db
+      .prepare("SELECT id FROM user LIMIT 1")
+      .first<{ id: string }>();
+    if (!userResult) {
+      return dsToast("No user account found.", "error");
+    }
+
+    // Update password
+    await db
+      .prepare(
+        "UPDATE account SET password = ? WHERE user_id = ? AND provider_id = 'credential'",
+      )
+      .bind(hashedPassword, userResult.id)
+      .run();
+
+    // Delete all sessions
+    await db
+      .prepare("DELETE FROM session WHERE user_id = ?")
+      .bind(userResult.id)
+      .run();
+
+    // Delete the reset token
+    await c.var.services.settings.remove(SETTINGS_KEYS.PASSWORD_RESET_TOKEN);
+
+    return dsRedirect("/signin?reset");
+  } catch (err) {
+    // eslint-disable-next-line no-console -- Error logging is intentional
+    console.error("Password reset error:", err);
+    return dsToast("Failed to reset password.", "error");
+  }
+});

package/src/routes/auth/setup.tsx

@@ -0,0 +1,189 @@
+/**
+ * Setup Routes
+ *
+ * Initial admin account creation during first-time setup.
+ */
+
+import { Hono } from "hono";
+import type { FC } from "hono/jsx";
+import { useLingui } from "@lingui/react/macro";
+import type { Bindings } from "../../types.js";
+import type { AppVariables } from "../../app.js";
+import { BaseLayout } from "../../ui/layouts/BaseLayout.js";
+import { dsRedirect, dsToast } from "../../lib/sse.js";
+import { SetupSchema } from "../../lib/schemas.js";
+import { mapIanaToTimezone } from "../../lib/timezones.js";
+
+type Env = { Bindings: Bindings; Variables: AppVariables };
+
+const SetupContent: FC = () => {
+  const { t } = useLingui();
+
+  return (
+    <div class="min-h-screen flex items-center justify-center">
+      <div class="card max-w-md w-full">
+        <header>
+          <h2>
+            {t({
+              message: "Welcome to Jant",
+              comment: "@context: Setup page welcome heading",
+            })}
+          </h2>
+          <p>
+            {t({
+              message: "Create your admin account.",
+              comment: "@context: Setup page description",
+            })}
+          </p>
+        </header>
+        <section>
+          <form
+            data-signals="{name: '', email: '', password: '', _timezone: ''}"
+            data-init="$_timezone = Intl.DateTimeFormat().resolvedOptions().timeZone || ''"
+            data-on:submit__prevent="@post('/setup')"
+            data-indicator="_loading"
+            class="flex flex-col gap-4"
+          >
+            <div class="field">
+              <label class="label">
+                {t({
+                  message: "Your Name",
+                  comment: "@context: Setup form field - user name",
+                })}
+              </label>
+              <input
+                type="text"
+                data-bind="name"
+                class="input"
+                required
+                placeholder="John Doe"
+              />
+            </div>
+            <div class="field">
+              <label class="label">
+                {t({
+                  message: "Email",
+                  comment: "@context: Setup/signin form field - email",
+                })}
+              </label>
+              <input
+                type="email"
+                data-bind="email"
+                class="input"
+                required
+                placeholder="you@example.com"
+              />
+            </div>
+            <div class="field">
+              <label class="label">
+                {t({
+                  message: "Password",
+                  comment: "@context: Setup/signin form field - password",
+                })}
+              </label>
+              <input
+                type="password"
+                data-bind="password"
+                class="input"
+                required
+                minLength={8}
+              />
+            </div>
+            <button type="submit" class="btn" data-attr:disabled="$_loading">
+              <svg
+                data-show="$_loading"
+                style="display:none"
+                class="animate-spin size-4"
+                xmlns="http://www.w3.org/2000/svg"
+                viewBox="0 0 24 24"
+                fill="none"
+                stroke="currentColor"
+                stroke-width="2"
+                stroke-linecap="round"
+                stroke-linejoin="round"
+                role="status"
+              >
+                <path d="M21 12a9 9 0 1 1-6.219-8.56" />
+              </svg>
+              {t({
+                message: "Complete Setup",
+                comment: "@context: Setup form submit button",
+              })}
+            </button>
+          </form>
+        </section>
+      </div>
+    </div>
+  );
+};
+
+export const setupRoutes = new Hono<Env>();
+
+setupRoutes.get("/setup", async (c) => {
+  const isComplete = await c.var.services.settings.isOnboardingComplete();
+  if (isComplete) return c.redirect("/");
+
+  return c.html(
+    <BaseLayout title="Setup - Jant" c={c}>
+      <SetupContent />
+    </BaseLayout>,
+  );
+});
+
+setupRoutes.post("/setup", async (c) => {
+  const isComplete = await c.var.services.settings.isOnboardingComplete();
+  if (isComplete) return c.redirect("/");
+
+  const body = await c.req.json<Record<string, string>>();
+  const parsed = SetupSchema.safeParse(body);
+  const browserTimezone = body._timezone;
+
+  if (!parsed.success) {
+    const msg = parsed.error.errors[0]?.message ?? "Invalid input";
+    return dsToast(msg, "error");
+  }
+
+  const { name, email, password } = parsed.data;
+
+  if (!c.var.auth) {
+    return dsToast("AUTH_SECRET not configured", "error");
+  }
+
+  try {
+    const signUpResponse = await c.var.auth.api.signUpEmail({
+      body: { name, email, password },
+    });
+
+    if (!signUpResponse || "error" in signUpResponse) {
+      return dsToast("Failed to create account", "error");
+    }
+
+    await c.var.services.settings.completeOnboarding();
+
+    // Save auto-detected timezone
+    if (browserTimezone) {
+      const tz = mapIanaToTimezone(browserTimezone);
+      if (tz !== "UTC") {
+        await c.var.services.settings.set("TIME_ZONE", tz);
+      }
+    }
+
+    // Seed default navigation items
+    await c.var.services.navItems.create({
+      type: "link",
+      label: "Featured",
+      url: "/featured",
+    });
+    await c.var.services.navItems.create({
+      type: "link",
+      label: "Collections",
+      url: "/collections",
+    });
+
+    return dsRedirect("/signin?setup");
+  } catch (err) {
+    // eslint-disable-next-line no-console -- Error logging is intentional
+    console.error("Setup error:", err);
+    return dsToast("Failed to create account", "error");
+  }
+});

package/src/routes/auth/signin.tsx

@@ -0,0 +1,163 @@
+/**
+ * Sign-in / Sign-out Routes
+ */
+
+import { Hono } from "hono";
+import type { FC } from "hono/jsx";
+import { useLingui } from "@lingui/react/macro";
+import type { Bindings } from "../../types.js";
+import type { AppVariables } from "../../app.js";
+import { BaseLayout } from "../../ui/layouts/BaseLayout.js";
+import { dsRedirect, dsToast } from "../../lib/sse.js";
+import { SigninSchema } from "../../lib/schemas.js";
+
+type Env = { Bindings: Bindings; Variables: AppVariables };
+
+const SigninContent: FC<{
+  demoEmail?: string;
+  demoPassword?: string;
+}> = ({ demoEmail, demoPassword }) => {
+  const { t } = useLingui();
+  const signals = JSON.stringify({
+    email: demoEmail || "",
+    password: demoPassword || "",
+  }).replace(/</g, "\\u003c");
+
+  return (
+    <div class="min-h-screen flex items-center justify-center">
+      <div class="card max-w-md w-full">
+        <header>
+          <h2>
+            {t({
+              message: "Sign In",
+              comment: "@context: Sign in page heading",
+            })}
+          </h2>
+        </header>
+        <section>
+          {demoEmail && demoPassword && (
+            <p class="text-muted-foreground text-sm mb-4">
+              {t({
+                message: "Demo account pre-filled. Just click Sign In.",
+                comment:
+                  "@context: Hint shown on signin page when demo credentials are pre-filled",
+              })}
+            </p>
+          )}
+          <form
+            data-signals={signals}
+            data-on:submit__prevent="@post('/signin')"
+            data-indicator="_loading"
+            class="flex flex-col gap-4"
+          >
+            <div class="field">
+              <label class="label">
+                {t({
+                  message: "Email",
+                  comment: "@context: Setup/signin form field - email",
+                })}
+              </label>
+              <input type="email" data-bind="email" class="input" required />
+            </div>
+            <div class="field">
+              <label class="label">
+                {t({
+                  message: "Password",
+                  comment: "@context: Setup/signin form field - password",
+                })}
+              </label>
+              <input
+                type="password"
+                data-bind="password"
+                class="input"
+                required
+              />
+            </div>
+            <button type="submit" class="btn" data-attr:disabled="$_loading">
+              <svg
+                data-show="$_loading"
+                style="display:none"
+                class="animate-spin size-4"
+                xmlns="http://www.w3.org/2000/svg"
+                viewBox="0 0 24 24"
+                fill="none"
+                stroke="currentColor"
+                stroke-width="2"
+                stroke-linecap="round"
+                stroke-linejoin="round"
+                role="status"
+              >
+                <path d="M21 12a9 9 0 1 1-6.219-8.56" />
+              </svg>
+              {t({
+                message: "Sign In",
+                comment: "@context: Sign in form submit button",
+              })}
+            </button>
+          </form>
+        </section>
+      </div>
+    </div>
+  );
+};
+
+export const signinRoutes = new Hono<Env>();
+
+signinRoutes.get("/signin", async (c) => {
+  const isSetup = c.req.query("setup") !== undefined;
+  const isReset = c.req.query("reset") !== undefined;
+  let toast: { message: string } | undefined;
+  if (isSetup) {
+    toast = { message: "Account created successfully. Please sign in." };
+  } else if (isReset) {
+    toast = { message: "Password reset successfully. Please sign in." };
+  }
+
+  return c.html(
+    <BaseLayout title="Sign In - Jant" c={c} toast={toast}>
+      <SigninContent
+        demoEmail={c.env.DEMO_EMAIL}
+        demoPassword={c.env.DEMO_PASSWORD}
+      />
+    </BaseLayout>,
+  );
+});
+
+signinRoutes.post("/signin", async (c) => {
+  if (!c.var.auth) {
+    return dsToast("Auth not configured", "error");
+  }
+
+  const body = await c.req.json();
+  const parsed = SigninSchema.safeParse(body);
+
+  if (!parsed.success) {
+    const msg = parsed.error.errors[0]?.message ?? "Invalid input";
+    return dsToast(msg, "error");
+  }
+
+  const { email, password } = parsed.data;
+
+  try {
+    const { headers } = await c.var.auth.api.signInEmail({
+      returnHeaders: true,
+      body: { email, password },
+      headers: c.req.raw.headers,
+    });
+
+    return dsRedirect("/dash", { headers });
+  } catch {
+    return dsToast("Invalid email or password", "error");
+  }
+});
+
+signinRoutes.get("/signout", async (c) => {
+  if (c.var.auth) {
+    try {
+      await c.var.auth.api.signOut({ headers: c.req.raw.headers });
+    } catch {
+      // Ignore signout errors
+    }
+  }
+  return c.redirect("/");
+});

package/src/routes/compose.ts

@@ -0,0 +1,63 @@
+/**
+ * Compose Route
+ *
+ * Handles post creation from the public-site compose dialog.
+ * Returns dsRedirect to the new post's permalink (Datastar form pattern).
+ */
+
+import { Hono } from "hono";
+import type { Bindings } from "../types.js";
+import type { AppVariables } from "../app.js";
+import { requireAuth } from "../middleware/auth.js";
+import { CreatePostSchema, validateMediaCount } from "../lib/schemas.js";
+import * as sqid from "../lib/sqid.js";
+import { dsRedirect, dsToast } from "../lib/sse.js";
+
+type Env = { Bindings: Bindings; Variables: AppVariables };
+
+export const composeRoutes = new Hono<Env>();
+
+// All compose routes require authentication
+composeRoutes.use("*", requireAuth());
+
+composeRoutes.post("/", async (c) => {
+  const raw = await c.req.json();
+
+  const result = CreatePostSchema.safeParse(raw);
+  if (!result.success) {
+    const firstError = result.error.issues[0]?.message ?? "Invalid input";
+    return dsToast(firstError, "error");
+  }
+
+  const data = result.data;
+
+  // Validate media count
+  if (data.mediaIds) {
+    const mediaError = validateMediaCount(data.mediaIds);
+    if (mediaError) {
+      return dsToast(mediaError, "error");
+    }
+  }
+
+  const post = await c.var.services.posts.create({
+    format: data.format,
+    title: data.title || undefined,
+    body: data.body || undefined,
+    status: data.status ?? "published",
+    featured: data.featured,
+    pinned: data.pinned,
+    url: data.url || undefined,
+    quoteText: data.quoteText || undefined,
+    rating: data.rating || undefined,
+    collectionId: data.collectionId || undefined,
+  });
+
+  // Attach media if provided
+  if (data.mediaIds && data.mediaIds.length > 0) {
+    await c.var.services.media.attachToPost(post.id, data.mediaIds);
+  }
+
+  // Redirect to the new post's permalink
+  const permalink = post.path ? `/${post.path}` : `/p/${sqid.encode(post.id)}`;
+  return dsRedirect(permalink);
+});