@jant/core 0.3.24 → 0.3.26

package/dist/routes/api/pages.js

@@ -0,0 +1,91 @@
+/**
+ * Pages API Routes
+ */ import { Hono } from "hono";
+import { requireAuthApi } from "../../middleware/auth.js";
+import { z } from "zod";
+import { StatusSchema } from "../../lib/schemas.js";
+export const pagesApiRoutes = new Hono();
+const CreatePageSchema = z.object({
+    slug: z.string().min(1),
+    title: z.string().optional(),
+    body: z.string().optional(),
+    status: StatusSchema.optional()
+});
+const UpdatePageSchema = z.object({
+    slug: z.string().min(1).optional(),
+    title: z.string().nullable().optional(),
+    body: z.string().nullable().optional(),
+    status: StatusSchema.optional()
+});
+// List pages
+pagesApiRoutes.get("/", async (c)=>{
+    const pages = await c.var.services.pages.list();
+    return c.json({
+        pages
+    });
+});
+// Get single page
+pagesApiRoutes.get("/:id", async (c)=>{
+    const id = parseInt(c.req.param("id"), 10);
+    if (isNaN(id)) return c.json({
+        error: "Invalid ID"
+    }, 400);
+    const page = await c.var.services.pages.getById(id);
+    if (!page) return c.json({
+        error: "Not found"
+    }, 404);
+    return c.json(page);
+});
+// Create page (requires auth)
+pagesApiRoutes.post("/", requireAuthApi(), async (c)=>{
+    const rawBody = await c.req.json();
+    const parseResult = CreatePageSchema.safeParse(rawBody);
+    if (!parseResult.success) {
+        return c.json({
+            error: "Validation failed",
+            details: parseResult.error.flatten()
+        }, 400);
+    }
+    const body = parseResult.data;
+    const page = await c.var.services.pages.create({
+        slug: body.slug,
+        title: body.title,
+        body: body.body,
+        status: body.status
+    });
+    return c.json(page, 201);
+});
+// Update page (requires auth)
+pagesApiRoutes.put("/:id", requireAuthApi(), async (c)=>{
+    const id = parseInt(c.req.param("id"), 10);
+    if (isNaN(id)) return c.json({
+        error: "Invalid ID"
+    }, 400);
+    const rawBody = await c.req.json();
+    const parseResult = UpdatePageSchema.safeParse(rawBody);
+    if (!parseResult.success) {
+        return c.json({
+            error: "Validation failed",
+            details: parseResult.error.flatten()
+        }, 400);
+    }
+    const page = await c.var.services.pages.update(id, parseResult.data);
+    if (!page) return c.json({
+        error: "Not found"
+    }, 404);
+    return c.json(page);
+});
+// Delete page (requires auth)
+pagesApiRoutes.delete("/:id", requireAuthApi(), async (c)=>{
+    const id = parseInt(c.req.param("id"), 10);
+    if (isNaN(id)) return c.json({
+        error: "Invalid ID"
+    }, 400);
+    const success = await c.var.services.pages.delete(id);
+    if (!success) return c.json({
+        error: "Not found"
+    }, 404);
+    return c.json({
+        success: true
+    });
+});

package/dist/routes/api/posts.js

@@ -10,7 +10,7 @@ export const postsApiRoutes = new Hono();
  * Converts a Media record to a MediaAttachment API response shape.
  */ function toMediaAttachment(m, r2PublicUrl, imageTransformUrl, s3PublicUrl) {
     const publicUrl = getPublicUrlForProvider(m.provider, r2PublicUrl, s3PublicUrl);
-    const url = getMediaUrl(m.id, m.storageKey, publicUrl);
+    const url = getMediaUrl(m.storageKey, publicUrl);
     const previewUrl = getImageUrl(url, imageTransformUrl, {
         width: 400,
         quality: 80,
@@ -110,7 +110,7 @@ postsApiRoutes.post("/", requireAuthApi(), async (c)=>{
         format: body.format,
         title: body.title,
         body: body.body,
-        slug: body.slug || undefined,
+        path: body.path || undefined,
         status: body.status,
         featured: body.featured,
         pinned: body.pinned,
@@ -173,7 +173,7 @@ postsApiRoutes.put("/:id", requireAuthApi(), async (c)=>{
         format: body.format,
         title: body.title,
         body: body.body,
-        slug: body.slug,
+        path: body.path,
         status: body.status,
         featured: body.featured,
         pinned: body.pinned,

package/dist/routes/api/search.js

@@ -31,10 +31,10 @@ searchApiRoutes.get("/", async (c)=>{
                     id: sqid.encode(r.post.id),
                     format: r.post.format,
                     title: r.post.title,
-                    slug: r.post.slug,
+                    path: r.post.path,
                     snippet: r.snippet,
                     publishedAt: r.post.publishedAt,
-                    url: r.post.slug ? `/${r.post.slug}` : `/p/${sqid.encode(r.post.id)}`
+                    url: r.post.path ? `/${r.post.path}` : `/p/${sqid.encode(r.post.id)}`
                 })),
             count: results.length
         });

package/dist/routes/api/settings.js

@@ -0,0 +1,68 @@
+/**
+ * Settings API Routes
+ */ import { Hono } from "hono";
+import { requireAuthApi } from "../../middleware/auth.js";
+import { CONFIG_FIELDS } from "../../types.js";
+import { z } from "zod";
+export const settingsApiRoutes = new Hono();
+/** Config keys that can be modified via the settings API */ const editableKeys = Object.entries(CONFIG_FIELDS).filter(([, field])=>!field.envOnly).map(([key])=>key);
+const UpdateSettingsSchema = z.record(z.string(), z.string());
+// Get all settings (requires auth)
+settingsApiRoutes.get("/", requireAuthApi(), async (c)=>{
+    const allSettings = await c.var.services.settings.getAll();
+    // Include default values for editable keys not yet stored in DB
+    const result = {};
+    for (const key of editableKeys){
+        result[key] = allSettings[key] ?? CONFIG_FIELDS[key].defaultValue;
+    }
+    return c.json({
+        settings: result
+    });
+});
+// Update settings (requires auth)
+settingsApiRoutes.put("/", requireAuthApi(), async (c)=>{
+    const rawBody = await c.req.json();
+    const parseResult = UpdateSettingsSchema.safeParse(rawBody);
+    if (!parseResult.success) {
+        return c.json({
+            error: "Validation failed",
+            details: parseResult.error.flatten()
+        }, 400);
+    }
+    const updates = parseResult.data;
+    // Filter to only editable keys
+    const filteredUpdates = {};
+    const rejectedKeys = [];
+    for (const [key, value] of Object.entries(updates)){
+        if (editableKeys.includes(key)) {
+            filteredUpdates[key] = value;
+        } else {
+            rejectedKeys.push(key);
+        }
+    }
+    if (rejectedKeys.length > 0 && Object.keys(filteredUpdates).length === 0) {
+        return c.json({
+            error: "None of the provided keys are editable",
+            rejectedKeys
+        }, 400);
+    }
+    if (Object.keys(filteredUpdates).length > 0) {
+        // Settings service expects SettingsKey, but our ConfigKeys that are
+        // editable (SITE_NAME, SITE_DESCRIPTION, SITE_LANGUAGE) are valid SettingsKeys
+        for (const [key, value] of Object.entries(filteredUpdates)){
+            await c.var.services.settings.set(key, value);
+        }
+    }
+    // Return updated state
+    const allSettings = await c.var.services.settings.getAll();
+    const result = {};
+    for (const key of editableKeys){
+        result[key] = allSettings[key] ?? CONFIG_FIELDS[key].defaultValue;
+    }
+    return c.json({
+        settings: result,
+        ...rejectedKeys.length > 0 && {
+            rejectedKeys
+        }
+    });
+});

package/dist/routes/api/upload.js

@@ -15,7 +15,7 @@ uploadApiRoutes.use("*", requireAuthApi());
 /**
  * Render a media card HTML string for SSE response
  */ function renderMediaCard(media, publicUrl, imageTransformUrl) {
-    const fullUrl = getMediaUrl(media.id, media.storageKey, publicUrl);
+    const fullUrl = getMediaUrl(media.storageKey, publicUrl);
     const thumbnailUrl = getImageUrl(fullUrl, imageTransformUrl, {
         width: 300,
         quality: 80,
@@ -180,7 +180,7 @@ uploadApiRoutes.post("/", async (c)=>{
         // JSON response for API clients
         const provider = c.env.STORAGE_DRIVER || "r2";
         const mediaPublicUrl = getPublicUrlForProvider(provider, c.env.R2_PUBLIC_URL, c.env.S3_PUBLIC_URL);
-        const publicUrl = getMediaUrl(media.id, storageKey, mediaPublicUrl);
+        const publicUrl = getMediaUrl(storageKey, mediaPublicUrl);
         return c.json({
             id: media.id,
             filename: media.filename,
@@ -212,7 +212,7 @@ uploadApiRoutes.get("/", async (c)=>{
         media: mediaList.map((m)=>({
                 id: m.id,
                 filename: m.filename,
-                url: getMediaUrl(m.id, m.storageKey, getPublicUrlForProvider(m.provider, r2PublicUrl, s3PublicUrl)),
+                url: getMediaUrl(m.storageKey, getPublicUrlForProvider(m.provider, r2PublicUrl, s3PublicUrl)),
                 mimeType: m.mimeType,
                 size: m.size,
                 createdAt: m.createdAt

package/dist/routes/auth/reset.js

@@ -0,0 +1,221 @@
+import { jsx as _jsx, jsxs as _jsxs } from "hono/jsx/jsx-runtime";
+/**
+ * Password Reset Routes
+ *
+ * One-time token-based password reset flow.
+ */ import { Hono } from "hono";
+import { useLingui as $_useLingui } from "@jant/core/i18n";
+import { hashPassword } from "better-auth/crypto";
+import { BaseLayout } from "../../ui/layouts/BaseLayout.js";
+import { dsRedirect, dsToast } from "../../lib/sse.js";
+import { SETTINGS_KEYS } from "../../lib/constants.js";
+import { ResetPasswordSchema } from "../../lib/schemas.js";
+const ResetContent = ({ token })=>{
+    const { i18n: $__i18n, _: $__ } = $_useLingui();
+    const signals = JSON.stringify({
+        password: "",
+        confirmPassword: "",
+        token
+    }).replace(/</g, "\\u003c");
+    return /*#__PURE__*/ _jsx("div", {
+        class: "min-h-screen flex items-center justify-center",
+        children: /*#__PURE__*/ _jsxs("div", {
+            class: "card max-w-md w-full",
+            children: [
+                /*#__PURE__*/ _jsxs("header", {
+                    children: [
+                        /*#__PURE__*/ _jsx("h2", {
+                            children: $__i18n._({
+                                id: "KbS2K9",
+                                message: "Reset Password"
+                            })
+                        }),
+                        /*#__PURE__*/ _jsx("p", {
+                            children: $__i18n._({
+                                id: "hWOZIv",
+                                message: "Enter your new password."
+                            })
+                        })
+                    ]
+                }),
+                /*#__PURE__*/ _jsx("section", {
+                    children: /*#__PURE__*/ _jsxs("form", {
+                        "data-signals": signals,
+                        "data-on:submit__prevent": "@post('/reset')",
+                        "data-indicator": "_loading",
+                        class: "flex flex-col gap-4",
+                        children: [
+                            /*#__PURE__*/ _jsxs("div", {
+                                class: "field",
+                                children: [
+                                    /*#__PURE__*/ _jsx("label", {
+                                        class: "label",
+                                        children: $__i18n._({
+                                            id: "7vhWI8",
+                                            message: "New Password"
+                                        })
+                                    }),
+                                    /*#__PURE__*/ _jsx("input", {
+                                        type: "password",
+                                        "data-bind": "password",
+                                        class: "input",
+                                        required: true,
+                                        minLength: 8,
+                                        autocomplete: "new-password"
+                                    })
+                                ]
+                            }),
+                            /*#__PURE__*/ _jsxs("div", {
+                                class: "field",
+                                children: [
+                                    /*#__PURE__*/ _jsx("label", {
+                                        class: "label",
+                                        children: $__i18n._({
+                                            id: "p2/GCq",
+                                            message: "Confirm Password"
+                                        })
+                                    }),
+                                    /*#__PURE__*/ _jsx("input", {
+                                        type: "password",
+                                        "data-bind": "confirmPassword",
+                                        class: "input",
+                                        required: true,
+                                        minLength: 8,
+                                        autocomplete: "new-password"
+                                    })
+                                ]
+                            }),
+                            /*#__PURE__*/ _jsxs("button", {
+                                type: "submit",
+                                class: "btn",
+                                "data-attr:disabled": "$_loading",
+                                children: [
+                                    /*#__PURE__*/ _jsx("svg", {
+                                        "data-show": "$_loading",
+                                        style: "display:none",
+                                        class: "animate-spin size-4",
+                                        xmlns: "http://www.w3.org/2000/svg",
+                                        viewBox: "0 0 24 24",
+                                        fill: "none",
+                                        stroke: "currentColor",
+                                        "stroke-width": "2",
+                                        "stroke-linecap": "round",
+                                        "stroke-linejoin": "round",
+                                        role: "status",
+                                        children: /*#__PURE__*/ _jsx("path", {
+                                            d: "M21 12a9 9 0 1 1-6.219-8.56"
+                                        })
+                                    }),
+                                    $__i18n._({
+                                        id: "KbS2K9",
+                                        message: "Reset Password"
+                                    })
+                                ]
+                            })
+                        ]
+                    })
+                })
+            ]
+        })
+    });
+};
+const ResetErrorContent = ()=>{
+    const { i18n: $__i18n, _: $__ } = $_useLingui();
+    return /*#__PURE__*/ _jsx("div", {
+        class: "min-h-screen flex items-center justify-center",
+        children: /*#__PURE__*/ _jsxs("div", {
+            class: "card max-w-md w-full",
+            children: [
+                /*#__PURE__*/ _jsx("header", {
+                    children: /*#__PURE__*/ _jsx("h2", {
+                        children: $__i18n._({
+                            id: "7aECQB",
+                            message: "Invalid or Expired Link"
+                        })
+                    })
+                }),
+                /*#__PURE__*/ _jsx("section", {
+                    children: /*#__PURE__*/ _jsx("p", {
+                        class: "text-muted-foreground",
+                        children: $__i18n._({
+                            id: "GbVAnd",
+                            message: "This password reset link is invalid or has expired. Please generate a new one."
+                        })
+                    })
+                })
+            ]
+        })
+    });
+};
+/**
+ * Validate a password reset token against the stored value.
+ * Returns true if the token is valid and not expired.
+ */ async function validateResetToken(settings, token) {
+    const stored = await settings.get(SETTINGS_KEYS.PASSWORD_RESET_TOKEN);
+    if (!stored) return false;
+    const separatorIndex = stored.lastIndexOf(":");
+    const storedToken = stored.substring(0, separatorIndex);
+    const expiry = parseInt(stored.substring(separatorIndex + 1), 10);
+    const now = Math.floor(Date.now() / 1000);
+    return token === storedToken && now <= expiry;
+}
+export const resetRoutes = new Hono();
+resetRoutes.get("/reset", async (c)=>{
+    const token = c.req.query("token");
+    if (!token) {
+        return c.html(/*#__PURE__*/ _jsx(BaseLayout, {
+            title: "Reset Password - Jant",
+            c: c,
+            children: /*#__PURE__*/ _jsx(ResetErrorContent, {})
+        }));
+    }
+    const isValid = await validateResetToken(c.var.services.settings, token);
+    if (!isValid) {
+        return c.html(/*#__PURE__*/ _jsx(BaseLayout, {
+            title: "Reset Password - Jant",
+            c: c,
+            children: /*#__PURE__*/ _jsx(ResetErrorContent, {})
+        }));
+    }
+    return c.html(/*#__PURE__*/ _jsx(BaseLayout, {
+        title: "Reset Password - Jant",
+        c: c,
+        children: /*#__PURE__*/ _jsx(ResetContent, {
+            token: token
+        })
+    }));
+});
+resetRoutes.post("/reset", async (c)=>{
+    const body = await c.req.json();
+    const parsed = ResetPasswordSchema.safeParse(body);
+    if (!parsed.success) {
+        const msg = parsed.error.errors[0]?.message ?? "Invalid input";
+        return dsToast(msg, "error");
+    }
+    const { password, token } = parsed.data;
+    // Validate token
+    const isValid = await validateResetToken(c.var.services.settings, token);
+    if (!isValid) {
+        return dsToast("Invalid or expired reset link.", "error");
+    }
+    try {
+        const hashedPassword = await hashPassword(password);
+        const db = c.env.DB.withSession();
+        // Get admin user
+        const userResult = await db.prepare("SELECT id FROM user LIMIT 1").first();
+        if (!userResult) {
+            return dsToast("No user account found.", "error");
+        }
+        // Update password
+        await db.prepare("UPDATE account SET password = ? WHERE user_id = ? AND provider_id = 'credential'").bind(hashedPassword, userResult.id).run();
+        // Delete all sessions
+        await db.prepare("DELETE FROM session WHERE user_id = ?").bind(userResult.id).run();
+        // Delete the reset token
+        await c.var.services.settings.remove(SETTINGS_KEYS.PASSWORD_RESET_TOKEN);
+        return dsRedirect("/signin?reset");
+    } catch (err) {
+        // eslint-disable-next-line no-console -- Error logging is intentional
+        console.error("Password reset error:", err);
+        return dsToast("Failed to reset password.", "error");
+    }
+});

package/dist/routes/auth/setup.js

@@ -0,0 +1,194 @@
+import { jsx as _jsx, jsxs as _jsxs } from "hono/jsx/jsx-runtime";
+/**
+ * Setup Routes
+ *
+ * Initial admin account creation during first-time setup.
+ */ import { Hono } from "hono";
+import { useLingui as $_useLingui } from "@jant/core/i18n";
+import { BaseLayout } from "../../ui/layouts/BaseLayout.js";
+import { dsRedirect, dsToast } from "../../lib/sse.js";
+import { SetupSchema } from "../../lib/schemas.js";
+import { mapIanaToTimezone } from "../../lib/timezones.js";
+const SetupContent = ()=>{
+    const { i18n: $__i18n, _: $__ } = $_useLingui();
+    return /*#__PURE__*/ _jsx("div", {
+        class: "min-h-screen flex items-center justify-center",
+        children: /*#__PURE__*/ _jsxs("div", {
+            class: "card max-w-md w-full",
+            children: [
+                /*#__PURE__*/ _jsxs("header", {
+                    children: [
+                        /*#__PURE__*/ _jsx("h2", {
+                            children: $__i18n._({
+                                id: "GorKul",
+                                message: "Welcome to Jant"
+                            })
+                        }),
+                        /*#__PURE__*/ _jsx("p", {
+                            children: $__i18n._({
+                                id: "GX2VMa",
+                                message: "Create your admin account."
+                            })
+                        })
+                    ]
+                }),
+                /*#__PURE__*/ _jsx("section", {
+                    children: /*#__PURE__*/ _jsxs("form", {
+                        "data-signals": "{name: '', email: '', password: '', _timezone: ''}",
+                        "data-init": "$_timezone = Intl.DateTimeFormat().resolvedOptions().timeZone || ''",
+                        "data-on:submit__prevent": "@post('/setup')",
+                        "data-indicator": "_loading",
+                        class: "flex flex-col gap-4",
+                        children: [
+                            /*#__PURE__*/ _jsxs("div", {
+                                class: "field",
+                                children: [
+                                    /*#__PURE__*/ _jsx("label", {
+                                        class: "label",
+                                        children: $__i18n._({
+                                            id: "/Rj5P4",
+                                            message: "Your Name"
+                                        })
+                                    }),
+                                    /*#__PURE__*/ _jsx("input", {
+                                        type: "text",
+                                        "data-bind": "name",
+                                        class: "input",
+                                        required: true,
+                                        placeholder: "John Doe"
+                                    })
+                                ]
+                            }),
+                            /*#__PURE__*/ _jsxs("div", {
+                                class: "field",
+                                children: [
+                                    /*#__PURE__*/ _jsx("label", {
+                                        class: "label",
+                                        children: $__i18n._({
+                                            id: "O3oNi5",
+                                            message: "Email"
+                                        })
+                                    }),
+                                    /*#__PURE__*/ _jsx("input", {
+                                        type: "email",
+                                        "data-bind": "email",
+                                        class: "input",
+                                        required: true,
+                                        placeholder: "you@example.com"
+                                    })
+                                ]
+                            }),
+                            /*#__PURE__*/ _jsxs("div", {
+                                class: "field",
+                                children: [
+                                    /*#__PURE__*/ _jsx("label", {
+                                        class: "label",
+                                        children: $__i18n._({
+                                            id: "8ZsakT",
+                                            message: "Password"
+                                        })
+                                    }),
+                                    /*#__PURE__*/ _jsx("input", {
+                                        type: "password",
+                                        "data-bind": "password",
+                                        class: "input",
+                                        required: true,
+                                        minLength: 8
+                                    })
+                                ]
+                            }),
+                            /*#__PURE__*/ _jsxs("button", {
+                                type: "submit",
+                                class: "btn",
+                                "data-attr:disabled": "$_loading",
+                                children: [
+                                    /*#__PURE__*/ _jsx("svg", {
+                                        "data-show": "$_loading",
+                                        style: "display:none",
+                                        class: "animate-spin size-4",
+                                        xmlns: "http://www.w3.org/2000/svg",
+                                        viewBox: "0 0 24 24",
+                                        fill: "none",
+                                        stroke: "currentColor",
+                                        "stroke-width": "2",
+                                        "stroke-linecap": "round",
+                                        "stroke-linejoin": "round",
+                                        role: "status",
+                                        children: /*#__PURE__*/ _jsx("path", {
+                                            d: "M21 12a9 9 0 1 1-6.219-8.56"
+                                        })
+                                    }),
+                                    $__i18n._({
+                                        id: "EGwzOK",
+                                        message: "Complete Setup"
+                                    })
+                                ]
+                            })
+                        ]
+                    })
+                })
+            ]
+        })
+    });
+};
+export const setupRoutes = new Hono();
+setupRoutes.get("/setup", async (c)=>{
+    const isComplete = await c.var.services.settings.isOnboardingComplete();
+    if (isComplete) return c.redirect("/");
+    return c.html(/*#__PURE__*/ _jsx(BaseLayout, {
+        title: "Setup - Jant",
+        c: c,
+        children: /*#__PURE__*/ _jsx(SetupContent, {})
+    }));
+});
+setupRoutes.post("/setup", async (c)=>{
+    const isComplete = await c.var.services.settings.isOnboardingComplete();
+    if (isComplete) return c.redirect("/");
+    const body = await c.req.json();
+    const parsed = SetupSchema.safeParse(body);
+    const browserTimezone = body._timezone;
+    if (!parsed.success) {
+        const msg = parsed.error.errors[0]?.message ?? "Invalid input";
+        return dsToast(msg, "error");
+    }
+    const { name, email, password } = parsed.data;
+    if (!c.var.auth) {
+        return dsToast("AUTH_SECRET not configured", "error");
+    }
+    try {
+        const signUpResponse = await c.var.auth.api.signUpEmail({
+            body: {
+                name,
+                email,
+                password
+            }
+        });
+        if (!signUpResponse || "error" in signUpResponse) {
+            return dsToast("Failed to create account", "error");
+        }
+        await c.var.services.settings.completeOnboarding();
+        // Save auto-detected timezone
+        if (browserTimezone) {
+            const tz = mapIanaToTimezone(browserTimezone);
+            if (tz !== "UTC") {
+                await c.var.services.settings.set("TIME_ZONE", tz);
+            }
+        }
+        // Seed default navigation items
+        await c.var.services.navItems.create({
+            type: "link",
+            label: "Featured",
+            url: "/featured"
+        });
+        await c.var.services.navItems.create({
+            type: "link",
+            label: "Collections",
+            url: "/collections"
+        });
+        return dsRedirect("/signin?setup");
+    } catch (err) {
+        // eslint-disable-next-line no-console -- Error logging is intentional
+        console.error("Setup error:", err);
+        return dsToast("Failed to create account", "error");
+    }
+});