npm - @jant/core - Versions diffs - 0.3.35 → 0.3.37 - Mend

@jant/core 0.3.35 → 0.3.37

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (307) hide show

package/bin/commands/export.js +1 -1
package/bin/commands/import-site.js +529 -0
package/bin/commands/reset-password.js +3 -2
package/dist/client/assets/heic-to-DIRPI3VF.js +1 -0
package/dist/client/assets/module-RjUF93sV.js +716 -0
package/dist/client/assets/native-48B9X9Wg.js +1 -0
package/dist/client/assets/url-FWFqPJPb.js +1 -0
package/dist/client/client.css +1 -1
package/dist/client/client.js +4564 -3013
package/dist/index.js +12885 -8161
package/package.json +23 -6
package/src/__tests__/helpers/app.ts +10 -10
package/src/__tests__/helpers/db.ts +91 -87
package/src/app.tsx +157 -31
package/src/auth.ts +20 -2
package/src/client/archive-nav.js +187 -0
package/src/client/audio-player.ts +478 -0
package/src/client/audio-processor.ts +84 -0
package/src/{lib → client}/avatar-upload.ts +4 -3
package/src/{lib → client}/collection-form-bridge.ts +2 -2
package/src/{ui → client}/components/__tests__/jant-collection-form.test.ts +26 -9
package/src/client/components/__tests__/jant-compose-dialog.test.ts +1140 -0
package/src/client/components/__tests__/jant-compose-editor.test.ts +504 -0
package/src/{ui → client}/components/__tests__/jant-post-form.test.ts +37 -17
package/src/{ui → client}/components/__tests__/jant-settings-avatar.test.ts +2 -2
package/src/{ui → client}/components/__tests__/jant-settings-general.test.ts +3 -3
package/src/client/components/collection-sidebar-types.ts +43 -0
package/src/{ui → client}/components/collection-types.ts +3 -4
package/src/client/components/compose-types.ts +174 -0
package/src/client/components/jant-collection-form.ts +667 -0
package/src/client/components/jant-collection-sidebar.ts +805 -0
package/src/client/components/jant-compose-dialog.ts +2161 -0
package/src/client/components/jant-compose-editor.ts +1813 -0
package/src/client/components/jant-compose-fullscreen.ts +283 -0
package/src/client/components/jant-media-lightbox.ts +259 -0
package/src/{ui → client}/components/jant-nav-manager.ts +97 -298
package/src/{ui → client}/components/jant-post-form.ts +141 -12
package/src/client/components/jant-post-menu.ts +1019 -0
package/src/{ui → client}/components/jant-settings-avatar.ts +3 -3
package/src/{ui → client}/components/jant-settings-general.ts +38 -4
package/src/client/components/jant-text-preview.ts +232 -0
package/src/{ui → client}/components/nav-manager-types.ts +6 -18
package/src/{ui → client}/components/post-form-template.ts +137 -38
package/src/{ui → client}/components/post-form-types.ts +15 -4
package/src/client/compose-bridge.ts +583 -0
package/src/{lib → client}/image-processor.ts +26 -8
package/src/client/lazy-slugify.ts +51 -0
package/src/client/media-metadata.ts +247 -0
package/src/client/multipart-upload.ts +160 -0
package/src/{lib → client}/nav-manager-bridge.ts +1 -1
package/src/{lib → client}/post-form-bridge.ts +53 -2
package/src/{lib → client}/settings-bridge.ts +3 -15
package/src/client/thread-context.ts +140 -0
package/src/client/tiptap/bubble-menu.ts +205 -0
package/src/client/tiptap/create-editor.ts +86 -0
package/src/client/tiptap/exitable-marks.ts +73 -0
package/src/client/tiptap/extensions.ts +65 -0
package/src/client/tiptap/image-node.ts +482 -0
package/src/client/tiptap/link-toolbar.ts +371 -0
package/src/client/tiptap/more-break.ts +50 -0
package/src/client/tiptap/paste-image.ts +129 -0
package/src/client/tiptap/slash-commands.ts +438 -0
package/src/{lib → client}/toast.ts +101 -3
package/src/client/types/sortablejs.d.ts +44 -0
package/src/client/upload-with-metadata.ts +54 -0
package/src/client/video-processor.ts +207 -0
package/src/client.ts +27 -17
package/src/db/__tests__/migrations.test.ts +118 -0
package/src/db/index.ts +52 -0
package/src/db/migrations/0000_baseline.sql +269 -0
package/src/db/migrations/0001_fts_setup.sql +31 -0
package/src/db/migrations/meta/0000_snapshot.json +703 -119
package/src/db/migrations/meta/0001_snapshot.json +1337 -0
package/src/db/migrations/meta/_journal.json +4 -39
package/src/db/schema.ts +409 -140
package/src/i18n/__tests__/detect.test.ts +115 -0
package/src/i18n/context.tsx +2 -2
package/src/i18n/detect.ts +85 -1
package/src/i18n/i18n.ts +1 -1
package/src/i18n/index.ts +2 -1
package/src/i18n/locales/en.po +783 -1087
package/src/i18n/locales/en.ts +1 -1
package/src/i18n/locales/zh-Hans.po +867 -812
package/src/i18n/locales/zh-Hans.ts +1 -1
package/src/i18n/locales/zh-Hant.po +878 -823
package/src/i18n/locales/zh-Hant.ts +1 -1
package/src/i18n/middleware.ts +6 -0
package/src/index.ts +5 -7
package/src/lib/__tests__/blurhash-placeholder.test.ts +75 -0
package/src/lib/__tests__/constants.test.ts +0 -1
package/src/lib/__tests__/markdown-to-tiptap.test.ts +358 -0
package/src/lib/__tests__/nanoid.test.ts +26 -0
package/src/lib/__tests__/resolve-config.test.ts +2 -2
package/src/lib/__tests__/schemas.test.ts +186 -65
package/src/lib/__tests__/slug.test.ts +126 -0
package/src/lib/__tests__/sse.test.ts +6 -6
package/src/lib/__tests__/summary.test.ts +264 -0
package/src/lib/__tests__/theme.test.ts +1 -1
package/src/lib/__tests__/timeline.test.ts +33 -30
package/src/lib/__tests__/tiptap-to-markdown.test.ts +346 -0
package/src/lib/__tests__/url.test.ts +2 -2
package/src/lib/__tests__/view.test.ts +140 -65
package/src/lib/blurhash-placeholder.ts +102 -0
package/src/lib/constants.ts +3 -1
package/src/lib/emoji-catalog.ts +963 -0
package/src/lib/errors.ts +11 -8
package/src/lib/feed.ts +77 -31
package/src/lib/html.ts +2 -1
package/src/lib/icon-catalog.ts +5033 -1
package/src/lib/icons.ts +3 -2
package/src/lib/index.ts +0 -1
package/src/lib/markdown-to-tiptap.ts +286 -0
package/src/lib/media-helpers.ts +22 -12
package/src/lib/nanoid.ts +29 -0
package/src/lib/navigation.ts +1 -1
package/src/lib/render.tsx +24 -5
package/src/lib/resolve-config.ts +13 -2
package/src/lib/schemas.ts +226 -58
package/src/lib/search-snippet.ts +34 -0
package/src/lib/slug.ts +96 -0
package/src/lib/sse.ts +6 -6
package/src/lib/storage.ts +115 -7
package/src/lib/summary.ts +158 -0
package/src/lib/theme.ts +11 -8
package/src/lib/timeline.ts +76 -34
package/src/lib/tiptap-render.ts +191 -0
package/src/lib/tiptap-to-markdown.ts +305 -0
package/src/lib/upload.ts +263 -14
package/src/lib/url.ts +37 -22
package/src/lib/view.ts +236 -55
package/src/middleware/__tests__/auth.test.ts +191 -11
package/src/middleware/__tests__/onboarding.test.ts +12 -10
package/src/middleware/auth.ts +63 -9
package/src/middleware/error-handler.ts +3 -3
package/src/middleware/onboarding.ts +1 -1
package/src/middleware/secure-headers.ts +40 -0
package/src/preset.css +83 -2
package/src/routes/__tests__/compose.test.ts +17 -24
package/src/routes/api/__tests__/collections.test.ts +109 -61
package/src/routes/api/__tests__/nav-items.test.ts +46 -29
package/src/routes/api/__tests__/posts.test.ts +132 -68
package/src/routes/api/__tests__/search.test.ts +15 -2
package/src/routes/api/__tests__/upload-multipart.test.ts +534 -0
package/src/routes/api/collections.ts +57 -31
package/src/routes/api/custom-urls.ts +80 -0
package/src/routes/api/export.ts +31 -0
package/src/routes/api/nav-items.ts +23 -19
package/src/routes/api/posts.ts +81 -62
package/src/routes/api/search.ts +3 -4
package/src/routes/api/upload-multipart.ts +245 -0
package/src/routes/api/upload.ts +92 -24
package/src/routes/auth/__tests__/setup.test.ts +20 -60
package/src/routes/auth/reset.tsx +5 -4
package/src/routes/auth/setup.tsx +39 -31
package/src/routes/auth/signin.tsx +13 -14
package/src/routes/compose.tsx +27 -63
package/src/routes/dash/__tests__/settings-avatar.test.ts +44 -9
package/src/routes/dash/custom-urls.tsx +414 -0
package/src/routes/dash/settings.tsx +475 -99
package/src/routes/feed/__tests__/rss.test.ts +22 -23
package/src/routes/feed/rss.ts +6 -2
package/src/routes/feed/sitemap.ts +2 -12
package/src/routes/pages/__tests__/collections.test.ts +5 -6
package/src/routes/pages/__tests__/featured.test.ts +36 -18
package/src/routes/pages/archive.tsx +177 -37
package/src/routes/pages/collection.tsx +43 -14
package/src/routes/pages/collections.tsx +11 -2
package/src/routes/pages/featured.tsx +27 -3
package/src/routes/pages/home.tsx +15 -14
package/src/routes/pages/latest.tsx +1 -11
package/src/routes/pages/new.tsx +39 -0
package/src/routes/pages/page.tsx +95 -49
package/src/routes/pages/search.tsx +1 -1
package/src/services/__tests__/api-token.test.ts +135 -0
package/src/services/__tests__/collection.test.ts +275 -227
package/src/services/__tests__/custom-url.test.ts +213 -0
package/src/services/__tests__/media.test.ts +162 -22
package/src/services/__tests__/navigation.test.ts +109 -68
package/src/services/__tests__/post-timeline.test.ts +205 -32
package/src/services/__tests__/post.test.ts +800 -230
package/src/services/__tests__/search.test.ts +67 -10
package/src/services/__tests__/settings.test.ts +3 -3
package/src/services/api-token.ts +166 -0
package/src/services/auth.ts +17 -2
package/src/services/collection.ts +397 -131
package/src/services/custom-url.ts +188 -0
package/src/services/export.ts +802 -0
package/src/services/index.ts +26 -19
package/src/services/media.ts +100 -22
package/src/services/navigation.ts +158 -47
package/src/services/path.ts +339 -0
package/src/services/post.ts +764 -172
package/src/services/search.ts +161 -74
package/src/services/settings.ts +6 -2
package/src/styles/components.css +293 -62
package/src/styles/tokens.css +93 -5
package/src/styles/ui.css +4349 -766
package/src/types/bindings.ts +8 -0
package/src/types/config.ts +34 -4
package/src/types/constants.ts +17 -2
package/src/types/entities.ts +83 -37
package/src/types/operations.ts +20 -27
package/src/types/props.ts +52 -17
package/src/types/views.ts +48 -24
package/src/ui/color-themes.ts +133 -23
package/src/ui/compose/ComposeDialog.tsx +255 -16
package/src/ui/compose/ComposePrompt.tsx +1 -1
package/src/ui/dash/CrudPageHeader.tsx +1 -1
package/src/ui/dash/ListItemRow.tsx +1 -1
package/src/ui/dash/StatusBadge.tsx +12 -2
package/src/ui/dash/appearance/AdvancedContent.tsx +71 -59
package/src/ui/dash/appearance/ColorThemeContent.tsx +48 -33
package/src/ui/dash/appearance/FontThemeContent.tsx +65 -73
package/src/ui/dash/appearance/NavigationContent.tsx +106 -135
package/src/ui/dash/index.ts +0 -3
package/src/ui/dash/settings/AccountContent.tsx +87 -146
package/src/ui/dash/settings/AccountMenuContent.tsx +147 -0
package/src/ui/dash/settings/ApiTokensContent.tsx +232 -0
package/src/ui/dash/settings/AvatarContent.tsx +78 -0
package/src/ui/dash/settings/GeneralContent.tsx +3 -62
package/src/ui/dash/settings/SessionsContent.tsx +159 -0
package/src/ui/dash/settings/SettingsRootContent.tsx +266 -0
package/src/ui/feed/LinkCard.tsx +89 -40
package/src/ui/feed/NoteCard.tsx +39 -25
package/src/ui/feed/PostStatusBadges.tsx +67 -0
package/src/ui/feed/QuoteCard.tsx +38 -23
package/src/ui/feed/ThreadPreview.tsx +90 -26
package/src/ui/feed/TimelineFeed.tsx +3 -2
package/src/ui/feed/TimelineItem.tsx +15 -6
package/src/ui/feed/__tests__/thread-preview.test.ts +107 -0
package/src/ui/feed/thread-preview-state.ts +61 -0
package/src/ui/font-themes.ts +2 -2
package/src/ui/layouts/BaseLayout.tsx +2 -2
package/src/ui/layouts/SiteLayout.tsx +116 -103
package/src/ui/pages/ArchivePage.tsx +923 -95
package/src/ui/pages/CollectionPage.tsx +6 -35
package/src/ui/pages/CollectionsPage.tsx +2 -1
package/src/ui/pages/ComposePage.tsx +54 -0
package/src/ui/pages/FeaturedPage.tsx +2 -1
package/src/ui/pages/HomePage.tsx +1 -1
package/src/ui/pages/PostPage.tsx +30 -45
package/src/ui/pages/SearchPage.tsx +182 -38
package/src/ui/shared/AdminBreadcrumb.tsx +29 -0
package/src/ui/shared/CollectionsSidebar.tsx +239 -4
package/src/ui/shared/MediaGallery.tsx +475 -41
package/src/ui/shared/PostFooter.tsx +204 -0
package/src/ui/shared/StarRating.tsx +27 -0
package/src/ui/shared/__tests__/format-chars.test.ts +35 -0
package/src/ui/shared/index.ts +0 -1
package/src/db/migrations/0000_square_wallflower.sql +0 -118
package/src/db/migrations/0001_add_search_fts.sql +0 -34
package/src/db/migrations/0002_add_media_attachments.sql +0 -3
package/src/db/migrations/0003_add_navigation_links.sql +0 -8
package/src/db/migrations/0004_add_storage_provider.sql +0 -3
package/src/db/migrations/0005_v2_schema_migration.sql +0 -268
package/src/db/migrations/0006_rename_slug_to_path.sql +0 -5
package/src/db/migrations/0007_post_collections_m2m.sql +0 -94
package/src/db/migrations/0008_add_collection_dividers.sql +0 -8
package/src/db/migrations/0009_drop_collection_show_divider.sql +0 -2
package/src/db/migrations/0010_add_performance_indexes.sql +0 -16
package/src/db/migrations/0011_add_path_registry.sql +0 -23
package/src/db/migrations/meta/0003_snapshot.json +0 -821
package/src/lib/__tests__/sqid.test.ts +0 -65
package/src/lib/collections-reorder.ts +0 -28
package/src/lib/compose-bridge.ts +0 -280
package/src/lib/media-upload.ts +0 -148
package/src/lib/sqid.ts +0 -79
package/src/routes/api/__tests__/pages.test.ts +0 -218
package/src/routes/api/pages.ts +0 -73
package/src/routes/dash/__tests__/pages.test.ts +0 -226
package/src/routes/dash/appearance.tsx +0 -240
package/src/routes/dash/collections.tsx +0 -211
package/src/routes/dash/index.tsx +0 -103
package/src/routes/dash/media.tsx +0 -132
package/src/routes/dash/pages.tsx +0 -239
package/src/routes/dash/posts.tsx +0 -334
package/src/routes/dash/redirects.tsx +0 -257
package/src/routes/pages/post.tsx +0 -59
package/src/services/__tests__/page.test.ts +0 -298
package/src/services/__tests__/path-registry.test.ts +0 -165
package/src/services/__tests__/redirect.test.ts +0 -159
package/src/services/page.ts +0 -203
package/src/services/path-registry.ts +0 -160
package/src/services/redirect.ts +0 -97
package/src/types/sortablejs.d.ts +0 -29
package/src/ui/components/__tests__/jant-compose-dialog.test.ts +0 -512
package/src/ui/components/__tests__/jant-compose-editor.test.ts +0 -272
package/src/ui/components/compose-types.ts +0 -75
package/src/ui/components/jant-collection-form.ts +0 -512
package/src/ui/components/jant-compose-dialog.ts +0 -495
package/src/ui/components/jant-compose-editor.ts +0 -814
package/src/ui/dash/PageForm.tsx +0 -185
package/src/ui/dash/PostList.tsx +0 -95
package/src/ui/dash/appearance/AppearanceNav.tsx +0 -60
package/src/ui/dash/collections/CollectionForm.tsx +0 -166
package/src/ui/dash/collections/CollectionsListContent.tsx +0 -146
package/src/ui/dash/collections/IconPickerGrid.tsx +0 -50
package/src/ui/dash/collections/ViewCollectionContent.tsx +0 -103
package/src/ui/dash/media/MediaListContent.tsx +0 -201
package/src/ui/dash/media/ViewMediaContent.tsx +0 -208
package/src/ui/dash/pages/PagesContent.tsx +0 -74
package/src/ui/dash/posts/PostForm.tsx +0 -248
package/src/ui/dash/settings/SettingsNav.tsx +0 -52
package/src/ui/layouts/DashLayout.tsx +0 -165
package/src/ui/pages/SinglePage.tsx +0 -23
package/src/ui/shared/ThreadView.tsx +0 -136
/package/src/{ui → client}/components/settings-types.ts +0 -0

package/src/services/__tests__/search.test.ts CHANGED Viewed

@@ -2,10 +2,22 @@ import { describe, it, expect, beforeEach } from "vitest";
 import { createTestDatabase } from "../../__tests__/helpers/db.js";
 import { createSearchService } from "../search.js";
 import { createPostService } from "../post.js";
-import { createPathRegistryService } from "../path-registry.js";
 import type { Database } from "../../db/index.js";
 import type BetterSqlite3 from "better-sqlite3";
+/** Wraps plain text in a minimal valid TipTap JSON document. */
+function tiptapDoc(text: string): string {
+  return JSON.stringify({
+    type: "doc",
+    content: [
+      {
+        type: "paragraph",
+        content: [{ type: "text", text }],
+      },
+    ],
+  });
+}
 describe("SearchService", () => {
   let db: Database;
   let sqlite: BetterSqlite3.Database;
@@ -34,7 +46,7 @@ describe("SearchService", () => {
     const testDb = createTestDatabase({ fts: true });
     db = testDb.db as unknown as Database;
     sqlite = testDb.sqlite;
-    postService = createPostService(db, createPathRegistryService(db));
+    postService = createPostService(db, { slugIdLength: 5 });
   });
   it("returns empty results for empty query", async () => {
@@ -56,11 +68,11 @@ describe("SearchService", () => {
   it("finds posts by content", async () => {
     await postService.create({
       format: "note",
-      body: "Hello world from jant",
+      body: tiptapDoc("Hello world from jant"),
     });
     await postService.create({
       format: "note",
-      body: "Another post entirely",
+      body: tiptapDoc("Another post entirely"),
     });
     const d1 = createMockD1(sqlite);
@@ -68,14 +80,14 @@ describe("SearchService", () => {
     const results = await searchService.search("jant");
     expect(results.length).toBeGreaterThanOrEqual(1);
-    expect(results[0]?.post.body).toContain("jant");
+    expect(results[0]?.post.bodyText).toContain("jant");
   });
   it("finds posts by title", async () => {
     await postService.create({
       format: "note",
       title: "Introduction to TypeScript",
-      body: "Some article body",
+      body: tiptapDoc("Some article body"),
     });
     const d1 = createMockD1(sqlite);
@@ -89,11 +101,11 @@ describe("SearchService", () => {
   it("respects status filter", async () => {
     await postService.create({
       format: "note",
-      body: "published post about testing",
+      body: tiptapDoc("published post about testing"),
     });
     await postService.create({
       format: "note",
-      body: "draft post about testing",
+      body: tiptapDoc("draft post about testing"),
       status: "draft",
     });
@@ -110,7 +122,7 @@ describe("SearchService", () => {
   it("excludes deleted posts", async () => {
     const post = await postService.create({
       format: "note",
-      body: "deleted post with unique search term xyzzy",
+      body: tiptapDoc("deleted post with unique search term xyzzy"),
     });
     await postService.delete(post.id);
@@ -125,7 +137,7 @@ describe("SearchService", () => {
     for (let i = 0; i < 5; i++) {
       await postService.create({
         format: "note",
-        body: `searchable post number ${i}`,
+        body: tiptapDoc(`searchable post number ${i}`),
       });
     }
@@ -135,4 +147,49 @@ describe("SearchService", () => {
     const limited = await searchService.search("searchable", { limit: 2 });
     expect(limited.length).toBeLessThanOrEqual(2);
   });
+  it("finds link posts by URL", async () => {
+    await postService.create({
+      format: "link",
+      title: "Example Site",
+      url: "https://example.com/article",
+    });
+    const d1 = createMockD1(sqlite);
+    const searchService = createSearchService(d1);
+    const results = await searchService.search("example.com");
+    expect(results.length).toBeGreaterThanOrEqual(1);
+    expect(results[0]?.post.url).toContain("example.com");
+  });
+  it("finds posts with short queries (< 3 chars) via LIKE fallback", async () => {
+    await postService.create({
+      format: "note",
+      body: tiptapDoc("自由软件"),
+    });
+    const d1 = createMockD1(sqlite);
+    const searchService = createSearchService(d1);
+    // "自由" is 2 Chinese characters — below trigram minimum, uses LIKE
+    const results = await searchService.search("自由");
+    expect(results.length).toBeGreaterThanOrEqual(1);
+    // LIKE fallback returns no snippet
+    expect(results[0]?.snippet).toBeUndefined();
+  });
+  it("does not match TipTap JSON structural tokens", async () => {
+    await postService.create({
+      format: "note",
+      body: tiptapDoc("Hello world"),
+    });
+    const d1 = createMockD1(sqlite);
+    const searchService = createSearchService(d1);
+    // "paragraph" is a JSON key in TipTap but not user content
+    const results = await searchService.search("paragraph");
+    expect(results).toHaveLength(0);
+  });
 });

package/src/services/__tests__/settings.test.ts CHANGED Viewed

@@ -102,7 +102,7 @@ describe("SettingsService", () => {
       siteFooter: "",
       siteLanguage: "en",
       homeDefaultView: "latest",
-      headerNavMaxVisible: "3",
+      headerNavMaxVisible: "2",
       timeZone: "UTC",
     };
@@ -154,10 +154,10 @@ describe("SettingsService", () => {
       expect(await settingsService.get("HOME_DEFAULT_VIEW")).toBe("featured");
     });
-    it("removes HEADER_NAV_MAX_VISIBLE when set to default (3)", async () => {
+    it("removes HEADER_NAV_MAX_VISIBLE when set to default (2)", async () => {
       await settingsService.set("HEADER_NAV_MAX_VISIBLE", "5");
       await settingsService.updateGeneral(
-        { ...defaults, headerNavMaxVisible: "3" },
+        { ...defaults, headerNavMaxVisible: "2" },
         { oldLanguage: "en", fallbackSiteName: "Jant" },
       );

package/src/services/api-token.ts ADDED Viewed

@@ -0,0 +1,166 @@
+/**
+ * API Token Service
+ *
+ * Manages long-lived Bearer tokens for programmatic API access.
+ * Tokens are stored as SHA-256 hashes — the plaintext is shown only once at creation.
+ */
+import { eq } from "drizzle-orm";
+import { uuidv7 } from "uuidv7";
+import type { Database } from "../db/index.js";
+import { apiTokens } from "../db/schema.js";
+import { now } from "../lib/time.js";
+import type { ApiToken } from "../types/entities.js";
+const TOKEN_PREFIX = "jnt_";
+export interface ApiTokenService {
+  /**
+   * Creates a new API token.
+   *
+   * @param name - User-assigned label for the token
+   * @returns The created token metadata and the plaintext (shown only once)
+   *
+   * @example
+   * ```ts
+   * const { token, plaintext } = await apiTokens.create("iOS Shortcuts");
+   * // plaintext: "jnt_a1b2c3d4..." — display once, never stored
+   * ```
+   */
+  create(name: string): Promise<{ token: ApiToken; plaintext: string }>;
+  /**
+   * Lists all active API tokens (without hashes).
+   *
+   * @returns Array of tokens sorted by creation date (newest first)
+   */
+  list(): Promise<ApiToken[]>;
+  /**
+   * Deletes an API token by ID.
+   *
+   * @param id - Token ID (UUIDv7)
+   * @returns `true` if a token was deleted, `false` if not found
+   */
+  delete(id: string): Promise<boolean>;
+  /**
+   * Verifies a raw Bearer token against stored hashes.
+   *
+   * @param rawToken - The full token string (e.g. "jnt_a1b2c3d4...")
+   * @returns The token ID if valid, `null` if invalid or not found
+   */
+  verify(rawToken: string): Promise<string | null>;
+  /**
+   * Updates the last-used timestamp for a token.
+   * Intended to be called fire-and-forget after successful verification.
+   *
+   * @param id - Token ID (UUIDv7)
+   */
+  updateLastUsed(id: string): Promise<void>;
+}
+/**
+ * Hashes a raw token string using SHA-256.
+ *
+ * @param raw - The raw token bytes as a hex string (without prefix)
+ * @returns Hex-encoded SHA-256 hash
+ */
+async function hashToken(raw: string): Promise<string> {
+  const encoded = new TextEncoder().encode(raw);
+  const digest = await crypto.subtle.digest("SHA-256", encoded);
+  return Array.from(new Uint8Array(digest))
+    .map((b) => b.toString(16).padStart(2, "0"))
+    .join("");
+}
+/**
+ * Generates cryptographically random hex bytes.
+ *
+ * @param byteCount - Number of random bytes
+ * @returns Hex string of the random bytes
+ */
+function randomHex(byteCount: number): string {
+  const bytes = new Uint8Array(byteCount);
+  crypto.getRandomValues(bytes);
+  return Array.from(bytes)
+    .map((b) => b.toString(16).padStart(2, "0"))
+    .join("");
+}
+function toApiToken(row: typeof apiTokens.$inferSelect): ApiToken {
+  return {
+    id: row.id,
+    name: row.name,
+    prefix: row.prefix,
+    lastUsedAt: row.lastUsedAt,
+    createdAt: row.createdAt,
+    updatedAt: row.updatedAt,
+  };
+}
+export function createApiTokenService(db: Database): ApiTokenService {
+  return {
+    async create(name: string) {
+      const id = uuidv7();
+      const timestamp = now();
+      const hex = randomHex(32); // 64 hex chars
+      const plaintext = `${TOKEN_PREFIX}${hex}`;
+      const tokenHash = await hashToken(plaintext);
+      const prefix = hex.slice(0, 8);
+      const result = await db
+        .insert(apiTokens)
+        .values({
+          id,
+          name,
+          tokenHash,
+          prefix,
+          lastUsedAt: null,
+          createdAt: timestamp,
+          updatedAt: timestamp,
+        })
+        .returning();
+      // eslint-disable-next-line @typescript-eslint/no-non-null-assertion -- DB insert with .returning() always returns
+      return { token: toApiToken(result[0]!), plaintext };
+    },
+    async list() {
+      const rows = await db
+        .select()
+        .from(apiTokens)
+        .orderBy(apiTokens.createdAt);
+      return rows.map(toApiToken);
+    },
+    async delete(id: string) {
+      const result = await db
+        .delete(apiTokens)
+        .where(eq(apiTokens.id, id))
+        .returning();
+      return result.length > 0;
+    },
+    async verify(rawToken: string) {
+      if (!rawToken.startsWith(TOKEN_PREFIX)) return null;
+      const tokenHash = await hashToken(rawToken);
+      const rows = await db
+        .select({ id: apiTokens.id })
+        .from(apiTokens)
+        .where(eq(apiTokens.tokenHash, tokenHash))
+        .limit(1);
+      return rows[0]?.id ?? null;
+    },
+    async updateLastUsed(id: string) {
+      await db
+        .update(apiTokens)
+        .set({ lastUsedAt: now(), updatedAt: now() })
+        .where(eq(apiTokens.id, id));
+    },
+  };
+}

package/src/services/auth.ts CHANGED Viewed

@@ -45,11 +45,26 @@ export function createAuthService(
     if (!stored) return false;
     const separatorIndex = stored.lastIndexOf(":");
-    const storedToken = stored.substring(0, separatorIndex);
+    const storedHash = stored.substring(0, separatorIndex);
     const expiry = parseInt(stored.substring(separatorIndex + 1), 10);
     const now = Math.floor(Date.now() / 1000);
-    return token === storedToken && now <= expiry;
+    if (now > expiry) return false;
+    const hashBuffer = await crypto.subtle.digest(
+      "SHA-256",
+      new TextEncoder().encode(token),
+    );
+    const tokenHash = Array.from(new Uint8Array(hashBuffer))
+      .map((b) => b.toString(16).padStart(2, "0"))
+      .join("");
+    const encoder = new TextEncoder();
+    const a = encoder.encode(tokenHash);
+    const b = encoder.encode(storedHash);
+    if (a.byteLength !== b.byteLength) return false;
+    return crypto.subtle.timingSafeEqual(a, b);
   }
   return {