@jant/core 0.3.36 → 0.3.37

package/src/routes/api/custom-urls.ts

@@ -0,0 +1,80 @@
+/**
+ * Custom URLs API Routes
+ */
+
+import { Hono } from "hono";
+import type { Bindings } from "../../types.js";
+import type { AppVariables } from "../../types/app-context.js";
+import { requireAuthApi } from "../../middleware/auth.js";
+import { CreateCustomUrlSchema, parseValidated } from "../../lib/schemas.js";
+import { parseIdParam, NotFoundError } from "../../lib/errors.js";
+import { DEFAULT_PAGE_SIZE } from "../../lib/constants.js";
+
+type Env = { Bindings: Bindings; Variables: AppVariables };
+
+export const customUrlsApiRoutes = new Hono<Env>();
+
+// List custom URLs (requires auth)
+customUrlsApiRoutes.get("/", requireAuthApi(), async (c) => {
+  const pageParam = c.req.query("page");
+  const page = Math.max(1, parseInt(pageParam || "1", 10) || 1);
+
+  const [total, customUrls] = await Promise.all([
+    c.var.services.customUrls.count(),
+    c.var.services.customUrls.list({
+      limit: DEFAULT_PAGE_SIZE,
+      offset: (page - 1) * DEFAULT_PAGE_SIZE,
+    }),
+  ]);
+
+  const totalPages = Math.max(1, Math.ceil(total / DEFAULT_PAGE_SIZE));
+  return c.json({ customUrls, total, page, totalPages });
+});
+
+// Create custom URL (requires auth)
+customUrlsApiRoutes.post("/", requireAuthApi(), async (c) => {
+  const body = parseValidated(CreateCustomUrlSchema, await c.req.json());
+
+  const redirectType = body.redirectType
+    ? (parseInt(body.redirectType, 10) as 301 | 302)
+    : undefined;
+
+  // Resolve slug → ID for post/collection targets
+  let targetId = body.targetId;
+  if (body.targetType === "post" && body.targetId) {
+    const post = await c.var.services.posts.getBySlug(body.targetId);
+    if (!post) {
+      throw new NotFoundError(`Post with slug "${body.targetId}" not found`);
+    }
+    targetId = post.id;
+  }
+  if (body.targetType === "collection" && body.targetId) {
+    const col = await c.var.services.collections.getBySlug(body.targetId);
+    if (!col) {
+      throw new NotFoundError(
+        `Collection with slug "${body.targetId}" not found`,
+      );
+    }
+    targetId = col.id;
+  }
+
+  const customUrl = await c.var.services.customUrls.create({
+    path: body.path,
+    targetType: body.targetType,
+    targetId,
+    toPath: body.toPath,
+    redirectType,
+  });
+
+  return c.json(customUrl, 201);
+});
+
+// Delete custom URL (requires auth)
+customUrlsApiRoutes.delete("/:id", requireAuthApi(), async (c) => {
+  const id = parseIdParam(c.req.param("id"));
+
+  const success = await c.var.services.customUrls.delete(id);
+  if (!success) throw new NotFoundError("Custom URL");
+
+  return c.json({ success: true });
+});

package/src/routes/api/export.ts

@@ -0,0 +1,31 @@
+/**
+ * Export API Routes
+ */
+
+import { Hono } from "hono";
+import type { Bindings } from "../../types.js";
+import type { AppVariables } from "../../types/app-context.js";
+import { requireAuthApi } from "../../middleware/auth.js";
+import { createExportService } from "../../services/export.js";
+
+type Env = { Bindings: Bindings; Variables: AppVariables };
+
+export const exportApiRoutes = new Hono<Env>();
+
+exportApiRoutes.post("/zola", requireAuthApi(), async (c) => {
+  const { services, appConfig } = c.var;
+  const exportService = createExportService(services, {
+    siteName: appConfig.siteName,
+    siteUrl: appConfig.siteUrl,
+    siteDescription: appConfig.siteDescription,
+    siteLanguage: appConfig.siteLanguage,
+  });
+  const zip = await exportService.generateZolaSite();
+  return new Response(zip, {
+    headers: {
+      "Content-Type": "application/zip",
+      "Content-Disposition": 'attachment; filename="jant-export.zip"',
+      "Content-Length": String(zip.byteLength),
+    },
+  });
+});

package/src/routes/api/nav-items.ts

@@ -7,20 +7,18 @@ import { z } from "zod";
 import type { Bindings, NavItemType } from "../../types.js";
 import type { AppVariables } from "../../types/app-context.js";
 import { requireAuthApi } from "../../middleware/auth.js";
-import {
-  CreateNavItemSchema,
-  ReorderSchema,
-  parseValidated,
-} from "../../lib/schemas.js";
-import { assertFound, parseIntParam, NotFoundError } from "../../lib/errors.js";
+import { CreateNavItemSchema, parseValidated } from "../../lib/schemas.js";
+import { assertFound, parseIdParam, NotFoundError } from "../../lib/errors.js";
 
 type Env = { Bindings: Bindings; Variables: AppVariables };
 
 export const navItemsApiRoutes = new Hono<Env>();
 
-// API update schema extends shared schema with nullable pageId for explicit clearing
-const UpdateNavItemSchema = CreateNavItemSchema.partial().extend({
-  pageId: z.number().int().positive().nullable().optional(),
+const UpdateNavItemSchema = CreateNavItemSchema.partial();
+
+const MoveSchema = z.object({
+  after: z.string().nullable().optional(),
+  before: z.string().nullable().optional(),
 });
 
 // List nav items
@@ -29,13 +27,21 @@ navItemsApiRoutes.get("/", async (c) => {
   return c.json({ navItems: items });
 });
 
-// Reorder nav items (requires auth) — must be before /:id
-navItemsApiRoutes.put("/reorder", requireAuthApi(), async (c) => {
-  const body = parseValidated(ReorderSchema, await c.req.json());
+// Move nav item (requires auth) — must be before /:id
+navItemsApiRoutes.put("/:id/move", requireAuthApi(), async (c) => {
+  const id = parseIdParam(c.req.param("id"));
+  const body = parseValidated(MoveSchema, await c.req.json());
 
-  await c.var.services.navItems.reorder(body.ids);
-  const items = await c.var.services.navItems.list();
-  return c.json({ navItems: items });
+  const item = assertFound(
+    await c.var.services.navItems.move(
+      id,
+      body.after ?? null,
+      body.before ?? null,
+    ),
+    "Nav item",
+  );
+
+  return c.json(item);
 });
 
 // Create nav item (requires auth)
@@ -46,8 +52,6 @@ navItemsApiRoutes.post("/", requireAuthApi(), async (c) => {
     type: body.type as NavItemType,
     label: body.label,
     url: body.url,
-    pageId: body.pageId,
-    position: body.position,
   });
 
   return c.json(item, 201);
@@ -55,7 +59,7 @@ navItemsApiRoutes.post("/", requireAuthApi(), async (c) => {
 
 // Update nav item (requires auth)
 navItemsApiRoutes.put("/:id", requireAuthApi(), async (c) => {
-  const id = parseIntParam(c.req.param("id"));
+  const id = parseIdParam(c.req.param("id"));
   const body = parseValidated(UpdateNavItemSchema, await c.req.json());
 
   const item = assertFound(
@@ -68,7 +72,7 @@ navItemsApiRoutes.put("/:id", requireAuthApi(), async (c) => {
 
 // Delete nav item (requires auth)
 navItemsApiRoutes.delete("/:id", requireAuthApi(), async (c) => {
-  const id = parseIntParam(c.req.param("id"));
+  const id = parseIdParam(c.req.param("id"));
 
   const success = await c.var.services.navItems.delete(id);
   if (!success) throw new NotFoundError("Nav item");

package/src/routes/api/posts.ts

@@ -3,12 +3,14 @@
  */
 
 import { Hono } from "hono";
-import type { Bindings, Format, Status, Media } from "../../types.js";
+import type { Bindings, Media } from "../../types.js";
 import type { AppVariables } from "../../types/app-context.js";
-import * as sqid from "../../lib/sqid.js";
+import { z } from "zod";
 import {
   CreatePostSchema,
   UpdatePostSchema,
+  FormatSchema,
+  StatusSchema,
   parseValidated,
 } from "../../lib/schemas.js";
 import { requireAuthApi } from "../../middleware/auth.js";
@@ -17,11 +19,7 @@ import {
   getImageUrl,
   getPublicUrlForProvider,
 } from "../../lib/image.js";
-import {
-  assertFound,
-  NotFoundError,
-  ValidationError,
-} from "../../lib/errors.js";
+import { assertFound, NotFoundError, parseIdParam } from "../../lib/errors.js";
 
 type Env = { Bindings: Bindings; Variables: AppVariables };
 
@@ -49,31 +47,41 @@ function toMediaAttachment(
     format: "auto",
     fit: "scale-down",
   });
+  const posterUrl = m.posterKey ? getMediaUrl(m.posterKey, publicUrl) : null;
 
   return {
     id: m.id,
     url,
     previewUrl,
+    posterUrl,
     alt: m.alt,
     blurhash: m.blurhash,
     width: m.width,
     height: m.height,
     position: m.position,
     mimeType: m.mimeType,
+    summary: m.summary,
   };
 }
 
-// List posts
-postsApiRoutes.get("/", async (c) => {
-  const format = c.req.query("format") as Format | undefined;
-  const status = c.req.query("status") as Status | undefined;
-  const cursor = c.req.query("cursor");
-  const limit = parseInt(c.req.query("limit") ?? "100", 10);
+const ListPostsQuerySchema = z.object({
+  format: FormatSchema.optional(),
+  status: StatusSchema.optional(),
+  cursor: z.string().optional(),
+  limit: z.coerce.number().int().min(1).max(100).optional().default(100),
+});
+
+// List posts (requires auth)
+postsApiRoutes.get("/", requireAuthApi(), async (c) => {
+  const { format, status, cursor, limit } = parseValidated(
+    ListPostsQuerySchema,
+    c.req.query(),
+  );
 
   const posts = await c.var.services.posts.list({
     format,
     status: status ?? "published",
-    cursor: cursor ? (sqid.decode(cursor) ?? undefined) : undefined,
+    cursor: cursor ?? undefined,
     limit,
   });
 
@@ -85,32 +93,33 @@ postsApiRoutes.get("/", async (c) => {
   return c.json({
     posts: posts.map((p) => ({
       ...p,
-      sqid: sqid.encode(p.id),
       mediaAttachments: (mediaMap.get(p.id) ?? []).map((m) =>
         toMediaAttachment(m, r2PublicUrl, imageTransformUrl, s3PublicUrl),
       ),
     })),
 
     nextCursor:
-      posts.length === limit
-        ? sqid.encode(posts[posts.length - 1]?.id ?? 0)
-        : null,
+      posts.length === limit ? (posts[posts.length - 1]?.id ?? null) : null,
   });
 });
 
-// Get single post
-postsApiRoutes.get("/:id", async (c) => {
-  const id = sqid.decode(c.req.param("id"));
-  if (!id) throw new ValidationError("Invalid ID");
+// Get single post (requires auth)
+postsApiRoutes.get("/:id", requireAuthApi(), async (c) => {
+  const id = parseIdParam(c.req.param("id"));
 
   const post = assertFound(await c.var.services.posts.getById(id), "Post");
 
   const mediaList = await c.var.services.media.getByPostId(post.id);
   const { r2PublicUrl, imageTransformUrl, s3PublicUrl } = c.var.appConfig;
 
+  // Get collection IDs for this post
+  const postCollections =
+    await c.var.services.collections.getCollectionsByPostId(post.id);
+  const collectionIds = postCollections.map((col) => col.id);
+
   return c.json({
     ...post,
-    sqid: sqid.encode(post.id),
+    collectionIds,
     mediaAttachments: mediaList.map((m) =>
       toMediaAttachment(m, r2PublicUrl, imageTransformUrl, s3PublicUrl),
     ),
@@ -131,19 +140,18 @@ postsApiRoutes.post("/", requireAuthApi(), async (c) => {
       format: body.format,
       title: body.title,
       body: body.body,
+      bodyMarkdown: body.bodyMarkdown,
+      slug: body.slug || undefined,
       path: body.path || undefined,
       status: body.status,
       visibility: body.visibility,
       pinned: body.pinned,
+      featured: body.featured,
       url: body.url || undefined,
       quoteText: body.quoteText,
       rating: body.rating || undefined,
-      collectionIds: body.collectionIds?.length
-        ? body.collectionIds
-        : undefined,
-      replyToId: body.replyToId
-        ? (sqid.decode(body.replyToId) ?? undefined)
-        : undefined,
+      collectionIds: body.collectionIds,
+      replyToId: body.replyToId,
       publishedAt: body.publishedAt,
     },
     {
@@ -163,7 +171,6 @@ postsApiRoutes.post("/", requireAuthApi(), async (c) => {
   return c.json(
     {
       ...post,
-      sqid: sqid.encode(post.id),
       mediaAttachments: mediaList.map((m) =>
         toMediaAttachment(m, r2PublicUrl, imageTransformUrl, s3PublicUrl),
       ),
@@ -174,8 +181,7 @@ postsApiRoutes.post("/", requireAuthApi(), async (c) => {
 
 // Update post (requires auth)
 postsApiRoutes.put("/:id", requireAuthApi(), async (c) => {
-  const id = sqid.decode(c.req.param("id"));
-  if (!id) throw new ValidationError("Invalid ID");
+  const id = parseIdParam(c.req.param("id"));
 
   const body = parseValidated(UpdatePostSchema, await c.req.json());
 
@@ -191,16 +197,16 @@ postsApiRoutes.put("/:id", requireAuthApi(), async (c) => {
         format: body.format,
         title: body.title,
         body: body.body,
-        path: body.path,
+        bodyMarkdown: body.bodyMarkdown,
+        slug: body.slug,
         status: body.status,
         visibility: body.visibility,
         pinned: body.pinned,
+        featured: body.featured,
         url: body.url,
         quoteText: body.quoteText,
         rating: body.rating || undefined,
-        collectionIds: body.collectionIds?.length
-          ? body.collectionIds
-          : undefined,
+        collectionIds: body.collectionIds,
         publishedAt: body.publishedAt,
       },
       {
@@ -221,7 +227,6 @@ postsApiRoutes.put("/:id", requireAuthApi(), async (c) => {
 
   return c.json({
     ...post,
-    sqid: sqid.encode(post.id),
     mediaAttachments: mediaList.map((m) =>
       toMediaAttachment(m, r2PublicUrl, imageTransformUrl, s3PublicUrl),
     ),
@@ -230,8 +235,7 @@ postsApiRoutes.put("/:id", requireAuthApi(), async (c) => {
 
 // Delete post (requires auth)
 postsApiRoutes.delete("/:id", requireAuthApi(), async (c) => {
-  const id = sqid.decode(c.req.param("id"));
-  if (!id) throw new ValidationError("Invalid ID");
+  const id = parseIdParam(c.req.param("id"));
 
   const success = await c.var.services.posts.delete(id, {
     media: c.var.services.media,

package/src/routes/api/search.ts

@@ -5,7 +5,6 @@
 import { Hono } from "hono";
 import type { Bindings } from "../../types.js";
 import type { AppVariables } from "../../types/app-context.js";
-import * as sqid from "../../lib/sqid.js";
 import { ValidationError, ExternalServiceError } from "../../lib/errors.js";
 
 type Env = { Bindings: Bindings; Variables: AppVariables };
@@ -36,13 +35,13 @@ searchApiRoutes.get("/", async (c) => {
     return c.json({
       query,
       results: results.map((r) => ({
-        id: sqid.encode(r.post.id),
+        id: r.post.id,
         format: r.post.format,
         title: r.post.title,
-        path: r.post.path,
+        slug: r.post.slug,
         snippet: r.snippet,
         publishedAt: r.post.publishedAt,
-        url: r.post.path ? `/${r.post.path}` : `/p/${sqid.encode(r.post.id)}`,
+        url: `/${r.post.slug}`,
       })),
       count: results.length,
     });

package/src/routes/api/upload-multipart.ts

@@ -0,0 +1,245 @@
+/**
+ * Multipart Upload API Routes
+ *
+ * Handles chunked file uploads for files that exceed the Cloudflare Workers
+ * 100MB request body limit. Uses R2's native multipart upload API.
+ *
+ * Protocol:
+ *   1. POST /            — Initiate: validate metadata, start R2 multipart upload
+ *   2. PUT /:id/part     — Upload a single chunk (raw body, not FormData)
+ *   3. POST /:id/complete — Finalize: combine parts in R2, create DB record
+ *   4. POST /:id/abort   — Cancel: discard uploaded parts
+ *   5. PUT /:id/poster   — Upload poster frame (video thumbnails, small FormData)
+ */
+
+import { Hono } from "hono";
+import { z } from "zod";
+import type { Bindings } from "../../types.js";
+import type { AppVariables } from "../../types/app-context.js";
+import { requireAuthApi } from "../../middleware/auth.js";
+import { getMediaUrl, getPublicUrlForProvider } from "../../lib/image.js";
+import {
+  validateUploadFileMetadata,
+  generateStorageKey,
+} from "../../lib/upload.js";
+import { supportsMultipart } from "../../lib/storage.js";
+import { ValidationError } from "../../lib/errors.js";
+import { parseValidated } from "../../lib/schemas.js";
+
+type Env = { Bindings: Bindings; Variables: AppVariables };
+
+// ── Schemas ──────────────────────────────────────────────────────────
+
+const InitiateSchema = z.object({
+  filename: z.string().min(1),
+  contentType: z.string().min(1),
+  size: z.number().int().positive(),
+});
+
+const UploadPartSchema = z.object({
+  storageKey: z.string().min(1),
+  uploadId: z.string().min(1),
+});
+
+const CompleteSchema = z.object({
+  storageKey: z.string().min(1),
+  uploadId: z.string().min(1),
+  parts: z.array(
+    z.object({
+      partNumber: z.number().int().positive(),
+      etag: z.string().min(1),
+    }),
+  ),
+  filename: z.string().min(1),
+  originalName: z.string().min(1),
+  contentType: z.string().min(1),
+  size: z.number().int().positive(),
+  width: z.number().int().positive().optional(),
+  height: z.number().int().positive().optional(),
+  blurhash: z.string().max(200).optional(),
+  waveform: z.string().max(2000).optional(),
+  posterKey: z.string().optional(),
+});
+
+const AbortSchema = z.object({
+  storageKey: z.string().min(1),
+  uploadId: z.string().min(1),
+});
+
+// ── Routes ───────────────────────────────────────────────────────────
+
+export const multipartUploadApiRoutes = new Hono<Env>();
+
+// Require auth for all multipart routes
+multipartUploadApiRoutes.use("*", requireAuthApi());
+
+// POST / — Initiate a multipart upload
+multipartUploadApiRoutes.post("/", async (c) => {
+  const storage = c.var.storage;
+  if (!storage || !supportsMultipart(storage)) {
+    return c.json({ error: "Storage doesn't support multipart uploads." }, 500);
+  }
+
+  const body = await c.req.json();
+  const data = parseValidated(InitiateSchema, body);
+
+  // Validate file type and size
+  const error = validateUploadFileMetadata(data.contentType, data.size, {
+    maxFileSizeMB: c.var.appConfig.uploadMaxFileSize,
+  });
+  if (error) {
+    throw new ValidationError(error);
+  }
+
+  const { id, filename, storageKey } = generateStorageKey(data.filename);
+
+  const upload = await storage.createMultipartUpload(storageKey, {
+    contentType: data.contentType,
+  });
+
+  return c.json({
+    id,
+    uploadId: upload.uploadId,
+    storageKey,
+    filename,
+    originalName: data.filename,
+  });
+});
+
+// PUT /:id/part?partNumber=N&storageKey=...&uploadId=... — Upload a single part
+multipartUploadApiRoutes.put("/:id/part", async (c) => {
+  const storage = c.var.storage;
+  if (!storage || !supportsMultipart(storage)) {
+    return c.json({ error: "Storage doesn't support multipart uploads." }, 500);
+  }
+
+  const storageKey = c.req.query("storageKey");
+  const uploadId = c.req.query("uploadId");
+  if (!storageKey || !uploadId) {
+    throw new ValidationError(
+      "storageKey and uploadId query parameters are required",
+    );
+  }
+  parseValidated(UploadPartSchema, { storageKey, uploadId });
+
+  const partNumberRaw = c.req.query("partNumber");
+  if (!partNumberRaw) {
+    throw new ValidationError("partNumber query parameter is required");
+  }
+  const partNumber = parseInt(partNumberRaw, 10);
+  if (isNaN(partNumber) || partNumber < 1) {
+    throw new ValidationError("partNumber must be a positive integer");
+  }
+
+  const body = await c.req.arrayBuffer();
+  const part = await storage.uploadPart(storageKey, uploadId, partNumber, body);
+
+  return c.json({ partNumber: part.partNumber, etag: part.etag });
+});
+
+// POST /:id/complete — Finalize the upload
+multipartUploadApiRoutes.post("/:id/complete", async (c) => {
+  const storage = c.var.storage;
+  if (!storage || !supportsMultipart(storage)) {
+    return c.json({ error: "Storage doesn't support multipart uploads." }, 500);
+  }
+
+  const id = c.req.param("id");
+  const body = await c.req.json();
+  const data = parseValidated(CompleteSchema, body);
+
+  // Validate file type and size
+  const validationError = validateUploadFileMetadata(
+    data.contentType,
+    data.size,
+    { maxFileSizeMB: c.var.appConfig.uploadMaxFileSize },
+  );
+  if (validationError) {
+    throw new ValidationError(validationError);
+  }
+
+  // Complete the R2 multipart upload
+  await storage.completeMultipartUpload(
+    data.storageKey,
+    data.uploadId,
+    data.parts,
+  );
+
+  // Create the DB record
+  const media = await c.var.services.media.create({
+    id,
+    filename: data.filename,
+    originalName: data.originalName,
+    mimeType: data.contentType,
+    size: data.size,
+    storageKey: data.storageKey,
+    provider: c.var.appConfig.storageDriver,
+    width: data.width && data.width > 0 ? data.width : undefined,
+    height: data.height && data.height > 0 ? data.height : undefined,
+    blurhash: data.blurhash,
+    waveform: data.waveform,
+    posterKey: data.posterKey,
+  });
+
+  const mediaPublicUrl = getPublicUrlForProvider(
+    c.var.appConfig.storageDriver,
+    c.var.appConfig.r2PublicUrl,
+    c.var.appConfig.s3PublicUrl,
+  );
+  const publicUrl = getMediaUrl(data.storageKey, mediaPublicUrl);
+
+  return c.json({
+    id: media.id,
+    filename: media.filename,
+    url: publicUrl,
+    mimeType: media.mimeType,
+    size: media.size,
+  });
+});
+
+// POST /:id/abort — Cancel the upload
+multipartUploadApiRoutes.post("/:id/abort", async (c) => {
+  const storage = c.var.storage;
+  if (!storage || !supportsMultipart(storage)) {
+    return c.json({ error: "Storage doesn't support multipart uploads." }, 500);
+  }
+
+  const body = await c.req.json();
+  const data = parseValidated(AbortSchema, body);
+
+  await storage.abortMultipartUpload(data.storageKey, data.uploadId);
+
+  return c.json({ success: true });
+});
+
+// PUT /:id/poster — Upload poster frame (video thumbnails)
+multipartUploadApiRoutes.put("/:id/poster", async (c) => {
+  const storage = c.var.storage;
+  if (!storage) {
+    return c.json({ error: "Storage not configured." }, 500);
+  }
+
+  const id = c.req.param("id");
+  const formData = await c.req.formData();
+  const posterFile = formData.get("poster") as File | null;
+  if (!posterFile) {
+    throw new ValidationError("No poster file provided");
+  }
+
+  if (!posterFile.type.startsWith("image/")) {
+    throw new ValidationError(
+      `Invalid file type "${posterFile.type}". Only image files are accepted for poster frames.`,
+    );
+  }
+
+  const date = new Date();
+  const year = date.getUTCFullYear();
+  const month = String(date.getUTCMonth() + 1).padStart(2, "0");
+  const posterKey = `media/${year}/${month}/${id}-poster.webp`;
+
+  await storage.put(posterKey, posterFile.stream(), {
+    contentType: "image/webp",
+  });
+
+  return c.json({ posterKey });
+});