@jant/core 0.3.42 → 0.3.44

package/src/lib/summary.ts

@@ -93,15 +93,25 @@ const SEARCHABLE_TYPES = new Set([
  * matching.
  *
  * @param bodyJson - TipTap JSON string (the `body` column)
+ * @param options.includeLinkHrefs
+ *   When `true`, URLs from inline link marks are appended after the link text
+ *   so they get indexed for search. Default `false` keeps the output clean for
+ *   plain-text consumers like `toPlainText`/`extractTitle`.
  * @returns Plain text for FTS indexing, or null if parsing fails or doc is empty
  *
  * @example
  * ```ts
  * const text = extractBodyText(body);
  * // "Hello world Some code here"
+ *
+ * const indexed = extractBodyText(body, { includeLinkHrefs: true });
+ * // "See this page https://example.com"
  * ```
  */
-export function extractBodyText(bodyJson: string): string | null {
+export function extractBodyText(
+  bodyJson: string,
+  options: { includeLinkHrefs?: boolean } = {},
+): string | null {
   let doc: TiptapNode;
   try {
     doc = JSON.parse(bodyJson) as TiptapNode;
@@ -111,9 +121,23 @@ export function extractBodyText(bodyJson: string): string | null {
 
   if (doc.type !== "doc" || !doc.content) return null;
 
+  const includeLinkHrefs = options.includeLinkHrefs === true;
+
   function collectText(node: TiptapNode): string {
     if (!SEARCHABLE_TYPES.has(node.type)) return "";
-    if (node.type === "text") return node.text ?? "";
+    if (node.type === "text") {
+      const text = node.text ?? "";
+      if (!includeLinkHrefs || !node.marks || node.marks.length === 0) {
+        return text;
+      }
+      const hrefs: string[] = [];
+      for (const mark of node.marks) {
+        if (mark.type !== "link") continue;
+        const href = mark.attrs?.href;
+        if (typeof href === "string" && href.trim()) hrefs.push(href);
+      }
+      return hrefs.length > 0 ? `${text} ${hrefs.join(" ")}` : text;
+    }
     if (node.type === "hardBreak") return " ";
     if (!node.content) return "";
     return node.content.map(collectText).join(" ");
@@ -190,19 +214,22 @@ export function extractSummary(
  * @param bodyJson - Tiptap JSON string
  * @param maxBlocks - Maximum number of top-level blocks to include
  * @param maxChars - Maximum total plain-text character count
- * @returns HTML summary and whether content was truncated, or null
+ * @returns HTML summary, whether content was truncated, and the index in
+ *   `doc.content` where the content after the summary boundary begins, or null.
+ *   `breakAtIndex` lets callers align the summary with the full-body rendering
+ *   when splitting at the "read more" boundary (e.g. to insert an anchor).
  *
  * @example
  * ```ts
  * const result = extractSummaryHtml(body, 5, 500);
- * // { html: "<ul><li><p>Item</p></li></ul>", hasMore: true }
+ * // { html: "<ul><li><p>Item</p></li></ul>", hasMore: true, breakAtIndex: 1 }
  * ```
  */
 export function extractSummaryHtml(
   bodyJson: string,
   maxBlocks: number = 5,
   maxChars: number = 500,
-): { html: string; hasMore: boolean } | null {
+): { html: string; hasMore: boolean; breakAtIndex: number } | null {
   let doc: TiptapNode;
   try {
     doc = JSON.parse(bodyJson) as TiptapNode;
@@ -231,15 +258,21 @@ export function extractSummaryHtml(
     return {
       html: renderTiptapDocument(subDoc),
       hasMore: true,
+      // Anchor goes in place of the moreBreak marker, so the marker itself
+      // is NOT part of the pre-anchor body. It remains in the post-anchor
+      // body as an inert HTML comment.
+      breakAtIndex: moreBreakIdx,
     };
   }
 
   // No moreBreak — accumulate blocks up to limits
   const selected: TiptapNode[] = [];
   let totalChars = 0;
+  let lastSelectedIdx = -1;
 
-  for (const node of nodes) {
-    if (!SUMMARY_BLOCK_TYPES.has(node.type)) continue;
+  for (let i = 0; i < nodes.length; i++) {
+    const node = nodes[i];
+    if (!node || !SUMMARY_BLOCK_TYPES.has(node.type)) continue;
 
     const text = extractPlainText(node).trim();
     if (
@@ -250,6 +283,7 @@ export function extractSummaryHtml(
 
     selected.push(node);
     totalChars += text.length;
+    lastSelectedIdx = i;
   }
 
   if (selected.length === 0) return null;
@@ -261,5 +295,6 @@ export function extractSummaryHtml(
   return {
     html: renderTiptapDocument(subDoc),
     hasMore: selected.length < totalContentNodes,
+    breakAtIndex: lastSelectedIdx + 1,
   };
 }

package/src/lib/url.ts

@@ -303,6 +303,40 @@ export function toPublicHref(href: string, sitePathPrefix = ""): string {
   return toPublicPath(href, sitePathPrefix);
 }
 
+/**
+ * Check whether a path is a safe same-origin redirect target.
+ *
+ * Accepts only paths that start with a single `/` (no protocol-relative
+ * `//host`, no scheme, no control characters). Callers should use this to
+ * validate user-supplied `redirect` query parameters before issuing a
+ * `Location` header.
+ *
+ * @param path - Candidate redirect path
+ * @returns `true` when the path is safe to use as an internal redirect
+ *
+ * @example
+ * ```ts
+ * isSafeInternalRedirect("/settings") // true
+ * isSafeInternalRedirect("//evil.example") // false
+ * isSafeInternalRedirect("https://evil.example") // false
+ * ```
+ */
+export function isSafeInternalRedirect(
+  path: string | null | undefined,
+): path is string {
+  if (typeof path !== "string") return false;
+  if (!path.startsWith("/")) return false;
+  if (path.startsWith("//")) return false;
+  // Disallow backslash-prefixed paths (some browsers treat `/\host` as
+  // protocol-relative) and control characters that could smuggle headers.
+  if (path.startsWith("/\\")) return false;
+  for (let i = 0; i < path.length; i += 1) {
+    const code = path.charCodeAt(i);
+    if (code < 0x20 || code === 0x7f) return false;
+  }
+  return true;
+}
+
 /**
  * Remove the site path prefix from a public request pathname.
  *

package/src/lib/view.ts

@@ -35,7 +35,8 @@ import {
 } from "./time.js";
 import { getCollectionPagePath } from "./collection-paths.js";
 import { getMediaUrl, getImageUrl, getPublicUrlForProvider } from "./image.js";
-import { extractSummaryHtml } from "./summary.js";
+import { extractSummaryHtml, extractBodyText } from "./summary.js";
+import { renderTiptapDocument } from "./tiptap-render.js";
 import { highlightText } from "./search-snippet.js";
 import { toPublicPath } from "./url.js";
 
@@ -159,8 +160,17 @@ function getPlainSummary(post: PostWithMedia): string | undefined {
     return normalizePreviewText(post.quoteText);
   }
 
+  // `post.bodyText` is written with `includeLinkHrefs: true` for FTS search
+  // indexing, so it's polluted with trailing link URLs. For human-facing
+  // preview text, prefer a clean re-derivation from the source TipTap JSON.
+  // Fall back to `post.bodyText` when the body isn't valid JSON (legacy rows
+  // or fixtures); that path predates link-href injection and carries no
+  // pollution risk.
+  const cleanBody = post.body ? extractBodyText(post.body) : null;
+
   return (
     normalizePreviewText(post.summary) ||
+    normalizePreviewText(cleanBody) ||
     normalizePreviewText(post.bodyText) ||
     getLegacyBodyPreview(post) ||
     normalizePreviewText(post.url)
@@ -216,14 +226,38 @@ export function toPostView(
       summaryHasMore = result.hasMore;
 
       // Inject #continue anchor at the excerpt boundary for scroll targeting.
-      // Both summaryHtml and bodyHtml are rendered by the same renderTiptapJson,
-      // so the excerpt HTML is a prefix of bodyHtml.
+      // The summary HTML is NOT a byte-prefix of bodyHtml — structural nodes
+      // like `horizontalRule` and `moreBreak` appear in bodyHtml but are
+      // excluded from the summary, so slicing bodyHtml by summary.length lands
+      // mid-tag and corrupts the markup. Instead, render the pre-boundary
+      // doc slice and splice the anchor at that exact block boundary.
       if (result.hasMore && post.bodyHtml) {
-        const pos = result.html.length;
-        bodyHtmlWithAnchor =
-          post.bodyHtml.slice(0, pos) +
-          '<span id="continue"></span>' +
-          post.bodyHtml.slice(pos);
+        try {
+          const doc = JSON.parse(post.body) as {
+            type?: string;
+            content?: unknown[];
+          };
+          if (
+            doc.type === "doc" &&
+            Array.isArray(doc.content) &&
+            result.breakAtIndex > 0 &&
+            result.breakAtIndex <= doc.content.length
+          ) {
+            const beforeHtml = renderTiptapDocument({
+              type: "doc",
+              content: doc.content.slice(0, result.breakAtIndex) as never[],
+            });
+            if (post.bodyHtml.startsWith(beforeHtml)) {
+              bodyHtmlWithAnchor =
+                beforeHtml +
+                '<span id="continue"></span>' +
+                post.bodyHtml.slice(beforeHtml.length);
+            }
+          }
+        } catch {
+          // Fallback: leave bodyHtml untouched if the split can't be computed
+          // safely. Better no anchor than a broken document.
+        }
       }
     }
   }

package/src/middleware/__tests__/auth.test.ts

@@ -7,6 +7,7 @@ import {
   isLocalHostname,
   hasValidLocalDevToken,
 } from "../auth.js";
+import { attachSession } from "../session.js";
 import { errorHandler } from "../error-handler.js";
 import { DEFAULT_APP_PORT } from "../../lib/env.js";
 import type { Bindings } from "../../types.js";
@@ -135,6 +136,7 @@ describe("requireAuth", () => {
       } as AppVariables["services"]);
       await next();
     });
+    app.use("*", attachSession());
     app.get("/settings", requireAuth(), (c) => c.text("Settings"));
 
     const res = await app.request("/settings");
@@ -142,7 +144,7 @@ describe("requireAuth", () => {
     expect(await res.text()).toBe("Settings");
   });
 
-  it("redirects unauthenticated requests to /signin", async () => {
+  it("redirects unauthenticated requests to /signin with the original path", async () => {
     const app = createTestHonoApp();
     app.use("*", async (c, next) => {
       c.set("auth", createMockAuth(false));
@@ -151,14 +153,38 @@ describe("requireAuth", () => {
       } as AppVariables["services"]);
       await next();
     });
+    app.use("*", attachSession());
+    app.get("/settings/general", requireAuth(), (c) => c.text("Settings"));
+
+    const res = await app.request("/settings/general", { redirect: "manual" });
+    expect(res.status).toBe(302);
+    expect(res.headers.get("Location")).toBe(
+      "/signin?redirect=%2Fsettings%2Fgeneral",
+    );
+  });
+
+  it("preserves query string when redirecting to /signin", async () => {
+    const app = createTestHonoApp();
+    app.use("*", async (c, next) => {
+      c.set("auth", createMockAuth(false));
+      c.set("services", {
+        siteMembers: createMockSiteMembers(),
+      } as AppVariables["services"]);
+      await next();
+    });
+    app.use("*", attachSession());
     app.get("/settings", requireAuth(), (c) => c.text("Settings"));
 
-    const res = await app.request("/settings", { redirect: "manual" });
+    const res = await app.request("/settings?tab=profile", {
+      redirect: "manual",
+    });
     expect(res.status).toBe(302);
-    expect(res.headers.get("Location")).toBe("/signin");
+    expect(res.headers.get("Location")).toBe(
+      "/signin?redirect=%2Fsettings%3Ftab%3Dprofile",
+    );
   });
 
-  it("redirects to custom path", async () => {
+  it("does not add a redirect query when requireAuth targets a custom path", async () => {
     const app = createTestHonoApp();
     app.use("*", async (c, next) => {
       c.set("auth", createMockAuth(false));
@@ -167,6 +193,7 @@ describe("requireAuth", () => {
       } as AppVariables["services"]);
       await next();
     });
+    app.use("*", attachSession());
     app.get("/settings", requireAuth("/login"), (c) => c.text("Settings"));
 
     const res = await app.request("/settings", { redirect: "manual" });
@@ -187,6 +214,7 @@ describe("requireAuthApi", () => {
       } as AppVariables["services"]);
       await next();
     });
+    app.use("*", attachSession());
     app.get("/api/data", requireAuthApi(), (c) => c.json({ data: "secret" }));
 
     const res = await app.request("/api/data");
@@ -207,6 +235,7 @@ describe("requireAuthApi", () => {
       } as AppVariables["services"]);
       await next();
     });
+    app.use("*", attachSession());
     app.get("/api/data", requireAuthApi(), (c) => c.json({ data: "secret" }));
 
     const res = await app.request("/api/data");
@@ -234,6 +263,7 @@ describe("requireAuthApi", () => {
       } as AppVariables["services"]);
       await next();
     });
+    app.use("*", attachSession());
     app.get("/api/data", requireAuthApi(), (c) => c.json({ data: "secret" }));
 
     const res = await app.request("/api/data");
@@ -254,6 +284,7 @@ describe("requireAuthApi", () => {
       } as AppVariables["services"]);
       await next();
     });
+    app.use("*", attachSession());
     app.get("/api/data", requireAuthApi(), (c) => c.json({ data: "secret" }));
 
     const res = await app.request("/api/data", {
@@ -281,6 +312,7 @@ describe("requireAuthApi", () => {
       } as AppVariables["services"]);
       await next();
     });
+    app.use("*", attachSession());
     app.get("/api/data", requireAuthApi(), (c) => c.json({ data: "secret" }));
 
     const res = await app.request("/api/data", {
@@ -304,6 +336,7 @@ describe("requireAuthApi", () => {
       } as AppVariables["services"]);
       await next();
     });
+    app.use("*", attachSession());
     app.get("/api/data", requireAuthApi(), (c) => c.json({ data: "secret" }));
 
     const res = await app.request("/api/data", {
@@ -330,6 +363,7 @@ describe("requireAuthApi", () => {
       } as AppVariables["services"]);
       await next();
     });
+    app.use("*", attachSession());
     app.get("/api/data", requireAuthApi(), (c) => c.json({ data: "secret" }));
 
     const res = await app.request(LOCAL_API_URL, {
@@ -356,6 +390,7 @@ describe("requireAuthApi", () => {
       } as AppVariables["services"]);
       await next();
     });
+    app.use("*", attachSession());
     app.get("/api/data", requireAuthApi(), (c) => c.json({ data: "secret" }));
 
     const res = await app.request("https://myblog.com/api/data", {
@@ -382,6 +417,7 @@ describe("requireAuthApi", () => {
       } as AppVariables["services"]);
       await next();
     });
+    app.use("*", attachSession());
     app.get("/api/data", requireAuthApi(), (c) => c.json({ data: "secret" }));
 
     const res = await app.request("https://jant.localtest.me/api/data", {
@@ -410,6 +446,7 @@ describe("requireAuthApi", () => {
       } as AppVariables["services"]);
       await next();
     });
+    app.use("*", attachSession());
     app.get("/api/data", requireAuthApi(), (c) => c.json({ data: "secret" }));
 
     const res = await app.request("https://jant.me/api/data", {
@@ -436,6 +473,7 @@ describe("requireInternalAdminApi", () => {
       } as AppVariables["services"]);
       await next();
     });
+    app.use("*", attachSession());
     app.post("/api/internal/demo", requireInternalAdminApi(), (c) =>
       c.json({ ok: true }),
     );
@@ -459,6 +497,7 @@ describe("requireInternalAdminApi", () => {
       } as AppVariables["services"]);
       await next();
     });
+    app.use("*", attachSession());
     app.post("/api/internal/demo", requireInternalAdminApi(), (c) =>
       c.json({ ok: true }),
     );
@@ -485,6 +524,7 @@ describe("requireInternalAdminApi", () => {
       } as AppVariables["services"]);
       await next();
     });
+    app.use("*", attachSession());
     app.post("/api/internal/demo", requireInternalAdminApi(), (c) =>
       c.json({ ok: true }),
     );

package/src/middleware/__tests__/rate-limit.test.ts

@@ -0,0 +1,113 @@
+import { describe, it, expect } from "vitest";
+import { Hono } from "hono";
+import { rateLimit } from "../rate-limit.js";
+import type { RateLimiter } from "../../lib/rate-limit.js";
+import type { Bindings } from "../../types.js";
+import type { AppVariables } from "../../types/app-context.js";
+
+type Env = { Bindings: Bindings; Variables: AppVariables };
+
+/**
+ * Build a tiny Hono app that seeds just the slice of `c.var` the
+ * rate-limit middleware reads — keeps the blast radius of each test
+ * minimal and independent of the full `createTestApp` fixture.
+ */
+function buildApp(options: {
+  limiter: RateLimiter;
+  disabled?: boolean;
+}): Hono<Env> {
+  const app = new Hono<Env>();
+  app.use("*", async (c, next) => {
+    c.set("rateLimiter", options.limiter);
+    c.set("appConfig", {
+      rateLimit: {
+        disabled: options.disabled ?? false,
+        searchPerMinute: 30,
+      },
+    } as AppVariables["appConfig"]);
+    await next();
+  });
+  app.use("*", rateLimit({ name: "test", limit: 2, windowSec: 60 }));
+  app.get("/", (c) => c.text("ok"));
+  return app;
+}
+
+/** Fake limiter that lets us script results without real timing. */
+function scriptedLimiter(
+  outcomes: Array<{ ok: boolean; retryAfterSec?: number }>,
+) {
+  const keys: string[] = [];
+  let i = 0;
+  const limiter: RateLimiter = {
+    async check(key) {
+      keys.push(key);
+      const out = outcomes[i++] ?? { ok: true };
+      return out;
+    },
+  };
+  return { limiter, keys: () => keys };
+}
+
+describe("rateLimit middleware", () => {
+  it("passes the request through when under limit", async () => {
+    const { limiter } = scriptedLimiter([{ ok: true }]);
+    const app = buildApp({ limiter });
+
+    const res = await app.request("/");
+    expect(res.status).toBe(200);
+    expect(await res.text()).toBe("ok");
+  });
+
+  it("responds 429 with Retry-After when the limiter rejects", async () => {
+    const { limiter } = scriptedLimiter([{ ok: false, retryAfterSec: 42 }]);
+    const app = buildApp({ limiter });
+
+    const res = await app.request("/");
+    expect(res.status).toBe(429);
+    expect(res.headers.get("retry-after")).toBe("42");
+    expect(await res.json()).toEqual({
+      error: "Too many requests. Please slow down.",
+    });
+  });
+
+  it("falls back to the window size when retryAfterSec is missing", async () => {
+    const { limiter } = scriptedLimiter([{ ok: false }]);
+    const app = buildApp({ limiter });
+
+    const res = await app.request("/");
+    expect(res.headers.get("retry-after")).toBe("60");
+  });
+
+  it("short-circuits when rateLimit.disabled is true", async () => {
+    const { limiter, keys } = scriptedLimiter([{ ok: false }]);
+    const app = buildApp({ limiter, disabled: true });
+
+    const res = await app.request("/");
+    expect(res.status).toBe(200);
+    // Limiter should not have been consulted at all when disabled.
+    expect(keys()).toEqual([]);
+  });
+
+  it("prefers cf-connecting-ip over x-forwarded-for for the bucket key", async () => {
+    const { limiter, keys } = scriptedLimiter([{ ok: true }]);
+    const app = buildApp({ limiter });
+
+    await app.request("/", {
+      headers: {
+        "cf-connecting-ip": "1.2.3.4",
+        "x-forwarded-for": "5.6.7.8",
+      },
+    });
+    expect(keys()).toEqual(["test:1.2.3.4"]);
+  });
+
+  it("falls back to x-forwarded-for (first entry) when cf header is absent", async () => {
+    const { limiter, keys } = scriptedLimiter([{ ok: true }]);
+    const app = buildApp({ limiter });
+
+    await app.request("/", {
+      headers: { "x-forwarded-for": "10.0.0.1, 10.0.0.2" },
+    });
+    expect(keys()).toEqual(["test:10.0.0.1"]);
+  });
+});

package/src/middleware/__tests__/session.test.ts

@@ -0,0 +1,85 @@
+import { describe, it, expect } from "vitest";
+import { Hono } from "hono";
+import { attachSession } from "../session.js";
+import type { Bindings } from "../../types.js";
+import type { AppVariables } from "../../types/app-context.js";
+
+type Env = { Bindings: Bindings; Variables: AppVariables };
+
+function createAppWithAuth(mockAuth: AppVariables["auth"]): Hono<Env> & {
+  // ensures tests see session/isAuthenticated via c.var
+  _lastSession?: AppVariables["session"];
+  _lastIsAuthenticated?: boolean;
+} {
+  const app = new Hono<Env>();
+  app.use("*", async (c, next) => {
+    c.set("auth", mockAuth);
+    await next();
+  });
+  app.use("*", attachSession());
+  return app;
+}
+
+function buildSessionMock(
+  impl: () => Promise<AppVariables["session"]>,
+): AppVariables["auth"] {
+  return {
+    api: {
+      getSession: impl,
+    },
+  } as unknown as AppVariables["auth"];
+}
+
+describe("attachSession", () => {
+  it("populates c.var.session and isAuthenticated on a valid session", async () => {
+    const mockAuth = buildSessionMock(
+      async () =>
+        ({
+          user: { id: "user-1", email: "x@y.z", name: "X" },
+          session: { id: "sess-1" },
+        }) as unknown as AppVariables["session"],
+    );
+    const app = createAppWithAuth(mockAuth);
+    app.get("/", (c) =>
+      c.json({
+        authed: c.var.isAuthenticated,
+        userId: (c.var.session?.user as { id?: string } | undefined)?.id,
+      }),
+    );
+
+    const res = await app.request("/");
+    expect(res.status).toBe(200);
+    expect(await res.json()).toEqual({ authed: true, userId: "user-1" });
+  });
+
+  it("sets isAuthenticated=false and session=null when no session is present", async () => {
+    const mockAuth = buildSessionMock(async () => null);
+    const app = createAppWithAuth(mockAuth);
+    app.get("/", (c) =>
+      c.json({
+        authed: c.var.isAuthenticated,
+        session: c.var.session,
+      }),
+    );
+
+    const res = await app.request("/");
+    expect(await res.json()).toEqual({ authed: false, session: null });
+  });
+
+  it("swallows errors from getSession and treats the request as unauthenticated", async () => {
+    const mockAuth = buildSessionMock(async () => {
+      throw new Error("session lookup failed");
+    });
+    const app = createAppWithAuth(mockAuth);
+    app.get("/", (c) =>
+      c.json({
+        authed: c.var.isAuthenticated,
+        session: c.var.session,
+      }),
+    );
+
+    const res = await app.request("/");
+    expect(res.status).toBe(200);
+    expect(await res.json()).toEqual({ authed: false, session: null });
+  });
+});